Chart Toppers: RSAC™ 2025 Conference Highlights

• Innovation is thriving at RSAC™  2025, with a notable increase in startups introducing new approaches to cybersecurity.
• Detection and response capabilities are a major focus, while AI has begun to see a backlash because for some vendors, the hype has outpaced the product.
• Our booth was your stop for an all-new RSAC experience, from demos of cutting-edge defenses to our AI photo booth that will land you on the cover of an iconic music album.

Thanks for joining my guided tour of RSAC™ 2025 Conference, that went down this week at Moscone Center in San Francisco. I’m here to assess the defenses available to organizations, and to compare what the industry offers security teams with what team leaders say they need. On this tour, I’ll break down a few observations and highlights. (Imagine I’m holding up one of those tour guide signs and shouting “We’re walking!” A lot.)

If you’re still enjoying this final day of the conference, you’ll find some excellent tips on how to spend your last day here. If not, read on to find out what you may have missed–and what warrants further exploration. 

Here’s what I saw at #RSAC2025

Innovation is alive and well.

Other than a few unexpected sights—one vendor’s goat petting zoo earned its share of “awwws”—I’m seeing an explosion of startups here that are really trying new approaches to enable defense teams. I always expect to see this, but the number this year seems higher than usual, and that gives me a smile. It’s always good to see defenders taking a little risk to build out the systems that will change the way we do things. After all, no one entity can defend everyone from everything—it really does take a village, which is exactly what the RSAC Community is about.

Detection and response is all the rage.

Many AppSec vendors have begun to apply detection and response capabilities, but they are largely limiting scope to software bill of materials (SBOM), supply chain and open source products. Each is either buying players in this space or have developed some form of detection and response internally. It’s interesting because many are new to this, and a few are probably just one enterprising product manager away from making a serious play for endpoint defense. For those of us whose endpoint security solutions earn perfect scores in independent tests—and whose endpoint detection and response (EDR) is legendary—this development is worth watching.

Is AI seeing a backlash? 

Artificial intelligence was all over RSAC Conference last year. It still is this year and isn’t likely to abate. And yet, as you peruse the show floor, you might spot some startups that have begun to downplay AI—a contrarian stance in a marketplace filled with AI-forward marketing. To me, it feels like the beginning of a pushback, which can be an inevitable phase in any technology’s hype cycle, even a technology that, by all indications, is only accelerating as it matures. 

Despite the relatively recent AI hype, we at Symantec and Carbon Black have for years taken the long view of AI. In fact, Carbon Black was one of the first vendors (possibly the first) to implement AI and behavioral analytics in actual products. (Carbon Black EDR is the acclaimed result of some of those developments). Meanwhile, we continue to methodically and strategically implement AI where it adds customer value. We know AI is very good at data classification, and this can enable defenders mightily. Predictive security has long been the goal for AI in this space, but to get there, you need a strong AI and machine learning (ML) approach that can accurately rank and classify threats to better see emerging attacks. 

On this, we speak from experience: In April, we announced Incident Prediction, an industry-first capability that uses AI and threat intelligence to accurately predict an attackers’ next four or five moves with up to 100% confidence. That’s not just marketing or AI hype; it’s a real-world use case that allows organizations of all sizes to predict and stop ransomware attacks—and then quickly return to its pre-attack state. Empty promises lead to backlash, but real-world solutions lead to useful and effective AI implementations. We’re focusing on real-world solutions. Listen as Dick O’Brien, principal analyst with our Threat Hunter Group, explains it all for you.

It’s time to prepare for post-quantum cryptography compliance.

With quantum computing technology developing rapidly, some experts predict that within a decade, a device could emerge that will break current encryption methods, spelling serious trouble for human beings, organizations and entire nations. In anticipation of what’s to come, we’re seeing financial institutions incorporating post-quantum crypto into their five-year planning cycles, starting with real-time network controls and moving on from there. To prevent “capture now, decrypt later” attacks that could allow threat actors all the time they need to access your data once an encryption breaker comes available, some customers are requiring hybrid key exchange support. If you’re just getting up to speed on this, there’s good news: Manoj Sharma, Broadcom Enterprise Security Group’s global head of security strategy, is here to break it down for you.

The vast majority of organizations targeted by nation-states are mid-market private sector entities—not huge enterprises or government agencies. 

Surprised? So were many in the packed conference session hosted by Jason Rolleston, general manager of Broadcom’s Enterprise Security Group, and Eric Chien, fellow with our acclaimed Threat Hunter Group. The duo used real-world observations and analyses to dismantle the still-stubborn perception that adversaries like North Korea, Russia and China have no interest in the M in SMBs—medium-sized organizations that traditionally thought they were too small (or too apolitical) to be targeted by nation-state actors. Jason and Eric explained why virtually every organization is now vulnerable to enterprise-grade, APT-level threats, which means the best defense is enterprise-grade security. 

People dig our vibe. 

If you’ve visited Broadcom’s Symantec and Carbon Black booth, you already have this part down. We arrived at this year’s RSAC Conference with a rockin’ new look. But our new Legends Never Die branding is about way more than looks. It emphasizes the legendary provenance of our cybersecurity brands—and does it with as much standing-o style as the cybersecurity industry can handle. Our AI photo booth placed you on the cover of some of music’s most iconic albums. (You might have spotted me as that swimsuit-challenged baby on the cover of Nirvana’s Nevermind.)

Symantec Data Loss Prevention (DLP) comes to Microsoft Edge for Business. 

Attendees formed a VIP line for our demo showing the integration of Symantec DLP Endpoint with Microsoft’s business browser. This integration extends top tier data protection to Edge for Business users, allowing organizations to identify, monitor and protect sensitive or regulated data, including text that’s uploaded or cut-and-pasted from the web. With Symantec DLP, all you Microsoft customers can also manage sensitive data across your Copilot instance. Our DLP message is clear: Drop hits, not data. 

The wait for fast SSE is over. Buckle up for 100x performance. (No, really.)

Traditional Secure Service Edge (SSE) implementations can be laggy. GRE- or IPsec-based connectivity is largely to blame, often exposing SSE platforms to the vagaries of the public internet and the performance-killing constraints of many vendors’ GRE bandwidth. But by directly integrating Symantec's security stack into Google’s Cloud WAN solution, we’ve come up with a faster, simpler way to adopt SSE protections at office or data center locations. By integrating Symantec Cloud Secure Web Gateway Express Connect with Google’s Cloud WAN, we’re able to up to 100x more bandwidth than competing solutions. And yes, you read that right. Watch as Broadcom’s Jason Rolleston and Google’s Robert Sadowski go deep on the latest real-world results–and customer benefits–stemming from our longstanding partnership with Google. 

We’re all in this together. 

What I like best about RSAC Conference is the cybersecurity community coming together in a healthy and (generally) positive, solutions-focused way. Just as importantly, this is where much of our industry’s agenda is set for the coming year—and it’s set by the very community that has gathered here to exchange ideas and plans. 

Another plus: Getting to catch up with friends and co-workers that I may not have seen in a long time. It’s a good experience, and one of the best and most efficient ways to see “what’s out there.”