Signal Sciences – Bot mitigation
SigSci saw an opportunity to expand its presence outside the traditional WAF category with an offering focused on bot detection and protection. This would be the first new product offered by the company outside of its core WAF.
What problem were we trying to solve?
SigSci's product could already be used to detect and protect against some bots, but not enough to warrant being sold as a full solution.
How might we introduce more advanced bot detection and mitigation techniques into the platform in a way that builds on the core WAF experience?
- Customer research led the prioritization of our MVP
- Designed and built an MVP using mostly existing patterns
- Laid the foundation for how additional SKUs of 'defense kits' could be added to the platform
Researching the topic
My product manager and I interviewed over a dozen customers together to better understand how they were already managing bot attacks and what they would prefer to do in an ideal world. We went into research with an eye toward discovery and validating existing assumptions within the company.
Through our discussions coming out of these interviews my PM was able to highlight his top insights for the business, while I was able to pull out the key customer pain points and design opportunities they presented.
Below are a couple screens from a summary deck we put together, but the full thing is here.
Prioritizing the backlog with story mapping
The product backlog filled up quickly with ideas from our research as well as feedback from other parts of SigSci that wanted to influence how this new product would come together. I led our team in a story mapping exercise to help us prioritize and visualize how the stories we chose came together to form a cohesive end-to-end experience.
Designing the UI
Most of what we prioritized for the MVP could be built using existing design patterns (at least with minimal update), so I was able to jump directly into doing visual design from the story map. We envisioned this MVP largely as a new 'defense kit' of security content that could be plugged into the broader SigSci console. While several different areas of the UI would need to update to accommodate this kit there were really two main pieces:
- New system 'Signals' detecting different types of bots
- A new system dashboard monitoring bot activity (in addition to our standard feed monitoring all requests with Signals)
In designing the new dashboard we did introduce a new widget type that highlighted signal trends relative to a selected time period. This new widget contained percent change data that our front-end team felt should be formalized as a React component. So in addition to laying out the dashboard as a whole, I made sure to detail how a user would build this new kind of widget as well as outline the potential states of the percent change component.
Setting the stage
Overall, the MVP we settled on ended up being quite straightforward from a design perspective. However, by getting aligned on the pieces that were needed to stand up this new 'defense kit' about bots, we made it much more clear how the company could proceed with standing up additional solutions on the roadmap centered on API and ATO Protection. Each would certainly require some unique attention, but the framework was there.