Prowler

Prowler homepage

Prowler is an open-source cloud security tool that performs risk assessments, compliance audits, and incident responses. An existing outstanding reputation among DevOps teams positioned Prowler to expand into the software as a service (SaaS) space, so they turned to DockYard to design a minimum viable product (MVP) with a modern UX. The end result: a digital product that delivered easily understandable insights into cloud security analytics for an expanded user base.

The Challenge

When Prowler first came to DockYard, its product experiences were broken into two avenues, each with unique problems to fix. The first was an internal build with an outdated interface that lacked a deep understanding of user needs.

The second was a fast and dirty Grafana integration as a first attempt at data visualization, but which ultimately blocked user traffic from navigating back to their internal environment.

Both experiences proved to be equally displeasing, with unintuitive UX and underwhelming UI that hindered the true product value for potential leads. While Prowler leads the industry with its open-source platform, its goal is to gain adoption for a premium paid SaaS offering, and the existing product UX did not provide enough value to attract paying users.

With a user base that spans practitioners to security auditors and compliance officers, a simple, seamless way to view complex data visualizations from AWS scans was key to gaining paid users.

Screenshot of the legacy Prowler dashboard
Legacy Prowler interface

The Solution

For our design team to work rapidly and design a refreshed interface, we leaned on DevOps engineers and streamlined user interviews to expand our understanding of cloud security. This included complicated terminology, core user values, and technical functions of Prowler scans. With those findings in hand, we built Prowler a scalable digital product that provides users with detailed windows of cloud security issues and risks.

Detailed Findings List

Scans produced large data sets of individual findings, detailed cloud infrastructure information and remediation recommendations to nullify risks. Prowler’s existing design displayed large amounts of data in a simple table. Users had to scroll through the table horizontally across many cells to identify necessary data, which made it unmanageable for users.

To give Prowler’s users easy and intuitive access to their data, our team implemented collapsable table rows that users can expand to show more information if needed. In their collapsed state, findings consist of top-level check insights so users can distinguish actionable security risks. The expanded table displays a comprehensive info sheet with information including the affected resources, a detailed risk disclaimer, and code-ready remediation recommendations.

Screenshot of the redesigned Prowler Findings table in collapsed view
Findings List - Collapsed State
Screenshot of the redesigned Prowler Findings table in expanded view
Findings List - Expanded State

In anticipation of users’ desires to integrate Prowler with external tools like Slack or Jira, we implemented searchable tags to make finding items simple and easy. Future API integrations now have supporting real estate data placeholders, and actions (like exporting findings to Jira) are easily implemented for an interlinked workflow that keeps the user-friendly layout intact.

Screenshot of Prowler dashboard overview
Dashboard - Overview

Detailed Findings List

The user’s view for scanned cloud environments begins at the overview dashboard. There, data is sectioned into visualization charts to provide focused views of cloud security health.

Prowler’s initial design listed scan results as text, with no additional context or information. Users had to navigate further into the app to determine the cause of any failures and had no historical data to easily identify trends.

Screenshot of Prowler dashboard before redesign
Prowler overview dashboard pre-redesign
Screenshot of Prowler dashboard after redesign
Prowler overview dashboard post-redesign

To improve clarity, we implemented data visualization options on the home dashboard. The Status and Severity section houses a pie chart overview of pass/fail findings. A bar chart further sorts failed findings by severity level. We also added click interactions to all charts to give users the ability to dive into a detailed findings list filtered according to the corresponding data variable.

Simplified new findings are displayed in a paginated list, sorted by severity. Pressing “View All” takes users to the detailed findings list for that scan. A Findings Over Time graph showcases cloud health trends by the number of results and their severity. Hovering over data points pops out a detailed instance tooltip.

To identify global regions of security risks, we added a region map indicating failed findings by service and added new badge indicators to help users differentiate new vs. ongoing findings.

Easily Identifiable Service Status

Screenshot of Prowler service status dashboard
Dashboard - Service Status

To give Prowler the clear user experience necessary to drive sales of its new product, our team implemented additional views of scan results. A new Services Status Dashboard gives users an easy way to identify failing services at a glance.

Red service cards show users cloud services with failed findings, and users can easily click into a card to review the detailed findings list for that specific service.

Screenshot of Prowler compliance dashboard
Dashboard - Compliance

Scored Compliance Showcase

To build more clarity for Prowler’s Security Compliance audience, we added more at-a-glance features to the Compliance dashboard. Cards on the dashboard now have a horizontal progress bar showcasing passing compliance percentages, with corresponding colors to easily distinguish problem areas.

This feature proved useful to international governments and other regulated businesses where security compliance frameworks are essential to operate.

The Outcome

From a disjointed UI that was unlikely to attract paid users, Prowler ended its partnership with DockYard with a user-focused digital product that vastly expanded not only the functionality for users but Prowler’s potential audience as well.

Prowler’s new product generated meaningful interest with multinational cloud technology companies. As a direct result of the improved design, Prowler was able to close on its first large SaaS deal with a sport merchandising company that does over $3 billion in annual revenue, and secured an additional round of funding to continue their growth trajectory.

Newsletter

Stay in the Know

Get the latest news and insights on Elixir, Phoenix, machine learning, product strategy, and more—delivered straight to your inbox.

Narwin holding a press release sheet while opening the DockYard brand kit box