Palo Alto Networks’ announcements at the RSA Conference (RSAC) 2025 reflect a strong commitment to AI-driven security and platform unification, offering enterprises enhanced threat detection and posture management. Key updates and launches fall into three strategic pillars: Prisma Access Web Browser 2.0 introduces a SASE-native browser that ensures consistent, policy-based secure access across all devices. It offers real-time gen AI controls and AI-powered protection against phishing, cloaking, and script-based threats. It also includes a built-in password manager for enhanced credential security and ease of use. Prisma AIRS secures the entire AI life cycle by scanning models for vulnerabilities and preventing risks such as tampering. It provides posture management to identify excessive permissions and data exposure across the AI ecosystem. Built-in AI red teaming enables automated testing to uncover potential weaknesses. Additionally, it offers runtime and AI agent security against adversarial threats such as prompt injection, identity impersonation, and memory poisoning. Cortex XSIAM 3.0 unifies proactive and reactive security operations to prevent breaches and enable rapid incident response. It leverages AI for smart exposure management, automatically remediating high-risk vulnerabilities across cloud, network, and endpoints. The platform enhances email security using LLMs to detect and block phishing threats. A centralized data engine powers real-time analytics and automation for faster, more accurate threat handling. These capabilities strengthen Palo Alto Networks’ position as a comprehensive cybersecurity provider. However, clearer guidance on interoperability, scalability, and operationalization will be important for enterprises to fully realize the value of these innovations in diverse environments.

In this report, we evaluate Cisco’s latest cybersecurity innovations unveiled at the RSA Conference (RSAC) 2025, focusing on AI-driven threat response, enhanced automation, and industrial security. Cisco’s key announcements include the introduction of agentic AI capabilities in its XDR platform, delivering Instant Attack Verification and automated forensics. These enhancements aim to reduce incident response time and improve detection accuracy. Another key development is the integration of Splunk SOAR 6.4 into Cisco XDR, enabling deeper automation of threat investigation and remediation workflows. This feature is expected to reduce security operations teams’ manual effort. Cisco also expanded its portfolio with the launch of Cisco Industrial Threat Defense, reflecting a strategic push into protecting Operational Technology (OT) environments, a key area for infrastructure-heavy sectors. While Cisco’s vision aligns with enterprise demands for AI-enabled, multi-cloud-compatible cybersecurity solutions, several gaps remain. There is limited transparency on how new features interoperate across Cisco’s diverse security ecosystem, particularly in hybrid, multi-provider environments. These solutions’ scalability in globally distributed enterprises also requires clearer articulation. Additionally, as AI becomes foundational to Cisco’s strategy, enterprises expect stronger positioning on governance, explainability, and responsible AI use.

In May 2025, Google Cloud expanded its sovereign cloud offerings to address increasing demands for data sovereignty and operational autonomy. It launched Google Cloud Air-Gapped, a fully isolated environment designed for sectors with stringent data security requirements, such as defense and intelligence. This solution operates without external network connectivity and is authorized to handle US government Top Secret data. Google Cloud Dedicated, developed in partnership with Thales, a French leader in cybersecurity, offers region-specific services operated by local partners to meet national compliance standards, such as France’s SecNumCloud. The Google Cloud Data Boundary service expansion now offers customers granular control over data residency and access, complemented by the User Data Shield, which incorporates Mandiant’s security assessments to validate application security postures. While these initiatives demonstrate Google Cloud’s commitment to offering flexible, secure, and compliant cloud solutions, challenges remain. These challenges include the limited geographic availability of certain services and complexities in integrating sovereign solutions with existing multi-cloud architectures. Enterprises must carefully assess these factors when considering Google Cloud’s offerings for their sovereignty objectives.

In April 2025, IBM unveiled the latest evolution of its mainframe portfolio with the introduction of IBM Z17, advancing its long-standing leadership in mainframes. IBM has long been a cornerstone in the evolution of enterprise computing, with its mainframe systems being vital in supporting mission-critical operations across industries. Known for their reliability, security, and performance, IBM has consistently adapted its mainframes to meet changing business needs. IBM Z17 focuses on delivering alignment with enterprise hybrid cloud and sustainability goals. It stands out with features such as quantum-safe encryption through Crypto Express 8S, Watsonx Assistant for Z, Operations Unite, and AI-enabled processing at the core. It introduces enhanced security features and hybrid cloud readiness, offering enterprises a flexible, future-ready solution to modernize while empowering mission-critical workloads in a rapidly transforming digital landscape. This evolution in the Z series reinforces IBM’s commitment to autonomous IT, streamlining operations, enhancing user experiences, while addressing long-standing challenges such as talent shortages and legacy system constraints.

In this report, we assess SentinelOne’s evolving cybersecurity portfolio, emphasizing the strategic innovations showcased at the RSA Conference (RSAC) 2025. SentinelOne introduced Purple AI Athena, an agentic AI that autonomously triages, investigates, and remediates security incidents. It also enhanced Singularity Hyperautomation, a no‑code workflow engine that converts analyst actions into reusable playbooks and integrates with third‑party Security Information and Event Management  (SIEMs) and data lakes for a unified security‑operations view. These enhancements aim to tackle persistent Security Operations Center (SOC) challenges by filtering alert noise, expediting investigations, and orchestrating cross‑tool responses at machine speed. SentinelOne also strengthened its multi‑cloud workload‑protection capabilities and highlighted interoperability across containerized and serverless environments. However, the expanded automation features may overlap with established Security Orchestration, Automation, and Response (SOAR) platforms, and large enterprises will scrutinize Purple AI’s explainability and guardrails before adopting autonomous response at scale. SentinelOne’s future roadmaps must clarify integration depth with legacy security stacks and outline a robust AI governance framework.

In this report, we assess Cisco’s cybersecurity landscape, focusing on its strategic investments in innovation highlighted at the RSA Conference (RSAC) in May 2024 in San Francisco and Cisco Live in Las Vegas in June 2024. Cisco strongly emphasized AI-native security, with significant announcements regarding Cisco Security Cloud, Cisco XDR, and Cisco Panoptica. It introduced enhancements to Cisco Hypershield, its AI-native security platform, to identify unknown vulnerabilities in real time. Integrating Splunk SIEM with Cisco XDR leverages Cisco’s recent acquisition of Splunk to offer enhanced real-time threat detection and response. Additionally, Cisco introduced a unified AI assistant for Cisco XDR to revolutionize the security analyst experience with AI and made significant advances in identity threat detection and response by launching Identity Intelligence in Cisco Duo. IIn this report, we offer insights into Cisco’s new product releases, evaluating their potential to address challenges and objectives and supporting informed early-stage product decisions. The report also recommends how Cisco can develop more streamlined and seamless solutions and address existing security gaps in its products to make its clients resilient in the rapidly evolving cyber threat landscape. Scope All industries and geographies This assessment is based on Everest Group’s tracking of information that Cisco released during RSA Conference 2024 and Cisco Live 2024 Contents In this report, we: Identify key security themes driving and inhibiting cybersecurity demand and assess how Cisco’s offerings address them Analyze Cisco’s strengths, weaknesses, and improvement areas in the cybersecurity landscape Review Cisco Security’s product and feature announcements at RSAC 2024 and Cisco Live 2024 Membership(s) Cybersecurity Sourcing and Vendor Management

Microsoft's cybersecurity landscape in 2024 reveals its strategic investments in innovation, particularly in integrating Defender, Sentinel, and Co-pilot, and challenges in maturing existing capabilities. While these integrated solutions show promise, recent security breaches and identified vulnerabilities in Defender for Office 365 raise concerns about Microsoft's overall security offerings. In this report, we highlight the need for Microsoft to rebuild trust with federal agencies and enterprise customers by further developing Sentinel’s investigation and forensic capabilities to address evolving threats and customer requirements. The report offers detailed customer feedback, additional pain points and unmet needs, and a thorough competitive landscape review of Microsoft’s position in the cybersecurity market. It also provides actionable recommendations for Microsoft to enhance its security posture, mitigate vulnerabilities, and ensure a more secure future for its customers in an increasingly complex threat environment. Scope All industries and geographies Contents In this report, we examine: Microsoft’s cybersecurity strategy, its investments in innovation, integrated solutions (Defender, Sentinel, and Co-pilot), and key challenges Key findings and recommendations, Microsoft’s strengths and weaknesses, and improvement areas in the cybersecurity landscape Impact of security incidents on customer trust, vulnerabilities in Defender for Office 365, and the need for enhanced forensic capabilities in Sentinel Membership(s) Cybersecurity Sourcing and Vendor Management

During its Google Cloud Next ’24 event, in Las Vegas on April 9-11, 2024, Google Cloud emphasized its dedication to AI security by introducing Gemini, a large language model designed to revolutionize threat detection and response. This innovation uses AI and zero-trust principles to automate tasks and strengthen security posture. Additionally, Google Cloud announced advances in simplifying endpoint security, streamlining processes, and improving threat mitigation. Another key theme was the focus on intelligence-driven security operations. By leveraging AI and analytics, Google Cloud aims to provide proactive threat intelligence and real-time threat detection, enabling faster and more agile incident response. In this report, we provide our cutting-edge insights into the new product release and explore its potential to address key challenges and objectives, empowering informed early-stage product decisions. Scope All industries and geographies The report is based on our assessment of information released by Google Cloud during its Google Cloud Next ’24 event Contents In this report, we: Outline key security issues and objectives, as well as themes that are driving and inhibiting demand Detail Google’s current positioning with respect to its security products portfolio Analyze the product’s strengths and areas of improvement Membership(s) Cybersecurity Sourcing and Vendor Management