Slashdot Mirror

← Back to Stories (view on slashdot.org)

Redefining Security Visualization With Hollywood UI Design

Posted by timothy on from the sir-this-diagram-says-they're-in-sector-alpha-four! dept.

An anonymous reader writes: Most security interfaces today leave a lot to be desired, and many security pros are gaming enthusiasts, accustomed to a sharp and engaging virtual world. ProtectWise CEO Scott Chasin and CTO Gene Stevens wanted to give them a helpful security tool with an interactive visual dashboard that looks straight out of Call of Duty. The UI is called ProtectWise Visualizer, and its creator is Jake Sargeant, FX pro and a visual designer at MN8 Studio. If his name sounds familiar, it's because he was the Lead Animated Graphics Artist for the movie TRON: Legacy. There's plenty of inspiration available for movie-style UIs; the problem with much of it is that not everyone likes an interface that looks like an especially busy video game.

9 of 55 comments (clear)

  1. fix it first by Anonymous Coward · · Score: 5, Insightful

    Lets start by fixing all of the broken "security" mechanisms, then move on to adding a bunch of useless bells and whistles to your monitoring suit. I looked at the UI. It's a fucking ugly mess and in no way would benefit my work, in fact it would make it harder because I'll have to figure out the cheat codes.

    the internet isn't tron, it's not 3d buildings with packets flying around. We don't need to Jazz up the interface, we need to repair all of the damage that has been done, this doesn't help that at all.

    What it does do though, is make your security guy feel really special because he's got this epic whiz bang interface with pie charts and graphs and lots of blinking lights.

    True security is done in logs.

    1. Re:fix it first by mlts · · Score: 2

      There is some merit to a status display at a glance, just to see alerts. However, there are a ton of things that need to be in for thought:

      1: The alerts have to be meaningful. I've worked with more alerting programs than I care to remember (Netview, OpenView, Bit Brother, hobbit, SCOM, SCVMM, vSphere, xymon, Splunk, SenSage, SolarWinds, tripwire and many other), and the biggest problem with all of them is having them hand you alerts that actually matter. A status screen always glowing red because some development server has some glitch with a driver is pointless, and makes the display worthless. Similar with alerts from vSphere. Setting CPU overuse alarms that some VM that nobody gives a rat's ass about, is just a waste of time.

      Even things like disk array warnings can be meaningless. I have encountered equipment that always had its disk array throwing exceptions and soft-failing disks.

      Configuring this to be meaningful is the tough part. Alerts with a 10 pucker factor at a bank (Oracle RAC cluster down to one node) may wind up having a PF of 0 over at a development site where they only have one node to start out with.

      I learned this with Splunk dashboards. One person just may not care that some machines have high RAM usage. Another person might be highly concerned because RAM provides a fast cache for reads.

      2: The alerts have to have proper severity. Not everything that shows up needs to be a double-plus-flashing-red alert. There are items that are warnings, notices, or even debug messages that can pop up, which are extremely notable.

      3: The alerts have to show something useful. Random icons turning red don't mean much unless there is a way to expand exactly to what it means, what is affected, when did this happen, and so on.

      In reality, instead of having some display with some Hollywood-esque graphic on it, just give all the IT people another monitor and a customizable dashboard panel. This does the same function, and will wind up being far more useful than something graphical just for graphics's sake.

  2. Re:Finally ... by andrewa · · Score: 2

    whooosh....

    --
    :(){ :|:& };:
  3. Re:Mixing two very different things... by westlake · · Score: 2

    Simulated UIs in movies and TV, on the other hand, just have to look good, and feed whatever plot information is relevant to the audience. This means things are done that really wouldn't work in a real UI.

    But isn't feeding relevant information to the user in an easily readable form the core function of any UI?

  4. Re:Finally ... by MobileTatsu-NJG · · Score: 2

    I've been saying for years software companies should be taking the lead of the UIs we see in the movies.

    They often look better designed and convey more information than some of real GUIs I see.

    There's a reason for that. The job of an artist designing ANYTHING for a movie/TV Show/video game is to make sure the audience understands what they're seeing in a very short amount of time. For example: You can make a filming location in California look like Miami just by getting the streets wet, implying that it rained recently. Little things like that. That's why computer UIs use 72p fonts, the sound of lightning happens at the same time its visible, and there is sound in space.

    So, yes, even if Hollywood does make us chuckle from time to time, there is something to be said for "communicating clearly", and there's always something for software design to learn from that approach.

    --

    "I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)

  5. Re:Finally ... by Darinbob · · Score: 2

    Really? We rarely get a good look at movie UIs, they're flashed by too quickly. They may look cool but if you do pause the screen and look there's nothing to them really. Looking cool is not a good metric for usability.

  6. Bikeshed painting by Hognoxious · · Score: 2

    There's a bit more to usability than looking good.

    Win 8 & Gnome 3 look good.

    --
    Confucius say, "Find worm in apple - bad. Find half a worm - worse."
  7. Re:Finally ... by Jawnn · · Score: 2

    I've been saying for years software companies should be taking the lead of the UIs we see in the movies.

    They often look better designed and convey more information than some of real GUIs I see.

    That's a really clean looking dashboard in my opinion.

    Yeah, because shiny beats the hell out of "works", right? Look, I'm a big fan of good UI design, and most products leave a lot to be desired, but please do not make the mistake of thinking that looks makes up for function or performance.

  8. Yes, but GUIs have their place too by Chris+Newton · · Score: 2

    True security is done in logs.

    I get what you're saying, and you certainly have a valid point about flashy GUIs not necessarily being effective GUIs.

    However, speaking as someone who does a lot of UI work, there is also the other side of the coin, which is that CLIs and plain text log files are often neither the most efficient nor the most accurate way to configure or discover the things you care about.

    In their favour, plain text formats are amenable to scripting and analysis using general text manipulation tools, and of course they have longevity. But they are also unstructured, they offer little interactive, real-time support, and ultimately they are limited to what you can express in sequences of characters (which is just about anything, but only if you're willing to write enough).

    Even in highly technical environments, a good visualisation can present information in a form that is prioritised and draws attention to the most important features or anomalous results, or that gives a realistic overview of the current situation far quicker than scanning text output would. If you start to make those visual representations interactive, you can potentially also make complicated configuration work or progressive explorations of the data quicker and less error-prone.