As RSAC 2025 approaches, key themes are emerging that are set to dominate the world’s largest cybersecurity gathering. Industry dynamics are shifting rapidly – from AI enabling higher velocity threats, an intensified platform consolidation debate, high-profile M&A, rising interest in AI agents (with somewhat tepid adoption in cyber) and shifting security budget priorities. Our research shows that while cybersecurity remains a top priority for IT leaders, it is not immune from macro economic headwinds. Moreover, geopolitical tensions have heightened perceived and actual threats, causing a large portion of customers to change their spending habits. On balance, cybersecurity remains the most challenging sector in tech, where 100% success is virtually unattainable; and failure can cripple a firm’s brand.
In this Breaking Analysis, we dig into ETR’s Annual State of Security Research (free download). We’ll examine the macro picture in cybersecurity, share the shifting spending patterns and priorities exposed in the research, examine the hype and realities of platform consolidation, and share which companies CISOs feel are helping them innovate to fight the fight.
Let’s start by taking a look at how cybersecurity stocks have fared year to date compared to the broader tech sector.
Below is a chart comparing year-to-date returns of leading cyber equities against the NASDAQ. The chart illustrates cyber’s resilience and relative strength in 2025. CrowdStrike is very strong and shows a bounce back from last summer’s July 19th incident, leading this pack on year-to-date gains. Zscaler shows very solid performance through April. The BUG ETF, which is one of our favorite cybersecurity baskets (along with CIBR), significantly outperformz the NASDAQ. Palo Alto Networks is under pressure because of growth and valuation concerns and what investors perceived as tepid guidance this quarter, yet it still is outperforming broader tech.
Our research indicates that cybersecurity remains a fundamental “must-have” line item in enterprise tech budgets, and that necessity is translating into outsized equity performance—even as broader tech enters a phase of uncertainty with tariffs and economic headwinds.
Key takeaways
Relative strength continues. Year-to-date, the BUG cybersecurity ETF and peer CIBR have both handily beaten the NASDAQ. On a five-year basis, security is up ~128 % versus the NASDAQ’s ~100 %, underscoring a durable premium.
Leaders recovering quickly. CrowdStrike’s sharp rebound from last summer exemplifies investor confidence in best-of-breed platforms. Zscaler is near the top the 2025 leaderboard with sustained momentum through April. We didn’t show Okta but it is outpacing all of these names with a 31% gain YTD.
Valuation premium is real—and is justified. ETR’s research shows that security vendors trade at ~9.4× next-twelve-month (NTM) sales versus ~5.5× for the broader U.S. enterprise-SaaS cohort. In our opinion, the spread reflects both necessity-driven demand and stronger forward growth estimates.
Palo Alto Networks is a watch-list name. Growth deceleration and valuation angst have capped near-term upside, yet the stock still outperforms the NASDAQ, illustrating the sector’s resilience. Palo Alto’s push toward consolidation, we believe, is beginning to resonate with certain customer sectors and could lead to broader momentum going forward.
Macro uncertainty favors “mission-critical” spend. In an environment of economic uncertainty, market volatility and earnings scrutiny, investors gravitate toward categories where spending is non-discretionary and breaches carry existential risk.
Bottom line
We believe the data suggests cybersecurity equities will continue to command a valuation premium even as macro headwinds persist and despite rising threat volumes. While multiples are rich relative to the SaaS universe, the sector’s consistent out-performance and “must have” status justify a measured overweight stance—provided investors remain selective around execution risk and the sustainability of growth projections.
As always, do your own research.
Security Budgets in Flux as Geopolitics Shift Spending Patterns
The chart above shows that 43 % of organizations have adjusted their security-spending patterns as a result of geopolitical tensions and conflicts. Only 1 % report reducing spend, while the balance either held flat or increased outlays. The data underscores that budgeting has become dynamic—revisited mid-cycle in response to shifting threat priorities and heightened geopolitical tension.
As evidenced in the ETR data, cybersecurity budgets are no longer an annual “set-and-forget” exercise. Instead, they are being re-calibrated continuously to address real-time geopolitical risks and rapidly evolving attack surfaces.
Key takeaways
Survey insight
Implication
43% of firms changed security allocations in the past 12 months.
Budget cycles have shortened; boards are willing to reopen the wallet when threat posture shifts.
Just 1% are cutting spend.
Security remains one of the few IT categories effectively immune to deep budget cuts.
40% report a tangible uptick in cyber threats and 10% call the rise “significant.”
Perceived risk is translating into measurable incident volume, validating accelerated investment.
Energy & utilities stand out: 70% see more threats; 20% label them significant.
Critical-infrastructure operators are on heightened alert, likely to prioritize OT security and zero-trust segmentation.
Source: ETR, April 2025
Additional context
A further 37 % are proactively preparing for potential escalation despite not yet observing more attacks—evidence, in our opinion, of a “preemptive spend” mentality taking hold.
Global 2000, financial-services, and insurance respondents report above-average threat intensification, aligning with their elevated regulatory exposure and concentrated data assets.
Bottom line
The data suggests that, despite across the board tech headwinds, geopolitical instability is acting as a structural buffer for cybersecurity budgets. We believe vendors positioned to address critical-infrastructure protection, threat-intelligence enrichment, and zero-trust controls will capture outsized wallet share as enterprises shift from static annual funding models to agile, risk-based allocations.
The market-map below plots ETR’s Net Score—a measure of spending momentum—on the vertical axis, and Sector Pervasion—each sector’s penetration in the data set—on the horizontal axis. Cybersecurity appears far to the right, reflecting deep market penetration, yet it sits below the 40 % Net-Score (stratosphere) threshold highlighted in the red dotted line. When we dig deeper, the data behind this chart will reveal a bifurcated field with a cluster of high-momentum specialists (“modern”) and a long tail of vendors with near-zero or negative Net Scores (“legacy”). When combined, the latter moderates the spend momentum of the sector.
Our research indicates that cybersecurity’s importance and maturity show deep penetration into the installed base but when we dig deeper, tools fragmentation will reveal a “two-speed” market– innovation leaders generating healthy demand signals, while legacy vendors struggle for wallet share and depress headline averages.
Key takeaways
Observation
What the data suggests
High penetration, modest average momentum. Cyber sits far right on Sector Pervasion, confirming ubiquity, yet its composite Net Score lags emerging domains like Gen AI.
A saturated install base forces CISOs to consider rationalizing portfolios, while at the same time chasing best-of-breed tools to plug holes. This despite the allure of platform consolidation.
One quarter of the 80+ security vendors in the ETR dataset post zero or negative Net Scores.
Legacy providers with dated architectures are losing relevance and budget share.
Overall IT spending intention softened—from 5.5% to 3.4% growth QoQ in ETR’s MacroView survey.
Even with tightening budgets, security remains comparatively resilient, but buyers are more selective.
ML and AI “squiggly lines” dominate above the 40% mark, siphoning spend from other sectors.
Vendors that infuse AI-driven detection, response, and automation are capturing the lion’s share of new spend.
Source: ETR & theCUBE Research, April 2025
Contextual nuance
Net Score compression is sector-wide this quarter, not unique to security; however, cyber’s breadth of vendors magnifies the effect.
Best-in-class players (Microsoft, CrowdStrike, Zscaler, Wiz, etc.) continue to post Net Scores above or near the 40 % “high-flyer” line, offsetting—but not countering—the drag from long-tail incumbents.
Bottom line
We believe the data sets up a classic consolidation narrative– mature, fragmented sectors inevitably bifurcate into innovation leaders and legacy laggards. As CISOs pivot toward platform efficiency and AI-enabled defenses, security vendors that fail to modernize will see further Net Score erosion. Investors and buyers alike should distinguish between the high-momentum specialists driving the sector forward and the legacy anchors pulling the average down.
Security Vendor Drill-Down – High-Flyers Rise Above a Sea of Legacy Players
Below we double click into the information security sector to show a vendor-level market map. It plots ETR Net Score (spending momentum) on the vertical axis and Shared N (penetration within the survey) on the horizontal. Two horizontal bands are highlighted: the upper red line at 40% Net Score, and the baseline at 0%. A handful of security providers—including Wiz (far upper-left), Microsoft (upper-right, at scale), Zscaler, Okta, sit at or above the 40% threshold. A rebounding CrowdStrike would normally be there as well. Below the baseline is a long tail of legacy names such as Sophos, Trellix, Symantec, and SonicWall, whose negative Net Scores pull the sector average lower as shown in the previous graphic.
Our research indicates that cybersecurity has crystallized into two distinct cohorts– AI-enabled platform leaders that command wallet share and legacy incumbents that struggle to defend installed bases.
AI-driven capabilities and platform breadth are translating into strong expansion, new-logo wins, and low churn.
Notable stories
CrowdStrike’s recovery Cisco’s presence
48% (pre) → 20% →23% post-outage
Cisco/Splunk + Network Security
CrowdStrike momentum is rebuilding, but a 10 % replacement-intent rate shows some customers still searching. Cisco re-focusing on the sector under new leadership.
Legacy drag
Sophos, Trellix, Symantec, SonicWall, others
≤ 0% Net Score
Aging architectures, point-tool silos, and limited AI integration are accelerating budget migration elsewhere.
Source: ETR & theCUBE Research, April 2024
Contextual nuance
Microsoft remains the ubiquity outlier. Its combination of baseline coverage (Defender, Entra, Purview) and aggressive AI rollouts keeps the vendor firmly in the upper-right quadrant—an enviable blend of scale and momentum.
If legacy vendors were removed, the sector’s average Net Score would shift materially higher. Yet their continued prevalence in large enterprises underscores the stickiness of older tooling and the multi-year nature of rip-and-replace cycles.
Replacement intent versus execution gap. We believe CrowdStrike’s stickiness in some ways, mirrors VMware’s dynamic in infrastructure– customers signal intent to move, but operational dependency and integration overhead slow actual migration.
Bottom line
The data suggests a widening performance gulf– AI-forward platforms are compounding momentum, while legacy players face accelerating decay. In our view, CISOs should lean into suppliers that demonstrate wither sustained Net-Score performance and/or a large presence in the data set. Look for a credible AI roadmap, while proactively planning sunset strategies for products mired below zero Net-Score. Investors, likewise, should overweight innovation leaders and treat legacy names as value traps unless credible turnaround catalysts emerge.
Cyber Budgets “Shift Right” but Firms Keep Spending
Growth Persists, but the Curve Is Bending Downward
The chart above shows year-over-year shifts in cybersecurity-budget projections from security buyers. The bars on the left show declining shares of organizations planning ≥ 15% or 10–15 % increases, while the 1–5%-increase and “stay the same” categories both tick higher. A small segment on the far right represents outright budget cuts, which remain rare. An inset box highlights the leading investment drivers: Cloud security (58%), LLM & Gen-AI protection (just above 50%), followed by detection & response and vulnerability management.
Our research indicates that security spending is still expanding, but the momentum is somewhat moderating as macro caution sets in—especially among the largest enterprises.
Key takeaways
Metric
2024 survey
2025 survey
Delta
Interpretation
Organizations increasing security budgets
87%
80%
-7 pp
Growth remains broad-based but is no longer accelerating.
Fortune 500 planning to decrease spend
0%
7%
+7 pp
Belt-tightening begins at the top of the food chain.
Mid-market (≈$100 M–$1 B rev) increasing budgets
N/A
97 %
–
Mid-size firms are still in aggressive catch-up mode.
Global 2000 keeping budgets flat
Highest cohort
–
Emphasizes “wait-and-see” posture among the very largest organizations.
Shift-right budgeting. Firms are moving from double-digit to low-single-digit growth bands, signalling prudence rather than retreat.
Cloud and Gen-AI are sucking the oxygen out of the room. Together they dominate incremental spend, validating vendors that can secure multicloud estates and protect AI pipelines.
Fortune 500 as an early warning signal. A 7% cut-intent rate may indicate broader caution if macro or midterm election-year uncertainty intensifies.
Mid-market resilience. Smaller enterprises continue to ramp security outlays, offsetting softness at the very top end.
F100 (N=35) firms continue to spend at accelerated rates.
Bottom line
We believe the data confirms a transition from “budget expansion by default” to “targeted growth with sharper ROI scrutiny.” Security remains one of the last protected line items, but even this category is not immune to macro gravity. Vendors must align roadmaps to the two clear budget magnets—cloud-native/multi-cloud protection and Gen-AI risk management—while proving they can consolidate tooling and lower total cost of ownership in an environment where every percentage point of growth now counts.
Priority Stack-Rank– Where Security Dollars Accelerate Fastest
The graphic below displays a horizontal bar chart ranking security domains by “accelerated-spending score”—a metric derived from ETR applying a MaxDiff survey exercise. The bars read, in descending order: Vulnerability Management, Identity Security, Data Security, Endpoint Security, Cloud Security, and finally DevSecOps.
How ETR Built the Ranking
Our research partner ETR employed a Maximum-Difference (MaxDiff), pre-conjoint technique:
Random fours. Each of the 500 CISOs surveyed saw repeated sets of four security domains.
Forced choice. In every set, respondents selected the domain they would prioritize highest and lowest.
Statistical inference. Aggregating thousands of these “lifeboat” decisions yields a best-worst score that surfaces true relative priorities—far more reliably than simple rating scales.
Rather than asking the respondents to rate, or even worse, rank a large number of choices, this technique produces more accurate results by forcing buyers to thoughtfully consider tradeoffs.
Zero-trust imperatives and SaaS sprawl keep identity at the center of every breach model.
3
Data Security
Mid-50s
Rising data-residency rules and AI-driven classification push this higher each quarter.
4
Endpoint Security
Mid-50s (tie with Data/Cloud)
Remote-work persistence sustains endpoint investments, but growth is moderating.
5
Cloud Security
Mid-50s
Multi-cloud complexity and CNAPP adoption drive steady—but not runaway—spend.
6
DevSecOps
Low-40s
CNAPP consolidation is cannibalizing stand-alone DevSecOps tooling budgets.
Source: ETR, April 2025
Analyst Angle
Defense in depth, reprioritized. In our view, boards are shifting from “detect and respond” toward pre-exploit hardening (vulnerability management) and identity assurance—the two control planes adversaries exploit most.
CNAPP effect. Cloud-native application-protection platforms bundle runtime, shift-left, and IaC (infrastructure-as-code) security, eroding the standalone DevSecOps market—an early sign of vendor consolidation.
AI’s downstream pull. Data-security’s surge owes partly to enterprises racing to safeguard training sets and prompt streams feeding Gen-AI workloads.
Bottom line
The MaxDiff exercise cuts through “everything is critical” noise or “rank tedium” and exposes genuine budget gravity. We believe vendors that demonstrably reduce vulnerability backlogs or deliver identity-centric zero-trust outcomes will command disproportionate share of incremental dollars in 2025, while niche DevSecOps suppliers must pivot toward broader CNAPP value propositions—or face spend stagnation.
Tools Creep Shows Signs of a Plateau—Early Consolidation Evidence at the Top End
The chart below compares year-over-year responses to the question: “How will the number of security vendors in your stack change over the next 12 months?” The bars show three categories—Increase, Stay the Same, Decrease. The share planning to increase fell sharply (from ≈35 % to ≈18 %), stay the same climbed correspondingly, while decrease held flat at 9 %.
Our research indicates that organizations have hit the pause button on incessantly adding more point tools. While outright vendor reduction remains uncommon overall, early evidence of “platformization” is emerging inside the world’s largest enterprises.
Key takeaways
Segment
Increase
Stay the Same
Decrease
Interpretation
All respondents (n≈500)
↓ to 18%
↑
9% (unchanged)
Tool acquisition wave has stalled; consolidation not yet broad-based.
Global 2000
31% plan to increase
—
16% will decrease
Large, regulated firms are spearheading vendor rationalisation.
Fortune 500
—
—
14% decrease
Belt-tightening plus platform strategy converge in the very largest enterprises.
SMB (<1 k employees)
3% decrease
Majority flat
—
Smaller firms still favor niche add-ons or MSSPs over rip-and-replace.
Source: ETR, April 2025
Bottom line
The data suggests tools creep is no longer accelerating, and the largest organizations are beginning to rationalize overlapping products in favor of consolidated platforms or managed services. We believe vendors that can demonstrate tangible reductions in operational complexity, analyst workload, and total cost of ownership will capture disproportionate gains as this consolidation narrative evolves.
“Best of Breed” Sentiment Slumps—But the Story Is More Nuanced Than Headlines Suggest
The bar-chart below compares two survey periods on the statement “We follow a best-of-breed strategy—selecting the single best cybersecurity tool in every category.” The share of respondents agreeing with that stance plunges from ≈35 % last year to ≈18 % this year. Additional answer options introduced this year—most notably “We are shifting to an MSSP or partner-led model”—capture a meaningful portion of the delta.
What’s driving the 35% → 18% drop?
Factor
Evidence
Our interpretation
Option set expanded
New choices (e.g., MSSP/partner) siphoned votes.
The comparison is directionally valid but not perfectly apples-to-apples.
Platformization narrative gaining mindshare
Respondents could still choose best-of-breed—and fewer did.
Signals genuine interest in consolidation or outsourced operations.
Operational overload
Among the 46 respondents actively decreasing vendors, 76 % cite “simplify the stack” as the motive.
Tool proliferation is hitting an admin/productivity ceiling.
Source: ETR, April 2025
Segment-level nuances
Global 2000 & Fortune 500 respondents show the sharpest pivot away from best-of-breed, aligning with earlier findings that they lead vendor-reduction initiatives.
Mid-market and SMBs still skew toward point solutions, likely due to narrower use-case scope and less negotiating leverage with mega-platform vendors.
MSSP/partner uptick. A sizeable slice of the former best-of-breed camp now favours co-managed or fully managed security, reflecting talent shortages and 24×7 coverage requirements.
Analyst Angle
In our opinion, Nikesh Arora’s proclamation of “the end of best of breed” captures the direction of travel, but not the destination—yet. The data reveal a meaningful sentiment shift, albeit influenced by survey-design changes. Enterprises are re-evaluating whether they can:
Staff and integrate dozens of point tools economically, and
Extract full value from those investments in the face of alert fatigue and AI-driven automation gaps.
Bottom line
We’re not ready to declare BoB dead. However, the substantial reduction in self-declared best-of-breed strategies—from roughly one-third to less than one-fifth of respondents—adds weight to the platform-and-partner consolidation narrative. We believe the ultimate winners will be vendors (and MSSPs) that demonstrate more facile integration, unified policy management, and AI-enabled correlation across domains—delivering security outcomes that match or exceed what a DIY mosaic of point tools once promised.
Thought Exercise: “If You Could Start Over” — What CISOs Want Most in a Re-Imagined Stack
The following chart ranks answers to the open-ended prompt: “If you could completely rebuild your cybersecurity stack, which single product or vendor would you prioritize first?” The first and largest bar is labeled “Features” —indicating functionality rather than a specific supplier. The next bars list vendors in order: Microsoft (Azure Security Suite), CrowdStrike, Other / Not Sure, Palo Alto Networks, Cisco, Fortinet, SentinelOne, Zscaler, AWS, Wiz, Splunk, Okta, with all remaining names at ≤ 1 percent. In the insert, we show the features most desired in the first bar.
Why “features” tops the list
Desired capability
Typical wording in write-ins
Our readout
Identity & MFA
“MFA,” “Identity,” “Identity access control”
Identity is now viewed as the foundational control plane—confirming its No. 2 ranking in the earlier priority stack-rank chart.
EDR / XDR “platform”
“Full XDR platform,” “Single pane of glass,” “One complete platform”
CISOs crave consolidation that reduces alert fatigue and tool sprawl.
Platform > Point Tool. The fact that the No. 1 “vendor” is actually a feature set underscores a shift away from brand loyalty toward outcome-centric purchasing. Identity, MFA, and unified XDR platforms are viewed as the structural foundation of a modern stack.
Microsoft’s ascent is real. Across every ETR cut—spending intent, Net Score, and this “clean-sheet” question—Microsoft now ranks at or near the top, validating Redmond’s pivot from reactive patcher to proactive platform leader.
CrowdStrike’s goodwill persists. Even with replacement intent lingering at 10 percent, CISOs still name CrowdStrike when imagining a fresh start, signaling trust in its innovation cadence.
Consolidation subtext. Frequent use of phrases like “single pane of glass” and “complete platform” reflects acute fatigue with operating dozens of discrete consoles—strengthening the case for vendors that can stitch controls together natively.
AWS as a Security Vendor. Unlike Microsoft, and increasingly Google with Mandiant and potentially Wiz, AWS does not currently monetize security in an aggressive way. This is appealing for many ecosystem partners like CrowdStrike because it leaves plenty of room to add value. As AWS increasingly moves “up stack” toward solutions and software we’ll watch to see if this posture changes.
Bottom line
The data suggests that if CISOs were granted a do-over, they would build around three pillars– better identity controls, an integrated EDR/XDR platform, and automated vulnerability remediation. Vendors capable of delivering those capabilities as part of a cohesive, cloud-ready suite—rather than a patchwork of standalone tools—are best positioned to command strategic, stack-defining real estate in the next security refresh cycle.
Perceived Innovation: CrowdStrike Leads a Diverse Pack
The bar chart below answers the prompt, “Which cybersecurity vendor do you consider most innovative?” Leading responses are CrowdStrike (~35%), Other / Not Sure, Palo Alto Networks, Microsoft, Cisco, Fortinet, followed by a second tier that includes Zscaler, SentinelOne, Wiz, Arctic Wolf (MSSP), Cloudflare, and Darktrace; all remaining vendors register 1 % or less.
What the data tells us
Rank
Vendor
Share of write-ins
Interpretation
1
CrowdStrike
~35 %
Despite July-19 fallout and a dip in Net Score, practitioners still view Falcon as the cutting edge of endpoint/XDR.
2
Other / Not Sure
High teens
Indicates market fragmentation and that innovation is coming from a long tail of specialists.
3
Palo Alto Networks
Low teens
Continues to impress with rapid product cadence and platform vision.
4
Microsoft
Just under Palo Alto
Perceived as a broad platform rather than the tip of the spear for innovation—consistent with its “rebuild-the-stack” appeal.
5-7
Cisco, Fortinet, Zscaler
High single digits
Each leverages network or SSE heritage to deliver incremental innovation.
Notable mention
Arctic Wolf
Mid single digits
Rare for an MSSP to rank; reflects appeal of service-wrapped innovation, buoyed by the Cylance acquisition.
Source: ETR, April 2025
Key insights
Perception and spend intent diverge. CrowdStrike tops innovation mindshare even as 10% of respondents still signal potential replacement—suggesting efficacy and great product trump recent operational missteps.
Platform vs. pure innovation. Microsoft dominates “rebuild your stack” scenarios but trails CrowdStrike and Palo Alto on the innovation question, underscoring the difference between comprehensive coverage and bleeding-edge tech.
Service-led disruptors. Arctic Wolf’s showing highlights SMB demand for outsourced SOC expertise; MSSP bundling (e.g., Cylance endpoint) competes on “good-enough” functionality plus managed outcomes.
Long-tail vitality. The sizable “Other” category implies that emerging vendors and niche players continue to push the envelope, keeping incumbents on their toes.
Bottom line
Our research indicates that innovation leadership and platform dominance are no longer mutually exclusive—CrowdStrike, Palo Alto, and Microsoft each claim a different dimension of the narrative. We believe buyers should benchmark vendors on both axes– cutting-edge capability (to stay ahead of adversaries) and integrated breadth (to control operational complexity). Meanwhile, MSSPs like Arctic Wolf remind us that, for resource-constrained organizations, consuming innovation as a service can be just as compelling as owning the latest tool outright.
RSAC Watch-List: Five Questions that Will Shape the 2025 Security Narrative
The closing slide below lists five questions theCUBE will track during its four-day live coverage at RSAC.
Will AI force a cybersecurity do-over?
What prerequisites are needed for agentic data integration?
How fast is security platformization really happening?
What does Google’s $32 B Wiz deal mean for cloud-security dynamics—and how will AWS respond?
How are geopolitical tensions reshaping cybersecurity strategies worldwide?*
Our research agenda and early hypotheses.
Question
Why it matters
Initial take
1. AI as a “do-over”
Palo Alto founder Nir Zuk contends GenAI renders legacy architectures obsolete; defenders must “fight AI with AI.”
We believe AI is an accelerant, not a clean-slate reboot—yet autonomous, agent-based defenses will quickly expose technical debt in aging stacks.
2. Agentic data integration
As Jon Oltsik notes, there’s a gap between AI hype and reality. Agentic collapses without clean, governed data.
Expect vendors pushing unified telemetry pipelines and security data lakes (e.g., Splunk, Microsoft, AWS) to dominate the conversation.
3. Pace of platformization
Survey data show tool-count growth has stalled; Global 2000s are leading vendor rationalization.
We’ll probe CISOs and CEOs to gauge whether “best of breed” is truly fading or simply evolving into API-driven ecosystems.
4. Google × Wiz ripple effect
A $32 B price tag signals Google’s intent to monetize security more aggressively à la Microsoft.
The acquisition could redraw CNAPP competitive lines and rekindle M&A across cloud security; AWS’s response—bake-in vs. buy-in—will be intriguing.
5. Geopolitical tension
43% of organizations already shifted budgets due to rising geopolitical conflict risk.
We expect expanded discussion of OT/critical-infrastructure hardening, sovereign cloud controls, and cyber-insurance premiums.
CEO, CISO, and practitioner series. Live interviews will stress-test vendor claims against ETR spending data and practitioner reality.
Agentic AI demos. We’ll look for evidence of bots-defending-against-bots capabilities that move beyond marketing theater.
MSSP momentum. Arctic Wolf’s appearance in the “most innovative” poll hints at growing appetite for service-wrapped security—especially among SMBs.
Google–Wiz fallout. We’ll press Google execs on integration timelines and probe whether enterprises worry about data sovereignty under Alphabet ownership.
Bottom line
In our opinion, like the fragmented market, RSAC 2025 will pivot on many themes. The one we think is most compelling is automation at scale—powered by AI, validated by data, and anchored in consolidated platforms. We’ll be on-site all week, separating signal from noise and updating these hypotheses in real time. Tune in or stop by in person to theCUBE’s wall-to-wall coverage (Monday–Thursday, Moscone West Media Row) for live analysis, practitioner insight, and fresh ETR data drops.
All statements made regarding companies or securities are strictly beliefs, points of view and opinions held by SiliconANGLE Media, Enterprise Technology Research, other guests on theCUBE and guest writers. Such statements are not recommendations by these individuals to buy, sell or hold any security. The content presented does not constitute investment advice and should not be used as the basis for any investment decision. You and only you are responsible for your investment decisions.
Disclosure: Many of the companies cited in Breaking Analysis are sponsors of theCUBE and/or clients of Wikibon. None of these firms or other companies have any editorial control over or advanced viewing of what’s published in Breaking Analysis.
David Vellante
David Vellante is co-CEO of SiliconANGLE Media, as well as co-founder and Chief Analyst at theCUBE Research, the world’s leading open source technology research community.
Dave is a long-time tech industry analyst, entrepreneur, writer and speaker. As co-host of theCUBE – “The ESPN of Tech,” Vellante has interviewed over 5,000 experts since 2010. He is also a co-founder of CrowdChat, an angel funded startup based in Palo Alto using big data techniques to extract business value from social data.
Prior to these exploits, Dave founded a CIO consultancy and spent a decade growing and managing IDC’s largest business unit. He lives in Massachusetts with his wife and four children where he is active in town activities including serving as the president of his town’s local “Kiddie Sports” association. Dave holds a B.S. in Applied Mathematics from Union College.
