Update Security/SIEM Text on Kibana Home

[MikePaquette]

Issue: The text under the Security section of the Kibana Home pages needs to be updated in time for the 7.9 Stack release.

Screen Shot:

Current Text: SIEM
Centralize security events for interactive investigation in ready-to-go visualizations.

Proposed Text (Option 1): Security
Investigate security events, hunt threats, automate detections, create cases, manage endpoint security.

Proposed Text (Option 2): - [Expand the Security section from 25% of the page width (1 of 4 columns) to 40% of the page width (2 of 5 columns) by adding a second column under security]. SIEM
Analyze security information and events, hunt threats, automate detections, create cases.

Endpoint Security
Manage endpoint security policy, analyze endpoint alerts with global context, create cases.

cc: @lindseypoli @XavierM @spong @bradenlpreston

[elasticmachine]

Pinging @elastic/kibana-security (Team:Security)

[elasticmachine]

Pinging @elastic/siem (Team:SIEM)

[lindseypoli]

@MikePaquette @bradenlpreston

Here is what Option 1 looks like:

Wondering if it's strange to see "Security" in there twice? Because of that I'm leaning toward Option 2, but how do we feel about breaking out the SIEM and Endpoint use cases so explicitly?

Also, wanted to pull in here @jmikell821 to review the language.

[bradenlpreston]

Option 2. I think breaking the 2 use cases our separately is ok. Our website will have those 2 use cases under security as well.

If we can't get the extra space perhaps something to the effect of:

Solution Name: Security
Sub-heading: SIEM + Endpoint Security (Or SIEM + EPP/EDR)
Description: A single application to protect hosts, analyze security information and events, hunt threats, automate detections, and create cases.

[lindseypoli]

@bradenlpreston Sounds great to me! 👍 Just checked with @XavierM and he will plan to make this change along with the changes we discussed for "Detections" https://github.com/elastic/endpoint-app-team/issues/412#issuecomment-652028915

[lindseypoli]

@bradenlpreston @MikePaquette @XavierM

FYI I just learned that the updated design for the Kibana homepage may be introduced in 7.9 (though it's not 100% guaranteed and may slip to 7.10).

This is the updated design: #25734 | Figma Mocks

Are there changes that we want to make to this copy?

Security
Protect & prevent →
Detect critical security events.
Investigate incidents and collaborate.
Prevent threats autonomously.

[bradenlpreston]

CCing @jae-elastic and @MarkSettleES

I dont think we need "Protect and Prevent" Can we change this to just "Protect" or "Protect your Environment"

For the 3 bullets, can we use our 3 core value props:

Eliminate Blind Spots
Stop Threats at Scale
Arm Every Analyst

Alternate Suggestion
Prevent Threats Autonomously
Detect and Respond to critical security events
Investigate incidents

[caitlinbetz]

Wanted to bump this to make a final decision on this as we want this in before feature freeze - (today :) )

Current Kibana homepage design —
Sub-heading option # 1: SIEM + Endpoint Security
Sub-heading option # 2: SIEM + EPP/EDR

Description option # 1: A single application to protect endpoints, analyze security information and events, hunt threats, automate detections, and create cases.
Description option # 2: Standardize data collection and manage/ensure endpoint security with integrated protection.

Updated Kibana homepage design —
Option # 1:
Eliminate Blind Spots
Stop Threats at Scale
Arm Every Analyst

Option # 2
Prevent Threats Autonomously
Detect and Respond to critical security events
Investigate incidents

@bradenlpreston @MikePaquette @jae-elastic Could we get your thoughts on the above so we can finalize this language?

[lindseypoli]

We confirmed that the updated homepage design will not make it into 7.9, so we just need to finalize the language we want to use for the current homepage design.

[bradenlpreston]

Solution Name: Security
Sub-heading: SIEM + Endpoint Security
Description: A single application to protect hosts, analyze security information and events, hunt threats, automate detections, and create cases.

[alexfrancoeur]

It won't make 7.9, but we will have it for 7.10 and @cqliu1 is progressing nicely (#70571). We're in the process of iterating through the text now and I see some brainstorming happening in this issue. Please feel free to drop a comment in the PR or related issue with any thoughts. cc: @gchaps

[gchaps]

@bradenlpreston For consistency with the other descriptions, it would be better to start the description with a verb. Also is "single-app" needed?

So maybe

Protect hosts, analyze security information and events, hunt threats, automate detections, and create cases.

If "single app" is needed:

Protect hosts, analyze security information and events, hunt threats, automate detections, and create cases, all within a single app.

Which three bullet points did you prefer? For option #2, the second bullet point is too long for the space.

[bradenlpreston]

Good with this - "Protect hosts, analyze security information and events, hunt threats, automate detections, and create cases."

Update to bullet 2 - "Detect and Respond"

[XavierM]

here we go <3

[gchaps]

Thanks, @bradenlpreston. For the 7.10 home page, can you let me know whether you want Option 1 or Option 2 for the bulleted list. If option 1, how about using "Investigate incidents" instead of "Arm every analyst".

Option # 1:
Eliminate blind spots
Stop threats at scale
Arm every analyst

Option # 2
Prevent threats autonomously
Detect and respond
Investigate incidents

[bradenlpreston]

Let's go with this:
Option # 2
Prevent threats autonomously
Detect and respond
Investigate incidents

[bradenlpreston]

@XavierM and @MikePaquette General question: Can we change the "Add Events" under security to - "Add Security" - like under APM. We do more than just events now.

[gchaps]

@bradenlpreston Can we use this or something similar?

"Detect and respond to events"

ML landed on this text, and I don't want them to sound too similar

"Model, predict, and detect behavior"

[bradenlpreston]

@gchaps - I prefer to keep it as "Detect and Respond" - while everything at its core is an event, I dont want to make it sound generic. We can build complex rules to detect behaviors an other unwanted activity that expand beyond events.