top of page
Project Name

Side-by-Side Remediation: 
Enhancing Threat Response Efficiency

What Makes This Case Study Unique

In the fast-paced world of DevOps, managing and fixing misconfigurations is a critical aspect of maintaining operational excellence. This case study explores the design and implementation of ARMO's Side-by-Side Remediation Feature. Tailored specifically for DevOps professionals, ARMO Platform enhances their ability to identify and address misconfigurations swiftly.

The Impact

  • Time spent on remediation → Reduced by 60%, as analysts no longer needed to manually cross-reference data.

  • User adoption → Increased engagement from security teams due to improved efficiency.

  • Error reduction → Analysts reported fewer misinterpretations of security policies.

Project Info

Team:

Product Manager

​Frontend Developer

2 Backend Developers Security Researcher

Product Designer (me)

Duration:

3 months (Q1 2024)

Role:

Product Designer

Platform:

Kubernetes Security Dashboard (Web platform)

Company:

armo logo.png
The Challenges & Goals

The Challenge​

Before this feature, security analysts had to:​

  • Manually switch between multiple screens to compare misconfigurations.

  • Rely on complex documentation to understand expected security policies.

  • Risk misinterpretation due to the lack of a structured, side-by-side comparison.

The Goal​

Our objective was to build a new remediation workflow that:​

  • Allowed direct, side-by-side comparison of misconfigurations and their resolutions.

  • Provided contextual recommendations to guide analysts in fixing security issues.

  • Enabled quick remediation actions to reduce time spent on security fixes.

  • Integrated seamlessly into existing security processes without disrupting workflows.

Research & Requirements Gathering

To inform our design, I conducted:​

  • User Interviews → Spoke with security analysts to document pain points and workflow inefficiencies.

  • Competitive Analysis → Evaluated how other platforms handle security misconfigurations.

  • Usability Studies → Tested initial concepts with security professionals to refine functionality.

Key Findings:​

  • Reducing friction was essential—analysts wanted fewer clicks and easier navigation.

  • Visual clarity was critical—clear highlights and contrast helped users spot differences quickly.

  • Automation was highly valued—pre-populated recommendations saved time and reduced human error.

Stakeholder Alignment & Collaboration​

  • Worked closely with security teams to ensure the feature met real-world investigation needs.

  • Partnered with engineers to define the best approach for integrating live security data.

  • Presented prototypes to leadership to secure buy-in and align business objectives.

Working Process
 

Defining & Refining Requirements​

  • Mapped out the remediation workflow with security teams to identify key interaction points.

  • Defined technical constraints with engineers to ensure real-time data processing feasibility.

  • Prioritized features that maximized efficiency without compromising security accuracy.

 

Wireframing & Prototyping​

  • Explored multiple dual-pane layouts to optimize for quick comparison and decision-making.

  • Created interactive prototypes to test how analysts interact with live remediation data.

  • Iterated on designs based on usability test findings, refining navigation and workflows.

 

Iterative Design & Refinement​

  • Adjusted layout elements to enhance readability and usability.

  • Implemented progressive disclosure to reduce cognitive overload.

  • Added quick-action buttons for instant misconfiguration fixes.

  • Improved navigation by making security recommendations more discoverable.

User Flow

The Design

The Side-by-Side Remediation design introduced a dual-panel layout that allowed analysts to investigate threats and take action within a single view. This was a completely new experience tailored to security workflows. Key innovations included:

  • Dual-Pane Interface → Analysts can simultaneously view misconfigurations and remediation steps, eliminating the need to switch screens.

  • Contextual Recommendations → Automated suggestions based on threat intelligence to assist in decision-making and guidance on the best remediation actions.

  • Quick Action Buttons → One-click options allow analysts to resolve issues instantly.

  • Live Updates → Changes sync across teams in real time, ensuring consistency.

  • Customizable Layout → Users can adjust panel sizes to focus on the most relevant data.

Assisted Remediation - Fix the control safely.png
Assisted Remediation - Fix the control safely.png
Assisted Remediation - Apply custom fix.png
Assisted Remediation - rbac fig.png
Success Criteria

To measure the impact of this new feature, we tracked:​

  • Time spent on remediation → Reduced by 60%, as analysts no longer needed to manually cross-reference data.

  • User adoption → Increased engagement from security teams due to improved efficiency.

  • Error reduction → Analysts reported fewer misinterpretations of security policies.

Summery

By introducing Side-by-Side Remediation, we provided security analysts with a powerful, intuitive tool to quickly identify and resolve misconfigurations, ultimately strengthening cloud security posture and reducing response time.

This project reinforced the importance of:​

  • Stakeholder collaboration, ensuring alignment between security, engineering, and leadership.

  • Iterative testing, refining the design based on real-world analyst feedback.

  • Cognitive load management, creating a UI that simplifies complex decision-making.

  • Seamless integration, designing a feature that fits naturally into existing security workflows.

Other Projects

Real-Time Detection Features to the CDR Dashboard

Attack Path

time filter.jpg
Attack Path - Single chain - controls 1.png
Feel free to read more case studies and you can also download
bottom of page