Introduction to RSAC 2025

The 34th annual RSA Conference opened its doors yesterday at the Moscone Center in San Francisco, bringing together over 44,000 cybersecurity professionals from more than 140 countries. This year's conference theme focuses on operating with purpose amid uncertainty – a fitting message as organizations navigate increasingly complex threat landscapes while embracing transformative technologies like AI.

Monday marked the opening of what promises to be an exceptional week of knowledge sharing, innovation showcasing, and community building. With over 700 speakers, 29 tracks, 450+ sessions, and 650+ exhibitors, RSAC 2025 is living up to its reputation as the cybersecurity industry's most influential gathering.

Our Elisity team is on the ground, with our sales teams, marketing teams, executives, product management leaders, and technical experts engaging with customers, industry analysts, and the media throughout the week. We're excited to showcase how our identity-based microsegmentation platform is helping manufacturing, healthcare, and industrial organizations prevent lateral movement and accelerate their Zero Trust maturity.

RSAC 2025 Opening Keynote Highlights

RSAC™ Conference 2025 Opening Keynote Hugh Thompson, Executive Chairman & RSAC™ Conference Program Committee Chair, RSAC

The opening keynote set a powerful tone for the conference, celebrating record-breaking attendance and emphasizing the essential role of community in addressing cybersecurity challenges. With 2,800 speaker submissions and a 40% increase in Innovation Sandbox entries, the cybersecurity community is clearly engaged and eager to innovate.

Thompson framed cybersecurity not just as a technological issue but as a societal one, connecting it to broader economic security – symbolized by the New York Stock Exchange bell-ringing ceremony held at RSAC. The keynote repeatedly returned to themes of adaptation and the transformative impact of AI in security operations.

Using an engaging metaphor contrasting frequentist and Bayesian statisticians, Thompson illustrated the value of updating beliefs based on new information – a mindset crucial for cybersecurity professionals facing evolving threats. Looking forward, RSAC introduced a predictive tool that identified AI-driven application security and adversarial attacks as key issues for 2026.

Key Sessions and Insights from Day 1

Having Zero Trust to Give: What Should Have Been Next? Andy Ellis, Partner, YL Ventures

Andy Ellis delivered a thought-provoking talk on the evolution of zero trust, challenging common misconceptions and providing practical guidance. Drawing from his experience as CSO at Locke Mine during Operation Aurora (which targeted 300 high-tech companies), Ellis emphasized that zero trust isn't simply about implementing technologies like microsegmentation, but about fundamentally rethinking trust models inherited from centuries-old business practices.

Ellis critiqued standard zero trust principles, arguing that continuous monitoring and the "assumption of breach" often lead to misguided trust decisions. Instead, he advocated for three actionable approaches:

• Implementing strong authentication that verifies both endpoint and user identity
• Reducing administrative privileges on endpoints
• Making access provisioning frictionless so users aren't incentivized to circumvent security controls

His perspective aligns with Elisity's approach to identity-based microsegmentation, which focuses on granular access policies based on business logic, rather than traditional network boundaries. Ellis emphasized making security architectural changes without creating adversarial relationships with users – a philosophy reflected in our platform that enforces policies dynamically while maintaining operational efficiency.

Defensive Tensions in Critical Infrastructure Cyber Defense Joseph Slowik, Founder, Paralus LLC

Joseph Slowik took a hard look at how the cybersecurity community defines and prioritizes critical infrastructure. He argued that the term "critical" has become diluted across sectors like energy, healthcare, and manufacturing, making it harder to focus defenses effectively. With limited resources to protect an ever-growing landscape, Slowik called for strategic prioritization: identifying truly critical assets and allocating support accordingly.

A key tension Slowik explored was balancing resource allocation between high-priority entities and the "long tail" of smaller, yet still important, organizations. He warned of risks posed by opportunistic threat actors like Volt Typhoon who target overlooked infrastructure. His proposed model included direct defense for truly critical assets while leveraging information sharing, best practices, and flexible defensive postures for others.

Slowik emphasized the ethical challenge policymakers face: acknowledging that not every entity can expect equal defensive support. He encouraged asset owners to realistically assess their criticality and plan accordingly. This approach resonates with Elisity's philosophy of applying precise policy enforcement and identity-based segmentation, ensuring that organizations protect what truly matters most without spreading resources too thin.

The Journey of Enterprise Network Microsegmentation at Scale Todd Outten, Distinguished Engineer, Comcast Jeff Stoklosa, Principal Engineer, Comcast

Comcast's six-year journey toward enterprise-wide zero trust network architecture showcased the immense value of microsegmentation at scale. Faced with legacy networking challenges such as sprawling East-West traffic, billions of devices, and an over-provisioned firewall landscape, they prioritized reducing the attack surface and enforcing stricter access controls.

Their solution was their own proprietary build out of what they call Tenant Security Framework (TSF), a scalable architecture built around clearly defined policy decision and enforcement points. By treating tenants as containers for services and access policies, Comcast enabled more explicit, auditable segmentation, achieving a 50% attack surface reduction – a testament to the power of security and structured network governance.

A major takeaway from Comcast's success was their focus on:

• Leadership alignment and flexible framework development
• Data-driven decision-making and automation
• A shared responsibility model that made security a seamless extension of network architecture

Looking ahead, Comcast plans to add real-time auditing, and just-in-time access policies – echoing the industry's broader evolution toward deeper, adaptive trust models. Their journey underscores key lessons that align closely with Elisity's approach: start with a strong framework, automate relentlessly, structure policies around identity and context, and scale segmentation organically.

Innovation Sandbox: The Next Generation of Cybersecurity Solutions

The 20th annual RSAC Innovation Sandbox contest kicked off with ten promising cybersecurity startups competing for the title of "Most Innovative Startup." This year's competition saw a remarkable 40% increase in submissions, with over 200 startups applying from across the globe.

To celebrate the 20th anniversary, RSAC announced a groundbreaking investment program – for the first time, each finalist received a $5 million investment to fuel their innovation. The finalists represent diverse areas of cybersecurity innovation, from AI security (Aurascape, CalypsoAI) to firmware security (Metalware) and identity management (Smallstep).

Notably, several finalists focus on AI security challenges, reflecting the industry's growing concern about AI-related threats. Companies like Aurascape, CalypsoAI, and EQTY Lab are developing solutions to secure AI applications, ensure AI integrity, and enable responsible AI innovation.

Over the past 19 years, Innovation Sandbox finalists have collectively celebrated more than 90 acquisitions and received over $16.4 billion in investments, highlighting the program's role as a launchpad for transformative security technologies. Previous finalists like Imperva, SentinelOne, Axonius, and Wiz have gone on to become industry leaders, with Wiz recently announcing a landmark $32 billion acquisition by Google.

Implementing Zero Trust Microsegmentation: Lessons for Security Leaders

The sessions and demonstrations at RSAC 2025 reinforce a critical message for manufacturing, healthcare, and industrial organizations: microsegmentation is no longer optional but essential for protecting critical systems and preventing lateral movement attacks. As the Elisity team engages with security leaders at the conference, several key themes are emerging:

The Shift to Identity-Based Security

Traditional network segmentation approaches based on VLANs, ACLs, and firewalls are increasingly insufficient for today's dynamic environments. The future belongs to identity-based microsegmentation that factors in user identity, device attributes, and behavior patterns when enforcing access policies.

As Andy Ellis highlighted in his session, strong authentication that verifies both endpoint and user identity is foundational to effective zero trust implementation. Elisity's identity-based microsegmentation platform aligns perfectly with this approach, enabling organizations to create and enforce dynamic security policies based on comprehensive identity context from the Elisity IdentityGraph™ technology.

Rapid Implementation Without Disruption

Comcast's microsegmentation journey demonstrated that even large-scale implementations can succeed with the right approach. However, many organizations still struggle with traditional microsegmentation projects that require extensive planning, hardware deployment, and network reconfiguration. Comcast also has the resources, the patience, and the commitment to build out its own framework and microsegmentation methods for each unique environment and its native access controls.

Elisity's approach addresses these challenges by enabling microsegmentation in weeks, not years. Our cloud-delivered platform works with your existing  infrastructure, eliminating the need for new hardware, agents, VLANs, or complex ACLs. This means organizations can rapidly implement least-privilege access across their environment without disrupting operations.

Integration with the Broader Security Ecosystem

The integration between security tools emerged as another critical theme across RSAC sessions. Effective microsegmentation doesn't operate in isolation but becomes more powerful when integrated with existing security investments.

Elisity's platform demonstrates this through its integrations with identity providers, EDR solutions, CMDBs, and specialized IoT/OT/IoMT security platforms like Armis. For example, our integration with Armis provides comprehensive visibility across all IT, IoT, OT, and IoMT devices, enabling dynamic security policies that automatically adapt to changing risk levels.

Meet Elisity at RSA Conference 2025!

Ready to transform your network security with enterprise-scale microsegmentation? We're excited to connect with you at RSA Conference 2025 in San Francisco!

Where to Find Us

NightDragon Innovation Summit

Location: The Palace Hotel Date: Tuesday, April 29 Highlights:

• CEO James Winebrenner's Innovation Sprint Pitch (4:10-4:30 PM)
• Innovation Showcase (5:30-9:00 PM)

Club Claroty Lounge

Location: B Restaurant (atop Moscone North) Dates: Tuesday, April 29 - Thursday, May 1 Hours: 9:00 AM - 4:00 PM daily Highlights:

• Live demos of our microsegmentation solution
• Informal networking opportunities

Insight Partners ScaleUp Suite

Location: 111 Minna Gallery Dates: Monday, April 28 - Wednesday, April 30 Highlights:

• Dedicated meeting pods
• Exclusive networking opportunities

Why Meet With Us?

• See how you can implement least-privilege security policies in weeks, not years
• Discover how 83% of assets can be protected in two months
• Learn about our identity-based microsegmentation approach
• Get personalized insights for your specific security challenges

Don't miss your chance to revolutionize your network security! Secure a spot to meet with our team

 https://www.elisity.com/rsac-2025