Palo Alto Networks’ announcements at the RSA Conference (RSAC) 2025 reflect a strong commitment to AI-driven security and platform unification, offering enterprises enhanced threat detection and posture management. Key updates and launches fall into three strategic pillars: Prisma Access Web Browser 2.0 introduces a SASE-native browser that ensures consistent, policy-based secure access across all devices. It offers real-time gen AI controls and AI-powered protection against phishing, cloaking, and script-based threats. It also includes a built-in password manager for enhanced credential security and ease of use. Prisma AIRS secures the entire AI life cycle by scanning models for vulnerabilities and preventing risks such as tampering. It provides posture management to identify excessive permissions and data exposure across the AI ecosystem. Built-in AI red teaming enables automated testing to uncover potential weaknesses. Additionally, it offers runtime and AI agent security against adversarial threats such as prompt injection, identity impersonation, and memory poisoning. Cortex XSIAM 3.0 unifies proactive and reactive security operations to prevent breaches and enable rapid incident response. It leverages AI for smart exposure management, automatically remediating high-risk vulnerabilities across cloud, network, and endpoints. The platform enhances email security using LLMs to detect and block phishing threats. A centralized data engine powers real-time analytics and automation for faster, more accurate threat handling. These capabilities strengthen Palo Alto Networks’ position as a comprehensive cybersecurity provider. However, clearer guidance on interoperability, scalability, and operationalization will be important for enterprises to fully realize the value of these innovations in diverse environments.

In this report, we evaluate Cisco’s latest cybersecurity innovations unveiled at the RSA Conference (RSAC) 2025, focusing on AI-driven threat response, enhanced automation, and industrial security. Cisco’s key announcements include the introduction of agentic AI capabilities in its XDR platform, delivering Instant Attack Verification and automated forensics. These enhancements aim to reduce incident response time and improve detection accuracy. Another key development is the integration of Splunk SOAR 6.4 into Cisco XDR, enabling deeper automation of threat investigation and remediation workflows. This feature is expected to reduce security operations teams’ manual effort. Cisco also expanded its portfolio with the launch of Cisco Industrial Threat Defense, reflecting a strategic push into protecting Operational Technology (OT) environments, a key area for infrastructure-heavy sectors. While Cisco’s vision aligns with enterprise demands for AI-enabled, multi-cloud-compatible cybersecurity solutions, several gaps remain. There is limited transparency on how new features interoperate across Cisco’s diverse security ecosystem, particularly in hybrid, multi-provider environments. These solutions’ scalability in globally distributed enterprises also requires clearer articulation. Additionally, as AI becomes foundational to Cisco’s strategy, enterprises expect stronger positioning on governance, explainability, and responsible AI use.

Google Cloud’s announcements at the RSA Conference (RSAC) 2025 advance its unified, intelligence‑centric cyber defense vision. Key updates fall into four strategic pillars: AI‑powered security operations – Gemini AI agents are embedded in the Security Operations platform, formerly Chronicle, to triage alerts autonomously, recommend remediation, and automate playbook execution through native Security Orchestration, Automation, and Response (SOAR) capabilities. This reduces Mean Time To Detect (MTTD) and Mean Time To Respond (MTTR) by minimizing manual intervention. Unified multi-cloud visibility – The new Google Unified Security platform converges Security Information and Event Management (SIEM), SOAR, and Threat Intelligence into a single console. Enhanced connectors extend telemetry coverage beyond Google Cloud Platform (GCP) to Amazon Web Services (AWS) and Microsoft Azure, delivering consistent monitoring across hybrid and multi-cloud estates. Data‑centric protection and compliance – Security Command Center’s Cloud‑native Application Protection Platform (CNAPP) adds Data Loss Prevention (DLP) and sensitive‑workload discovery features, enabling enterprises to enforce controls across Software‑as‑a‑Service (SaaS), container, and serverless environments. Assured Workloads updates address regional digital sovereignty requirements with country‑specific control configurations. Mandiant services for SOC transformation – New offerings such as Detection Migration and SOAR Engineering provide expert guidance for enterprises transitioning to Google’s platform. Flexible prepaid credits for Mandiant consulting, incident response, and training help organizations align service consumption with their evolving security needs. These capabilities strengthen Google Cloud’s position as a comprehensive cybersecurity provider. Nonetheless, enterprises will seek clearer AI governance, broader endpoint device coverage, and consistent product naming to avoid confusion stemming from frequent rebranding.

CrowdStrike used the RSA Conference (RSAC) 2025 to reinforce its unified, intelligence‑led cyber defense vision. The provider’s portfolio enhancements spanned four strategic pillars: Agentic AI for the Security Operations Centre (SOC) – Charlotte AI autonomously triages alerts, hunts threats with Falcon OverWatch managed hunting, and triggers remediation actions through Falcon for IT automation. This promises faster Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR) by minimizing costly human touchpoints. Identity‑centric security – Falcon Privileged Access applies behavioral risk analytics to grant or revoke elevated rights Just‑In‑Time (JIT) across on‑premises Active Directory (AD) and cloud Identity Providers (IdPs). By continuously monitoring privilege use, it blocks lateral movement and aligns with Zero Trust (ZT) principles. Unified data protection – Falcon Data Protection delivers real‑time Data Loss Prevention (DLP) that spans endpoints, cloud storage, and generative AI workloads. Organizations can enforce consistent controls and gain visibility into sensitive data flows irrespective of where users work. Cloud‑native threat detection and response – Falcon Cloud Security Innovations add runtime protection for containers, serverless functions, and AI models. New Shadow AI detection uncovers unsanctioned model usage, while expanded multi-cloud visibility reduces blind spots across Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). Collectively, these launches position CrowdStrike to address key enterprise imperatives: shrinking breach windows, securing distributed identities, and protecting data in a perimeter‑less world. Nevertheless, large enterprises will expect transparent AI governance, tangible proof points on third‑party telemetry breadth, and clarity on how Falcon Data Protection differentiates from legacy DLP offerings.

In this report, we assess SentinelOne’s evolving cybersecurity portfolio, emphasizing the strategic innovations showcased at the RSA Conference (RSAC) 2025. SentinelOne introduced Purple AI Athena, an agentic AI that autonomously triages, investigates, and remediates security incidents. It also enhanced Singularity Hyperautomation, a no‑code workflow engine that converts analyst actions into reusable playbooks and integrates with third‑party Security Information and Event Management  (SIEMs) and data lakes for a unified security‑operations view. These enhancements aim to tackle persistent Security Operations Center (SOC) challenges by filtering alert noise, expediting investigations, and orchestrating cross‑tool responses at machine speed. SentinelOne also strengthened its multi‑cloud workload‑protection capabilities and highlighted interoperability across containerized and serverless environments. However, the expanded automation features may overlap with established Security Orchestration, Automation, and Response (SOAR) platforms, and large enterprises will scrutinize Purple AI’s explainability and guardrails before adopting autonomous response at scale. SentinelOne’s future roadmaps must clarify integration depth with legacy security stacks and outline a robust AI governance framework.

In this report, we assess Cisco’s cybersecurity landscape, focusing on its strategic investments in innovation highlighted at the RSA Conference (RSAC) in May 2024 in San Francisco and Cisco Live in Las Vegas in June 2024. Cisco strongly emphasized AI-native security, with significant announcements regarding Cisco Security Cloud, Cisco XDR, and Cisco Panoptica. It introduced enhancements to Cisco Hypershield, its AI-native security platform, to identify unknown vulnerabilities in real time. Integrating Splunk SIEM with Cisco XDR leverages Cisco’s recent acquisition of Splunk to offer enhanced real-time threat detection and response. Additionally, Cisco introduced a unified AI assistant for Cisco XDR to revolutionize the security analyst experience with AI and made significant advances in identity threat detection and response by launching Identity Intelligence in Cisco Duo. IIn this report, we offer insights into Cisco’s new product releases, evaluating their potential to address challenges and objectives and supporting informed early-stage product decisions. The report also recommends how Cisco can develop more streamlined and seamless solutions and address existing security gaps in its products to make its clients resilient in the rapidly evolving cyber threat landscape. Scope All industries and geographies This assessment is based on Everest Group’s tracking of information that Cisco released during RSA Conference 2024 and Cisco Live 2024 Contents In this report, we: Identify key security themes driving and inhibiting cybersecurity demand and assess how Cisco’s offerings address them Analyze Cisco’s strengths, weaknesses, and improvement areas in the cybersecurity landscape Review Cisco Security’s product and feature announcements at RSAC 2024 and Cisco Live 2024 Membership(s) Cybersecurity Sourcing and Vendor Management

Microsoft's cybersecurity landscape in 2024 reveals its strategic investments in innovation, particularly in integrating Defender, Sentinel, and Co-pilot, and challenges in maturing existing capabilities. While these integrated solutions show promise, recent security breaches and identified vulnerabilities in Defender for Office 365 raise concerns about Microsoft's overall security offerings. In this report, we highlight the need for Microsoft to rebuild trust with federal agencies and enterprise customers by further developing Sentinel’s investigation and forensic capabilities to address evolving threats and customer requirements. The report offers detailed customer feedback, additional pain points and unmet needs, and a thorough competitive landscape review of Microsoft’s position in the cybersecurity market. It also provides actionable recommendations for Microsoft to enhance its security posture, mitigate vulnerabilities, and ensure a more secure future for its customers in an increasingly complex threat environment. Scope All industries and geographies Contents In this report, we examine: Microsoft’s cybersecurity strategy, its investments in innovation, integrated solutions (Defender, Sentinel, and Co-pilot), and key challenges Key findings and recommendations, Microsoft’s strengths and weaknesses, and improvement areas in the cybersecurity landscape Impact of security incidents on customer trust, vulnerabilities in Defender for Office 365, and the need for enhanced forensic capabilities in Sentinel Membership(s) Cybersecurity Sourcing and Vendor Management

During its Google Cloud Next ’24 event, in Las Vegas on April 9-11, 2024, Google Cloud emphasized its dedication to AI security by introducing Gemini, a large language model designed to revolutionize threat detection and response. This innovation uses AI and zero-trust principles to automate tasks and strengthen security posture. Additionally, Google Cloud announced advances in simplifying endpoint security, streamlining processes, and improving threat mitigation. Another key theme was the focus on intelligence-driven security operations. By leveraging AI and analytics, Google Cloud aims to provide proactive threat intelligence and real-time threat detection, enabling faster and more agile incident response. In this report, we provide our cutting-edge insights into the new product release and explore its potential to address key challenges and objectives, empowering informed early-stage product decisions. Scope All industries and geographies The report is based on our assessment of information released by Google Cloud during its Google Cloud Next ’24 event Contents In this report, we: Outline key security issues and objectives, as well as themes that are driving and inhibiting demand Detail Google’s current positioning with respect to its security products portfolio Analyze the product’s strengths and areas of improvement Membership(s) Cybersecurity Sourcing and Vendor Management