McAfee Threat Submission Redesign

The Opportunity

Today's security threats are more challenging than ever and new threats emerge everyday. So what happens when a zero-day threat goes undetected by your security software? McAfee relies on IT professionals to detect and collect threats and submit those files (known as samples) to us, so we can increase protection for everyone.

McAfee Labs, the threat research division of McAfee, asked us for help after customers complained the process of submitting samples was too frustrating and time consuming. 

The Process 

Our goal was to understand our user's experience with the submission process for all types of threats. To achieve this goal, we began with:

• Current solution evaluation. We conducted a thorough analysis of workflows a customer might experience during the submittal process of all threat types.

• Expert interviews. We interviewed internal subject matter experts and evaluated tools and backend processes used to collect and analyze the samples. 

• End user research. Using surveys and interviews, we collected insights from 35 customers to understand their first hand experience. 

After several rounds of gathering information, I began to map our findings by following each type of sample from the time it was detected in our customer's environment to submitting to McAfee Labs and the internal processing that follows. I documented how the sample traversed through our internal systems and what feedback customers received at each step. Below is a sample of those workflows:

The Experience

We soon discovered there was much more to the process than merely submission. For our customers, it is an arduous four step journey that begins when our product fails to stop a threat and they detect a problem in their environment. We also learned our customers defined the conditions of resolution differently than our internal Labs and Support teams.

What did we learn?

Our customers provided us with rich insights and context to their experiences. They shared their goals, needs, and key pain points throughout the entirety of their journey. We learned the process is:

• Expensive for our customers. Imagine if you had to spend half a day, every week, submitting threats to a company whose product failed you. One of our larger customers said their organization spent up to 80 hours a week submitting threats we were unsuccessful in detecting.

• Leaves customers in the dark. Customers need more forensic information about the samples they submit, resolution status, and notification when protection is available in the product. They want a means to globally track all samples--regardless or threat type and method of submission.

• Disconnected. The process and tools we expect customers to use during submission are viewed as a series of stop gap measures. Customers want seamless solutions baked into our products and automated as much as possible.

These workflows were not meeting the needs of our customers or McAfee employees. The root cause was the lack of a single integrated end-to-end solution for the entire customer journey. We had various tools and systems that didn't work with each other. And while one might be strong in one part of the journey, it lacked in another. There was no single entry point into McAfee and we had no way to see a global view of all submission types--for any one customer nor across all customers.

The Vision

We began by crafting the vision of what our solution ought to be. We identified the capabilities the solution needed to support. We sought a solution that would benefit our customers and internal groups alike:

This work concluded Phase 1 of the project. Please continue on to Phase 2 to see how the solution developed...

Phase 1
User Research
Experience Mapping
Synthesis