Key network security takeaways from RSAC 2025
Themes on display at the conference reflected the cybersecurity industry's effort to streamline security operations, while adapting to emerging technologies and threats.
The theme of RSAC 2025 was "Many Voices, One Community," and while the number and diversity of the people involved in cybersecurity are the real focus of that theme, it can also be applied to the breadth of practices, technologies and vendors that consitute our industry as well.
Ten years ago, you could neatly group most vendors into a handful of buckets. Now, the lines are blurred, and the number of buckets needed is overwhelming. While the end goal of aligning us as one community is ultimately the same -- helping customers reduce risk, limit attacks and protect valuable assets -- the complexity within cybersecurity continues to grow.
On a positive note, there did seem to be an acknowledgement of that fact at the conference, with multiple trends emerging to address this issue. Key takeaways from RSAC 2025 included the following.
Tool and platform proliferation
If everyone has a platform, does anyone have a platform? We've acknowledged that there are too many point tools, which create too many silos. At the same time, we know it's unrealistic, especially for an enterprise, to standardize on one or two platforms. We now have a variety of platforms available for different use cases. This isn't a bad thing. It addresses part of the point tool fatigue issue, while keeping some lines of delineation across cybersecurity in place -- i.e., network security, application security, security operations, etc.
In most cases, buyers are adopting a platform for specific capabilities in the short term but want to understand where they may be able to expand over time. The vendors that get that and support product strategies around that motion will see better success through better customer outcomes.
Security is critical, but…
Obviously, security is at the core of what every vendor at RSAC Conference does. Yet, while half of my conversations were focused on security enhancements, the other half were about supporting digital transformation, addressing new network and application dynamics, or improving the experience and efficiency around management.
This serves to reinforce a couple points. First, few organizations will go with the best security software if it is difficult to use; there must be a balance. Second, security teams are still playing catch-up. As soon as one new innovation is addressed, something else comes up. We're still working on securing the cloud in many cases, and now, AI is on every organization's radar.
Security and GenAI
There's still some level of confusion even among vendors on how to convey exactly what they're addressing when it comes to security and AI. Enforcing access policies and controls for public generative AI apps, protecting internally built applications that use GenAI and using GenAI for security tools are very different use cases.
The first and last are quickly being fully integrated, with many vendors not charging for these capabilities. The middle case is where there's the most innovation and fragmentation from a tool perspective. It's important for buyers to fully understand where they are on the GenAI journey, what their needs are now and how that will change over time.
Network and endpoint security convergence accelerates
Secure access service edge (SASE) has focused on converging network and security capabilities from the beginning. Over the last year, though, there's been a steady line of enterprise browser enhancements from these vendors.
This addresses three key areas: It closes security gaps in the last mile within the browser, where network-based tools do not have visibility; better addresses the unmanaged device use case for secure access; and helps maintain protection -- at least for browser-based activity -- when decryption may not be ideal due to privacy concerns. While dedicated enterprise browser vendors will undoubtedly disagree, it feels like these solutions are complementary to SASE and fit well into that architecture.
While more was discussed, these themes were central to the network security discussions I had. I expect the rest of this year to move just as quickly as the last 12 months, so it will be interesting to look back after RSAC 2026 and see how far we were able to advance some of these initiatives.
John Grady is a principal analyst at Enterprise Strategy Group, a division of Omdia, who covers network security. Grady has more than 15 years of IT vendor and analyst experience.
Omdia's Enterprise Strategy Group analysts have business relationships with technology vendors.
