As we put together our game plan for what to see at RSA Conference 2025, we wanted to scope out innovation, identify which vendor booths will be a must-see, and (at least for one of us) minimize the number of steps to take around the Moscone Center. We counted 76 companies in the Early Stage Expo and Next Stage floor plan, plus one booth for the Innovation Sandbox winner. We dug into each of their websites and discovered some interesting trends. We found that:

  • Application security dominates the floor. There are 15 out of 76 (roughly 20%) companies primarily focused on application security in some form, including software supply chain, API security, software composition analysis, and application detection and response, as well as one with tie-ins to cloud security.
  • IAM, genAI security, and security operations has a strong presence. There are 11 with a primarily focus on identity and access management (IAM), 10 on generative AI security, and eight on security operations. Within IAM, offerings span deepfake detection, machine identity, identity threat detection and response, and identity attack surface management. Within genAI security, there were offerings with additional focus on data security, application security, and device security. Within security operations, offerings spanned across the AI-driven security operations center, security analytics, integration platforms, data pipeline management, and threat intelligence.
  • Overall, a large variety of domains are showing up. We saw companies with dedicated offerings for breach and attack simulation; governance, risk, and compliance; data security; cloud security; email security; fraud prevention; threat intelligence; AI security; attack surface management; browser security; deception; endpoint detection and response; insider risk; penetration testing; quantum security; and vendor risk management. Cybersecurity consulting and data center solutions were also present. Several companies also had a heavy emphasis on Zero Trust.
  • Platypuses make an appearance. You know when you visit a vendor’s website and end up confused as to what the company does? We call this a platypus, when it is unclear what exactly the offering is, whether because it’s heavy on buzzwords or it’s trying to convey a product that incorporates elements across different areas of security. We came across two that fit this description.

 

Innovation Matters For Your Security Program

The Early Stage Expo isn’t the only spot we’ll be checking out for innovation. Launch Pad and the RSAC Innovation Sandbox are also must-attend events on our agenda that week. The 10 finalists for Innovation Sandbox this year span a variety of areas. There are offerings for securing AI innovation and use (including one from last year’s Launch Pad), using AI to improve cybersecurity, binary fuzzing, data security and insider risk, proactive security, and device identity.

Security leaders might be tempted to cut costs in the face of volatility today, but that cannot be the default response. To thrive through volatility, reassess current spend (and your options — flex pricing, anyone?), near-term plans, and the long-term roadmap. Part of the assessment must include staying on top of innovation, even as you continue to rationalize security controls and use platforms where needed. When defending your budget, present the three constituencies that require security spending — regulators, customers, and cyber insurers — to win every budget battle.

We look forward to seeing you at RSAC! And stay tuned for our follow-up blog in a few weeks about our experiences there.