How can BMC enable members of Operations and Security teams to work better together in quickly remediate vulnerabilities?
Summary:
BladeLogic Threat Director features enhanced insights and tools--including new dashboards--to help streamline the labor-intensive process of vulnerability remediation. My job was to find out whether the concepts developed by the UX team were of any value to our users, dashboards and functionalities alike. To do this, we set three goals: 1.) find out more about Security and Operations day-to-day roles and activities as they pertain to managing and fixing vulnerabilities, 2.) get feedback on proposed designs for automating the vulnerability management remediation process, and 3.) identify which concepts should be adopted and to gather feedback for improvement.
BMC BladeLogic Threat Director
Method:
After receiving the concept sketches from the UX team, I conducted interviews with real BladeLogic users as participants, administering a concept-value survey using the Kano Model, analysed the data using formulas in Excel, and revealed insights to the team in the form of histograms and radial graphs, noting to the design team which features were rated highest and which deserved the most attention in the build process.
Findings:
Dashboards tested well with 85% of all concepts earning a rating of “Attractive” or higher (including “Performance” and “Must be Included”).
Many participants wanted a better way to view infrastructure-specific impact of vulnerabilities (as opposed to the blanket severity number assigned by the scanning tools).
Reporting, trending, and granular control over viewing data were cited as important user needs.
Participants wanted further development of export features to show value to upper management, including trending and “progress” scorecards.
