The Problem

Prior to acquisition there were dozens of individual Splunk applications for various Cisco products. All of which had been created at separate times by different teams. There was major inconsistencies from application to application and they did not present Cisco’s unified security vision.

The Solution

Unifying all the separate Cisco apps would allow users to leverage their Cisco products in a single environment and use the insights from multiple products in conjunction with each other to construct a more informed vision of their security environment. This framework replicates Cisco’s platform-based approach and follows the guidance that security products work better together.

The process to unify all of the existing applications into a single download-able file began by creating concepts to develop the “mini marketplace” where users can select from a list of Cisco products and configure the ones that are relevant to their security environment. It was important that after downloading the new app users still had the flexibility to decide which products they wanted to configure. This prevent users machines from using memory and computing power on applications they aren’t using or provisioned for. I developed a pattern where users could find the products they’re looking for, easily configure, and even learn about new products in the security portfolio.

The next step was to create a way to provide visibility to users about the resources the application is using. The more applications a user installs the more memory and CPU is required from their machine. It’s important that users be able to monitor this to avoid maxing out or overloading the machine. I designed two dashboards to help with this problem:

1. Data Integrity - where the amount of data flowing in and out of each application can be monitored

2. Resource Utilization - where users can monitor memory, CPU, and the demand put on their machine

The third step of this project was designing the product dashboards. Each product available in the Cisco Security Cloud has a corresponding dashboard that contains metrics and data visualizations relevant to that product. Creating these dashboards is a multi-step process. For the majority of the products I followed these steps:

1. Perform an audit of any existing Splunk application that will be deprecated after being added to the Cisco Security Cloud. Assess the strengths and weaknesses of the existing application and note any features that should be retained

2. Meet with developers and product managers from the selected product to get a product walk-through, discuss user personas, and key use cases. This helps me get a sense of what the product is used for and by who.

3. Create a first draft of the product dashboard based on all the information discussed in our discovery call and create an annotated Figma file to send back over to the product stakeholders.

4. If there are edits or notes I will iterate on the design until we have a final product that addresses all the key points

5. The last step is to hand-off the final designs to the development team that works on the Cisco Security Cloud on a hand-off call and equip them with another annotated Figma file. I also provide notes and feedback and our bi-weekly sprint demos.

The result of this project is a unified security app that allows users to leverage up to 11 different security products together to strengthen their security coverage. The app has received over 3,000 downloads in 8 months and has a four star rating on Splunkbase.