[RSAC 2025 Sessions] How Security Companies Are Evolving

On April 30, the final day of RSA Conference 2025 offered a different tone from the previous two days. While the early part of the conference focused on the cutting edge of technology, the last day was filled with deep insights into where the security market is heading, operational strategies, and how to practically realize them. Especially during community tracks like “What’s Next in Security Leadership,” presentations at major global security vendor booths, and the closing sessions, new and serious topics for the security industry were presented.

From Security Architecture to Operational Strategy - ‘Practical Security’ Takes Center Stage 

The most prominent trend was not technological superiority but a strategic focus on "operability" and "sustainability." CrowdStrike delivered a presentation on “Building Efficient Security Operation Models,” emphasizing the importance of creating an organically connected response system following threat detection.

The company highlighted that integrated operations based on a unified platform, real-time intelligence, and lightweight agent structures are all architectures designed with the operator in mind.

Rapid7 also introduced a strategy centered around enhancing detection and response in cloud environments, stating, “It’s not how quickly you adopt security that matters, but how sustainably you operate it.” They also pointed out that organizations leading with technology are now experiencing “operational fatigue.” A shared recognition emerged: even the best technology is meaningless without actual operational efficiency.

On-the-Ground Questions from Practitioners in the Community Session 

In the “CISO Roundtable” session within the RSA Community track, real voices from field practitioners were heard. The following questions stood out in particular:

• “How do we manage the blind spots that remain even after all technologies are integrated?”

• “How stable is AI-based automation in real-world environments?”

• “Among all the MDR and XDR options, what’s the ‘right’ strategy for our organization?”

This clearly showed that the focus is shifting from simply evaluating technical performance to asking, “How can we apply technology in a way that fits our organization?”

MDR: From ‘Standardized Service’ to ‘Organization-Specific Strategy’ 

Day 3 sessions also featured active discussions on the direction of MDR (Managed Detection and Response) services.

Expel emphasized that they “do not provide detection and response in the same way to every customer.” They attracted much interest from buyers by showcasing “customized MDR” tailored to industry-specific requirements, attack characteristics, and regulatory demands.

eSentire introduced how their MDR is evolving from a reactive system to a “prevention-centered” one by integrating CTEM (Cyber Threat Exposure Management), ASM (Attack Surface Management), and EDR/XDR. Their focus on threat context analysis, faster detection, and resource efficiency for operational personnel drew particular attention.

The Evolution of AI: From Detection to Decision Support 

In sessions related to AI, the focus extended beyond automated detection to reducing operators’ “decision fatigue.” Presentations highlighted how OpenAI-based LLMs are being used in the field to interpret detection events, automatically prioritize threats, and recommend response scenarios. AI is no longer just an “automation tool”, it’s becoming “assistive intelligence” that helps operators make better decisions.

RSA 2025 wasn’t merely a showcase of technical prowess. In security, the key competitive elements have become the “refinement of strategy” and the “sustainability of operations.” Companies are now tuning their survival strategies in their own ways. Even in the MDR market, the vendors gaining traction weren’t those with the most features, but those who could offer strategies tailored to specific organizations.

RSA 2025 delivered a clear message: the future of security lies not just in technology itself, but in how it is implemented and sustained within an organization. Where does your organization’s security strategy stand today? The questions raised by RSA remain valid.