Site Search
March 15th, 2019

RSA 2019 Recap: Visibility of Threats and What Is Missing

The 2019 RSA conference has come and gone. Based on the crowded floors and the packed sessions, there is no doubt that this one was the biggest yet.


Irrespective of what RSA chooses, every year, there appears to be a theme that resonates from the exhibition floor. This theme is indicative of the concerns of the market that is driving the focus of the industry. In 2017, the focus was cloud protection. In 2018, the focus turned to endpoint. This year, the focus was undoubtedly threat visibility.


Every vendor was either demonstrating the depth of their intelligence, how their systems could better identify threats to an organization’s online ecosystem, or how their systems could correlate the threats from all other systems into a single pane of glass. Giving visibility of the threats to an organization was the topic of choice.


With all of this data on threats, vendors were demonstrating how they would address them once they made their way into their organizations’ ecosystems, but very few were demonstrating how they would prevent these threats from reaching their organizations in the first place.


Nearly all vendors at RSA and in the security space as a whole know two things about online interactions: traffic and behavior. By analyzing the traffic entering the online ecosystem and correlating that with the behavior exhibited, these systems can determine the activity that is transpiring. This activity is analyzed and converted into threat intelligence. This intelligence is then categorized, and the categories are used to create either countermeasures or feeds, which are then ingested into an organization’s security system of choice.


However, these signatures and feeds are quickly out of date—in many cases, the instant they are produced. This is because the bad actors are constantly updating their malware and/or they are continuously infecting new systems. For example, a feed from yesterday of known good IP addresses that’s used to update an access control list (ACL) will be out of date the instant it’s published, as the malware propagates and infects new hosts.


What is missing from all of these systems is an understanding of the things, people, and places in regard to what is on the other end of the initiating connection. At Neustar, we call this “understanding identity.”


Applying Identity to both traffic and behavior provides additional insights into the interactions on the network. Where traffic combined with behavior determines activity, traffic combined with identity can determine context, and identity combined with behavior can determine intent.

  • Context = Identity + Traffic

    • The conditions behind a transaction that is transpiring in real-time on the network resulting in the choice of a more appropriate countermeasure.

  • Intent = Identity + Behavior

    • The purpose of each interaction on the network resulting in the application of a more appropriate response.

This combination of identity with traffic and behavior to determine activity, context, and intent is what Neustar calls the PredictiveEdge™.


The PredictiveEdge is the unique intellectual property that we are implementing into all of our security intelligence, products, and services that is based on our position as a leader in identity science:

  • Knowing with confidence who or what is on the other end of every interaction, no matter how often that information changes

Neustar has the most complete understanding of people, places, and things—an authoritative identity system that bridges both the physical and digital worlds:

  • Comprehensive datasets from over 300 authoritative offline and digital data sources

  • Continuous corroboration of 50 billion daily transactions across global digital traffic, customer interactions, and verifications

  • Identity data that is corroborated as often as every 15 minutes with 11 billion daily updates

  • Teams of data scientists and researchers analyzing transactions through the use of AI and machine learning

By leveraging identity in conjunction with traffic and behavior, we at Neustar can make real-time protection decisions on traffic to and from our customers’ networks, letting good traffic through while keeping threats out and protecting employees and assets.


This approach, which is being implemented into our PredictiveEdge™ intelligence, products, and services, ensures:


  • Unprecedented visibility across the entire hybrid infrastructure

  • Actionable intelligence about the risk associated with the internet traffic coming to and from an organization

  • Frictionless protection decisions from entry to exit, made in real-time


PredictiveEdge is already integrated into many of our security solutions, and throughout 2019, we will be implementing it into all of our other products and services.


To learn more about Neustar Security PredictiveEdge intelligence, products, and services, visit www.security.neustar.


Neustar Security Solutions: ”Get the PredictiveEdge™”

Let's Connect

Learn How Your Company Can Benefit from the Power of Trusted Connections.

Contact Us   Give us a call 1-855-898-0036