Top 5 Trends in Cybersecurity – Notes from RSAC 2025

Top 5 Trends in Cybersecurity – Notes from RSAC 2025

   Advise and Consult IT Analyst IT News Blog Small World Video Interviews    May 27, 2025  |  0
Event logo

Wow! We got to interview and record quick takes with over 40+ RSAC 2025 vendors – most right on the show floor at Moscone (in S.F.) with over 41k fellow attendees. If you want a 3hr short-course video education on what’s happening today in cybersecurity, all those roughly 5min booth interviews are being posted free here – https://www.truthinit.com/index.php/p/1111/rsac-2025/

Here are the top 5 topics and trends I saw at the show – and that resonate throughout all those interviews:

  1. Artificial Intelligence – AI good and bad is both top of mind and marketing
  2. Supply Chain – Security that extends beyond your perimeter
  3. Proactive Functionality – A drive towards more proactive security measures
  4. Secure Infrastructure – A deepening integration of security into IT Infrastructure (Storage in particular!)
  5. Lifecycle Security – Growing convergence between static config/posture/compliance and operational security functions

Artificial Intelligence

Whether cybersecurity vendors are leveraging AI for good, getting ready to defend against hackers armed with AI, or securing one’s business use of AI, it’s clear that new genAI functionalities are double edged swords. LLM’s can be used to identify intrusion, categorize risk and help with remediation but they can also become excellent phishing tools in the hands of bad actors. There is a lot to keep abreast of with AI and security, and we’d encourage you to stay tuned this coming year as we plan on continuing to dive deeper into AI Cybersecurity impacts.

Supply Chain Security

There are a few ways to think about supply chains and security. At the show, we heard about the need to secure one’s “software supply chain”, with solutions that help manage the risks when using open source (SBOM security) and/or SaaS applications. We also heard about how hard it is to secure one’s supply chain of IT vendors (remote contractors, MSP’s, application providers), especially including the risks inherent when extending IT across hybrid architectures and cloud SP’s.

We think one of the more interesting emerging solution areas is addressing data protection not only when data is at rest or in motion, but also when in use (i.e. Cy4data Labs selective encryption of critical data transparent to the database system and/or applications).

Proactive Functionality

A lot of extent security functionality is responsive, having evolved from a reactive stance. To highlight the problems with only responding to critical incidents, we noticed several exhibitors (many we didn’t even get a chance to talk with) featuring actual “Whack-A-Mole” games in their booths.

The drive towards becoming more proactive (and ultimately predictive?) is a sign of a maturing management discipline. There are a myriad ways to take a more proactive approach from better leveraging upstream threat advisories to AI driven red-teaming. Overall, we’d say the theme here now is about extending zero trust principles beyond identity and resource access/authorization up and out into business processes directly.

Clearly AI is becoming a big component of becoming more proactive without having to drastically expand staffing.

Secure Infrastructure

Following on to the above trends, we noted in particular that several IT storage and data protection companies are offering more direct cybersecurity value propositions. Of course data protection in the form of secure, immutable backup/recovery solutions can be instrumental in avoiding cybersecurity losses (e.g. ransomware). Now we are seeing leading IT solutions embedding more directly cybersecurity features (e.g. Acronis’s multi-person authorization, Infinidat’s CyberVault).

We’d expect that evolving AI-powered systems management solutions will soon follow suit and provide native cyber-resilience as more part and parcel core functionality.

Lifecycle Security

Perhaps to no one’s surprise, the separate investment, focus and resource allocation previously spent on static or periodic configuration and posture management (as much for compliance as actual security) is beginning to converge into the continuous and more dynamic security operational effort. Everything from risk assessment to audit is becoming more of an ongoing process, helping inform and prioritize operational security in real-time.

The Bigger Picture

If you squint at all five of the trends above together, I think you get a pretty good synopsis of the state of Cybersecurity here in 2025. We are being attacked with AI, our AI is being attacked, and we are using AI to fight back. AI can also play a big role in all the other trends we’ve noted.

Security as a discipline is working hard to become more proactive overall even as bad actors continue to evolve as well and organizations are also realizing that their security concerns can extend far out from their own “datacenters” into their clients and vendors and into all the open source lineage they depend on. And with the fast rising adoption of SaaS for business applications, much critical data now lives outside the organization’s direct control.

But there is good news with the onrush of AI for good, with the maturing of cybersecurity as a discipline and with the increased embedding of security into infrastructure (and services).

 

What’s Here

Small World Big Data news and collected archive of videos, reports, research, published articles and opinion posts on today’s big technology topics.

Archives

©2025 Small World Big Data LLC