Analyst Perspectives

The annual RSAC Conference took place in late April in San Francisco, where over 40,000 professionals from the cybersecurity industry converged at the Moscone Center to discuss the latest trends, products and services aimed at threat identification and organizational security.

I last attended the RSAC Conference in 2020, just weeks before the world was instructed to stay home in response to the pandemic. With those restrictions behind us, I eagerly anticipated reconnecting with contacts and forging new relationships. This year’s event was particularly timely as we were in the development of the 2025 ISG Buyers Guides for Cybersecurity when the conference took place. It offered meetings with many of the software providers included in the Buyers Guides.

These Buyers Guides represent the first dedicated evaluations of software providers, building upon ISG's decade-long commitment to producing Industry Provider Lens reports in cybersecurity. The guides cover vital areas such as EDR, IAM, SIEM, and Data Backup and Recovery, evaluating over 55 software providers.

The sectors of Detection and Response and Backup and Recovery are increasingly critical for enterprises. ISG Market Lens research indicates that nearly all organizations experienced a cyber incident in the past year, prompting about one-half of those enterprises to invest in additional cyber protection measures. Relying solely on patching existing systems and erecting barriers is insufficient. While dashboards displaying millions of thwarted breach attempts may appease anxious executives and board members, they fail to address the silent intruder that has infiltrated the defenses. Our research indicates that only 15% of enterprises are actively investing in Detection and Response capabilities in the aftermath of a cyber incident, and fewer than 10% are focusing on recovery strategies. ISG Research asserts that through 2026, 1 in 3 enterprises will respond to a cyber incident by procuring additional protection schema, rather than mitigating enterprise risk by improving the ability to identify potential security incidents. Ultimately, too few enterprises are adopting a proactive security posture. As we know, an attack is inevitable; the question remains: How is exposure mitigated?

The RSAC 2025 Conference progressed the discussion on these pressing issues. Some key themes observed during the event included:

• AI/ML, GenAI and Agentic AI: Securing LLMs and AI providers is critical as vulnerabilities can lead to severe breaches, highlighting the need for robust cybersecurity measures and proactive strategies. Deploying GenAI and agentic AI introduces significant risks; organizations must evaluate those vulnerabilities thoroughly to ensure effective risk management and safeguard sensitive data. The integration of AI into cybersecurity software can revolutionize threat detection and response capabilities, enhancing operational efficiency and empowering teams to combat evolving threats.
• Backup and Recovery: Resilience is finally gaining the spotlight it deserves, as organizations recognize its importance in ensuring continuity while meeting strategic business goals and objectives amidst disruptions. Incorporating business logic into data retention strategies ensures that enterprises optimize storage costs while meeting compliance requirements specific to the application level, thereby enhancing operational performance. Utilizing backup analytics allows enterprises to develop informed strategies, improving cost management and ensuring effective resource allocation in the face of ever-increasing data volumes.
• Identity (IAM and PAM): Identity is increasingly viewed as the new enterprise security perimeter, with momentum building around decentralizing boundaries to enhance security postures against sophisticated threats. Advances in non-human identity detection, alongside enhanced access controls and governance frameworks, bolster security strategies, ensuring sensitive systems are safeguarded against unauthorized access. Leveraging privileged access management (PAM) supports enterprises in Zero-Trust initiatives by ensuring that access is rigorously monitored and managed, thus minimizing potential vulnerabilities.
• Q-Day and Post-Quantum Encryption (PQE): Enterprises can take proactive steps now to prepare for Q-Day, such as assessing current encryption practices and identifying potential vulnerabilities in existing systems. Establishing a quantum-safe enterprise strategy now can give organizations a decisive advantage, mitigating risks associated with future quantum computing threats to sensitive data. Early indicators suggest that Q-Day may be approaching, emphasizing the urgency for enterprises to adapt and fortify cybersecurity frameworks against emerging quantum threats.
• Threat Intelligence: Balancing the management of primary intelligence sources with engagement in threat intelligence communities can enhance situational awareness and foster a collaborative security environment. Enterprises must adopt best practices for selecting partners in threat intelligence services, ensuring alignment with specific needs while enhancing the overall cybersecurity posture. Managing information overload in threat intelligence is crucial; addressing signal-to-noise issues helps organizations focus on actionable insights to effectively respond to imminent threats.

Enterprise security management will become more complex before it improves. As our market assertion suggests, the adoption of cybersecurity software is integral to achieving business goals. While attendance at the RSAC Conference has rebounded to pre-pandemic levels, there was less emphasis on AI technologies among software provider booths than anticipated as we look to the future. To prepare effectively, enterprise IT leaders should prioritize the adoption of proactive security measures, enhance their detection and response capabilities and invest in training programs that align with the latest industry trends showcased at events like the RSAC 2025 Conference.

Regards,

Jeff Orr