RSAC 2025: Key cybersecurity insights from theCUBE – News

From water grids to autonomous vehicles, the line between digital and physical has all but disappeared — and in its place, a sprawling attack surface now defines the frontlines of cybersecurity.

To manage this expanding risk, cybersecurity vendors are pushing toward platform-based models meant to simplify control and boost visibility. But even as the promise of integration gains momentum, a clear disconnect is emerging between strategic vision and real-world implementation. Legacy baggage and uneven adoption still hold the industry back, according to theCUBE Research’s Jackie McGuire.

“Everything is now a security issue, and the fact that almost our entire critical infrastructure, from power to water to everything, is now reliant on cybersecurity,” McGuire said. “Those are all becoming the highest targets for nation-state actors.”

During the RSAC 2025 Conference, McGuire joined fellow analysts for an exclusive broadcast on theCUBE, News Media’s livestreaming studio. TheCUBE’s coverage featured chief information security officers, threat researchers, platform architects and other leaders from companies shaping the next level of cybersecurity. (* Disclosure below.) 

Here’s theCUBE’s complete interview with theCUBE Research’s John Furrier and Jackie McQuire:

Here are three key insights you may have missed from theCUBE’s coverage:

Insight 1: As platforms rise, security teams rethink strategy and control.

Amid rising pressure to modernize security operations, vendors and practitioners alike are rethinking how platforms are built, and who builds them best, according to Jon Oltsik, analyst-at-large with theCUBE Research. The conversation has shifted from isolated tools to integrated approaches, with managed service providers increasingly outpacing legacy players in innovation and scalability. That shift, driven partly by the expanding demands of hybrid IT and artificial intelligence’s accelerating influence, reinforces a hard truth: Consolidation is coming, but real integration is still lagging, according to McGuire.

“Security people are paid to be skeptical; they are paid to break things,” Oltsik said in an analyst segment during the event. “However, this is happening fast. The CISO can’t be ‘Doctor No.’ They should be seeing how this can help them. The new mindset is … to absolutely move with cautious optimism.”

As AI becomes a permanent fixture in the cybersecurity landscape, it brings an unprecedented advantage and new risk dimensions. Advanced tools are reshaping defense strategies, automating threat detection, tuning firewalls and learning behavioral patterns in real time, according to Furrier, Oltsik and theCUBE Research’s Dave Vellante. But consensus remains firm: Without human oversight, AI’s promise is just as likely to backfire. Balancing speed, skill and judgment is now a central challenge as teams navigate automated complexity and escalating threats.

ETR’s Erik Bradley talks with theCUBE Research’s Jon Oltsik and Dave Vellante during RSAC.

“I think the human intelligence aspect in the short term and midterm will be the key,” Furrier said during the event. “Like that well-documented body of work in the chess community around the role of the computer to the human, I think there’s going to be a surge of that kind of craft … I think the human in the loop will be a very key skill.”

As security leaders push for full-spectrum visibility across fragmented systems, posture management is emerging as a strategic layer supporting baseline oversight and rapid response, according to Erik Bradley, chief strategist and director of research at Enterprise Technology Research. But fundamental limitations remain even as vendors move to embed posture tools within broader platforms. Data fragmentation, decentralized infrastructure and redundant tooling continue to slow progress, and most organizations reject the idea of relying on a single provider.

“This isn’t about, ‘You’re going to be one provider,’” Bradley told theCUBE during the event. That’s never going to happen. There’s no [chief security officer] that’s ever going to allow that. One of the number one raises is always, ‘We’re going to try to consolidate redundant vendors.’ That’s what they’re looking for. They don’t want redundancy.”

Here’s the complete interview with Erik Bradley, Jon Oltsik and Dave Vellante:

Insight 2: AI has become both the battlefield and the weapon in modern cybersecurity.

Agentic AI is reshaping both offense and defense as organizations scramble to adapt. CrowdStrike Inc. puts that power into action with Charlotte AI, an autonomous system designed to deliver real-time threat detection, automated incident response and operational outcomes with minimal human input, according to George Kurtz (pictured), founder, president and chief executive officer of CrowdStrike.

“We’re still in the early innings, and I think everyone’s trying to figure out how they can use it, how they can control the data, how they get the results in a secure way,” Kurtz told theCUBE. “What’s keeping people up at night is just the Wild Wild West of AI everywhere … it’s got a lot of people staying up late at night.”

Here’s theCUBE’s complete interview with George Kurtz:

Meanwhile, Zscaler Inc. warns of rising threats such as model poisoning and context-aware phishing, calling for defenders to deploy equally adaptive AI systems that can counter the sophistication of AI-driven adversaries, according to Deepen Desai, chief security officer and executive vice president of cyber and AI engineering at Zscaler Inc.

“To fight AI-driven attacks, you need to leverage AI,” Desai told theCUBE during the event. “We’re a big proponent of zero-trust architecture … but when you start thinking about AI application, the overall threat model changes slightly because you need to now worry about two things. One is all the data that is going to be leveraged to train those models. The other … is where they’re going after your models, the outcomes — so, poisoning those applications to result in outcomes that may favor one thing over the other. It’s better called poisoning attacks.”

Fortinet Inc. highlights a pivotal shift in cybercrime, where precision-targeted, AI-enhanced operations are replacing traditional ransomware tactics. In response, cybersecurity teams are deploying both generative and discriminative AI to accelerate detection and automate response, according to Derek Manky, chief security strategist and global vice president of threat intelligence at Fortinet. Generative models help reduce analyst fatigue by triaging alerts and synthesizing threat data, while machine learning models spot anomalies and zero-day threats in real time. Together, these approaches strengthen alignment between the security operations center and the network operations center, while helping shorten response windows.

Zscaler’s Deepen Desai talks with theCUBE about fighting AI-driven attacks.

“This is where the agentic piece is really coming in,” Manky told theCUBE. “It’s not just about the SOC, but the [system of record] is actually one of the big orchestrators, an intelligent SOR, now, that’s acting as that agent. It’s offloading a lot of those mundane tasks. With the agentic AI, now some of those guardrails are being put in place to actually autonomously do those actions as well.”

A collaborative push to advance AI-driven defenses surfaced in the launch of SecOps Labs, a joint initiative from Google LLC and HCL Technologies Ltd. By combining Google’s massive data resources with HCL’s applied security expertise, the lab aims to build next-generation tools for incident response and decision automation, according to Josh Karp, global security lead of GSIs at Google, and Prashant Mascarenhas, senior vice president and global business lead – cybersecurity and GRC services at HCL. The partnership reflects a broader industry shift toward ecosystem-level strategies that reduce manual toil and close the gap between detection and action.

“The idea around this is kind of an early release view to customers who want to opt in to this to take advantage of the new features, new functionality that we have with the platform,” Karp told theCUBE during the event. “About 75% of Google Labs is going to be fueled by partners like HCL. Let’s figure out together where the product needs to go, where Google Security needs to go. That’s exactly what we’re looking for.”

Here’s theCUBE’s complete interview with Karp and Mascarenhas:

Insight 3: As AI accelerates complexity, security strategies shift from reactive defense to proactive ecosystem control.

Modern infrastructure demands rapid deployment without sacrificing visibility or control, and Broadcom Inc. is leaning into that challenge with new enhancements to VMware vDefend, according to Umesh Mahajan, vice president and general manager, application networking and security division at Broadcom, and Prashant Gandhi, vice president of products, Application Networking & Security Division, at Broadcom. The platform now offers micro-segmentation-as-code and real-time traffic insights, enabling developers and security teams to embed protection directly into dynamic application workflows.

Meanwhile, Chainguard Inc. aims to address the growing complexity of open-source software by providing pre-hardened, distroless containers rebuilt from the source. The approach helps DevSecOps teams eliminate vulnerabilities without slowing velocity, grounded in a deep understanding of how open-source software is built, according to Ryan Carlson, president of Chainguard.

Broadcom’s Umesh Mahajan and Prashant Gandhi talk with theCUBE about vDefend’s role in supporting developer and security team priorities.

“We know open-source software and how it’s built and the nuances of packages, libraries and dependencies,” Carlson told theCUBE during the event. “We realized we can help people fix these things by rebuilding from source. Our products today are container images that are rebuilt from source all the way through to registry, so people have visibility and context. But really, what they’re getting is open-source software with the vulnerabilities remediated.”

AI-driven phishing attacks are reshaping the stakes of vulnerability management, demanding a shift from routine patching to strategic risk evaluation. In response, NinjaOne LLC has introduced a new capability called patch sentiment, which scours online forums and social channels to help security teams assess real-world impacts of newly released patches. This approach aims to minimize downtime, reduce risk and build confidence across distributed IT environments, according to Mike Arrowsmith, chief trust officer at NinjaOne.

“We scrape all social media, all forums, to just try to get a sense and kind of an idea, ‘Is this a ticking time bomb? Is this something that’s going to be benign that you can apply and not think about?’” he said during the event. “When we think about how organizations do patching, it really starts at the fundamentals. I think that’s an area where I think at Ninja we can help a lot of our existing customers, but also future customers.”

Here’s theCUBE’s complete interview with Ryan Carlson:

Data exposure risks escalate alongside AI adoption as shadow AI usage rises inside organizations. Yet many companies still struggle to identify their most sensitive assets — and even more so to protect them. Varonis Systems Inc. addresses this gap with tools that help enterprises discover, classify and monitor high-value data assets. At the same time, CNA Corp. emphasizes the real-world costs of poor data governance, according to Brian Vecci, field chief technical officer at Varonis, and Rizwan Jan, vice president and chief information officer at CNA.

“Almost every company has a giant data swamp, and they have no idea what they have and where it is,” Vecci told theCUBE during the event. “It’s the unknown unknowns that are going to kill you, especially when you give people the greatest information retrieval tool ever.”

Here’s theCUBE’s complete interview with Mike Arrowsmith:

From zero-trust acceleration to real-time risk scoring, the RSAC 2025 Conference revealed strategic breakthroughs well beyond the insights above. TheCUBE’s coverage spotlighted dozens of influential voices reshaping the security conversation. Among them include:

• Google and Accenture PLC explore streamlined security built on trust, with insights from Kelsey Koval, global alliance manager of Accenture Cyber at Google, and Kevin Butterfield, managing director and chief financial officer, cybersecurity, at Accenture.
• Cribl Inc. address multicloud protection for agentic AI, with Myke Lyons, chief information security officer of Cribl.
• KnowBe4 Inc. highlights smarter defenses to counter evolving malware risks, with Roger Grimes, data-driven defense evangelist at KnowBe4.
• SecurityScorecard advances real-time cyber risk management, with Jason Thompson, chief operating officer of SecurityScorecard.
• Elasticsearch B.V. reinforces transparency and control, with  Mike Nichols, vice president of product management at Elasticsearch.

To watch more of theCUBE’s coverage of the RSAC 2025 Conference, here’s our complete event video playlist:

https://www.youtube.com/watch?v=videoseries

(* Disclosure: TheCUBE is a paid media partner for the RSAC 2025 Conference. The sponsors of theCUBE’s event coverage do not have editorial control over content on theCUBE or News.)

Image: News