Reporting is critical for security professionals—it demonstrates the value of their vulnerability management program and builds organizational trust through transparent data sharing.
The redesign increased platform report creation by 23.6% within 6 months of release, successfully encouraging migration from console to cloud reporting.
Reporting is critical for security professionals—it demonstrates the value of their vulnerability management program and builds organizational trust through transparent data sharing.
When I joined Rapid7 in 2019, InsightVM was maintaining a hybrid experience with both console and platform capabilities running side by side. As a business, we needed to systematically migrate capabilities from the on-premise console to the cloud to unify the customer experience.Platform report adoption wasn't meeting expectations. We needed to be intentional about driving behavior change.
I was the lead designer for this project.
Design is a team sport - I partnered with PMs, developers, researchers, and customer advisors for the reporting space. Over time, my focus transitioned from design strategy to tactical delivery.
Bulut Ersavas, Product Manager
Adrienne Caputo, UX Researcher
Vikram Jiandani, Lead Engineer
Meeseeks Engineering Team
Give customers the ability to quickly identify and pivot between data types (assets to vulnerabilities).
Provide customization in reporting to create curated views that help prioritize day-to-day tasks. Reports should be easy to share and collaborate on to bridge gaps between teams and stakeholders.
Bake best practices into the product to guide usage and vulnerability management activities. Reports should deliver out-of-the-box value.
Our console version, Nexpose, had been around for over 10 years with a large, established user base. We were migrating to the cloud while maintaining console support. We had to be mindful of how changes impacted the underlying system.
We were also working with an evolving design system without prescriptive guidelines. Multiple component variants existed across the product doing similar work. We needed to audit the product to understand what was possible.
User interview results showcased a couple of themes. Here are some common themes which surfaced.
Users value the ability to get specific data quickly and accurately throughout the product.
Inconsistent user experience caused confusion and affected their ability to search
5/10 mentioned challenges with reporting or finding the information they needed.
I collaborated with the product manager and engineering lead to understand the breadth of work. Instead of jumping straight to design, I wanted to prioritize which problems were worth solving based on viability and business importance.
We created a success funnel of micro behaviors we wanted to optimize, identifying which behavior indicators would lead to more cloud report creation.
Increase in % of usage(Create, View, Edit) on platform vs. console reporting
How can we encourage customers to use the new report creation experience instead of console?
Higher gap in growth rate of QB usage vs custom integrations (SQL etc)
How can we guide customers to migrate their custom integrations to queries?
Increase in # of customers aware of future changes
How can we gracefully notify our customers on cloud migration steps and/or replacement options?
We wanted to increase adoption of cloud reporting capabilities. This meant seeing a higher percentage platform reporting usage compared to console reporting. So we listed themes related to this outcome:
We want to give customers the ability to quickly identify and pivot between data types (e.g. from assets to vulnerability).
We want customization in reporting to create a curated view of their data to help prioritize their day-to-day tasks. Reports should be easy to share and collaborate to bridge gaps between teams and stakeholders.
We want to give guidance to customer by baking best practices to inform product usage and vulnerability management activities. Reports should be easy for customers to utilize and see value from out-of-the-box.
Customers struggled navigating the duality of our offering. InsightVM would link to either console or cloud experiences depending on capability availability. We didn't want to alienate our on-premise user base, and technical constraints impacted which experiences could merge.
The existing flow had left navigation linking to the console reporting page. Customers had to click a notification banner to access cloud reports. As we made cloud reporting the default, we needed to update each entry point.Customers had a difficult time navigating around the duality of our offering. InsightVM would link to console or a cloud experience pending on capability availability. We also did not want to alienate our current on-premise user base. Also, technical constraints had impact on decision for experiences to merge.
Initial reporting flow hidden behind console entry point
Cloud reports as primary experience with console as secondary option
We observed users struggling to discover actions in the query builder. We needed to create entry points related to page content to drive behavior change.
Hidden actions in a undiscoverable query builder entry point
We observed users struggling to discover actions in the query builder. We needed to create entry points related to page content to drive behavior change.
Depending on page context, we would:
We saw higher project creation from the projects page compared to the query builder. User interviews confirmed the query builder entry point wasn't discoverable. This insight guided our approach to behavior change.
Strategy: Expose calls to action wherever possible. Create additional entry points based on page context. Pre-fill report information from saved queries to reduce friction.
The existing wizard didn't provide helpful guidance during report creation. It focused on arbitrary report types rather than security goals. User interviews showed the importance of focusing on why customers want to create reports.The current wizard did not provide helpful guidance during the report creation process. This was due to focusing on arbitrary information as the type of report. According to the user interviews we saw it was important to focus on the security goal.
Guidance Based Approach:
Goals first. Focusing on why customers want to create a report.
Mindful of real-estate and provide an area to showcase preview of the example report which will be created.
We would like to guide them with use case driven templates/guides to help with their security program objectives.
We wanted to make the report created goal oriented. Depending on what type of reporting the customer needed, we would generate it for them.
Initial report selector - Arbitrary grouping of reports.
Security goals first: Focus on why customers want to create a report.
I maintained multiple design realities depending on release cycles and constraints. I communicated and scoped incremental design updates while pushing the north star vision to the engineering team.
As we added report templates and querying capabilities, we expanded the archiving view to support the growing feature set.
The redesign successfully shifted customer behavior from console to cloud reporting, achieving our primary goal of increasing platform adoption.One challenge was maintaining multiple design realities across release cycles. The engineering team couldn't implement all desired improvements, so designs got scoped down. Keeping track of these versions while pushing toward the future vision was complex.
The 23.6% increase in platform report creation directly supported Rapid7's strategic migration from console to cloud. This reduced:
More importantly, it validated that thoughtful design changes could drive meaningful behavior shifts without forced deprecation or feature parity. Customers chose the cloud experience because it better served their needs.
One challenge was maintaining multiple design realities across release cycles. The engineering team couldn't implement all desired improvements, so designs got scoped down. Keeping track of these versions while pushing toward the future vision was complex.
