loader image
Cybersecurity automation user experience

Making cybersecurity automation a success through user experience

Hugo David

In cybersecurity, we often evaluate a tool’s performance against threats, price, and integration into the ecosystem. What or more like “Who” we often don’t talk about are the product users.

Actually, until recently, no attention was given to them. Eventually, it resulted in powerful but complex tools that needed hyperspecialized operators to install, use, and maintain these tools (hello SIEM!). To sump up a hyperspecialized workforce in a scarce environment.

Some would say that this isn’t the most important thing. As long as the product works, people will take their hands on it and build their skills to master it. This is false. Complexity creates a costly barrier and can lead to failures when trying to implement a new product in your security stack.

Throughout this article, we’ll focus on what’s going on with cybersecurity automation platforms. They have been existing for quite some years now. However, when looking at reports from the SANS, Gartner, or Forrester, cybersecurity automation is still lagging in companies. We see that, when interviewed, cybersecurity folks quote orchestration and automation as one of their biggest challenges.

[*Dive deeper into the topic of Cybersecurity challenges in our previous article*.]

There are multiple factors as to why orchestration and automation platforms aren’t widely adopted today, and among these is their complexity.

We’re going to see that:

Complexity is the major issue for existing tools

We’re not going to change the landscape. Cyberspace is going to be increasingly hostile going forward. Attackers are only starting to harness the different vectors to launch attacks on companies. More and more companies are moving their assets in digitalized forms. Some are going to the cloud, at the risk of dramatically expanding their attack surface.

The gains can be noticeable, and the risks are still somewhat minimal for these attackers. We’re talking about your next-door hacker that can be prosecuted by your national jurisdiction, of course, but also about a myriad of foreign forces, state-backed or not, that are increasingly looking abroad to perform their attacks.

Last week we heard about an active campaign launched by Lazarus, a North Korean APT, that targets occidental firms. These phenomena will only grow more extensive and more dangerous. The only way to counter this would be to close the internet, to build frontiers. This is another highly interesting story, but it’s not the place to discuss it. Even doing so, you’ll still have to track attackers that can hide pretty much behind every computer in a given area. The final take here is to know that the last years opened up the door for mass criminality in cyberspace.

Facing this, we have an armada of different tools developed over the years. There’s a tool for pretty much every threat. Every week, a new company comes up with a revolution to tackle the threats.

We have veterans, like the SIEM, which have been around for more than fifteen years now. Firewalls, Endpoint protection platforms, Identity management solutions, IDS and IPS, etc. Why do we keep getting smashed with so many tools at our disposal? First, attackers are clever. They innovate, hunt for vulnerabilities, use the least strong link in the chain (us humans), and attack from multiple angles using multiple techniques. But they’re not all sophisticated. Take the last mega-breach that happened this year. There’s no highly technical exploit. The initial entry point was the human.

Second, they also profit from a highly complex cybersecurity environment. Many tools, many different environments, and many barriers. It leaves space for attackers to fit into the cracks. On top of this complex environment, there’s the intrinsic complexity of the tools themselves. We discussed the SIEM’s complexity few weeks ago: initial deployment, operation, and maintenance. A SIEM necessitates dedicated people in a scarce human environment.

We have the same complexity if we hop onto the cybersecurity automation field. We demonstrated multiple times how automation is crucial to face the landscape. There can’t be sustainable cybersecurity without automation. However, the current complexity of the cybersecurity automation tools creates a barrier and forbids automation from meeting its central promise: simplify the overall processes. How come someone explains that, given the different cybersecurity automation platforms available on the market, there’s still the Orchestration and Automation challenge listed as one of the top priorities for SecOps folks?

These platforms don’t deliver. They’re powerful, God they are! But how many can properly operate them? This isn’t viable. Mass adoption comes with simplicity. This is where User Experience comes into play.

Make Cybersecurity “sexy”

The ANSSI’s (” Agence Nationale de la Sécurité des Systèmes d’Information,” National Agency for the Protection of Information Systems) Director-General, Guillaume Poupard, delivered some wise words when he talked about cybersecurity a few years back. “You must make digital security sexy; in other words, understandable.”

This is a lesson to keep in mind. Cybersecurity is important. It’s only going to grow in importance, as we said above. However, important doesn’t mean complex. The fact is, although lots of digital fields have experienced a revolution in their usage toward simplicity, cybersecurity hasn’t yet.

One concept still has not yet been infused in cybersecurity: User Experience (UX).

User Experience quick walkthrough

Most UX designers are familiar with the honeycomb visualization tool made by Peter Morville since it has done a killer job displaying the seven aspects of the user experience since 2004. Although the diagram has been subject to amendments by UX trainers, we love this version:

Organized as follows, the honeycomb tool is now pushing designers and product managers to reflect on how their customers think, use and feel their product. Although cybersecurity software serves complex use cases, it can also benefit from each element of the Honeycomb. Let’s see how we can apply this to cybersecurity automation platforms:

cybersecurity automation platform and honeycomb
  • Useful: bring to the forefront the value provided. Make the tool suitable for the objectives you want your customer to achieve. There’s one mission to accomplish. Dedicate your tools to this and only this mission.
  • Credible: On your platform, doing “this” leads to “that”. “This” exists because of “that”. The platform needs to be transparent to make it trustworthy. Adoption comes when people show confidence.
  • Valuable: Your software has to deliver value. What’s the value of a cybersecurity automation platform? Automation, no other thing. All the effort needs to be directed toward automation. This is a plea for Best of breed tools: one goal, one tool. Do something better than everyone else before thinking of doing other things.
  • Findable: Users can’t have a map or the instruction manual at hand when using your platform. They have to be able to navigate at ease. This acknowledges simplicity and cleverness in the design.
  • Usable: One of the most important. Your tool needs to be understandable. A tool that two folks in your team can understand isn’t good because it only relies on them. They quit, and you’re in trouble. Especially for broad-purpose tools like Automation platforms, there’s paramount importance in making them usable.
  • Accessible: Your product has to be accessible to everyone, including people with disabilities.
  • Desirable: Let’s be real here. You don’t want to face something coming straight out of the nineties. You want something pleasing. Sexy products generate user engagement, especially in an industry where visually pleasing tools are not the norm.

At Mindflow, we built our platform with this Honeycomb in mind to design a flawless user experience. This meets our core belief that: just because cybersecurity is a heavyweight, it doesn’t have to also feel heavy. We are rewiring their attention and adding life to their daily tasks by giving analysts access to user-friendly tools.

User experience as a pillar of the no-code revolution in cybersecurity automation

What’s no-code? The ultimate user experience. What you see is what you get (WYSIWYG). A visual programming approach pushed to its maximal evolution. It is making programming directly understandable by the human brain. It’s about adding a layer of human-like language on top of the programmatic language that is pleading for a superior user experience than traditionally brought.

Mindflow uses an entirely visual interface to help users to imagine, visualize, and create logical Flows that are actionable and automated. This goes by using drag-and-drop actions to create sophisticated flows, add data transformation techniques to push and pull data everywhere you want, and design Flows optimized to ease logic presentation and provide a universally understandable user experience.

Using no-code streamlines the creation process and accelerates it by making it easier to build an initial prototype and then iterate on this, versioning the Flow to come up with the perfect iteration possible without piling technical debt at each step. In cybersecurity, where you need to adapt, repair, and evolve fast, being able to version a Flow quickly or to build a new one following a new threat, a new piece of hardware, or an asset expanding your attack surface is paramount.

In other words, no-code sublimates User experience. It makes its benefits even more salient by increasing the platform’s perceived usefulness and perceived understandability (ease of use). Ultimately, it influences users’ attitudes towards using the platform, thus influencing the actual use.

cybersecurity automation nocode user experience