Skip to main content
Support & Service Contact Us
  • Integrations
  • Reseller Partners
    • Schedule a Demo
    Products
    Products
    Data Security Essentials
    Data Security Edition
    Disaster Recovery Edition
    Data Attack Surface Manager
    Enterprise AirGap
    Solutions
    Solutions
    Use Cases
    Use Cases
    Data Protection & Security
    Data Discovery & Compliance
    Data Backup & Archive
    Cyber Attack Defense
    Storage Infrastructure Optimization
    Ransomware Defense
    Cyber Vault
    Smart Archive
    Verticals
    Verticals
    Financial Services
    Healthcare
    Manufacturing
    Media & Entertainment
    Public Sector
    Platforms
    Platforms
    Superna for AWS
    Superna for Dell
    Superna for Hitachi
    Superna for NetApp
    Superna for Pure
    Superna for Qumulo
    Superna for VAST
    Superna for Windows
    Integrations
    Integrations
    AWS Security Hub
    Google Chronicle
    CrowdStrike
    Microsoft Defender XDR
    Palo Alto Networks
    QRadar
    Rapid7
    SentinelOne
    ServiceNow
    Splunk
    Tenable
    Trend Micro
    Vectra
    Reseller Partners
    Reseller Partners
    Partners
    Become A Partner
    Company
    Company
    About
    Why Superna
    Events
    Newsroom
    Services
    Failover Support Observer
    Resources
    Resources
    Resource Center
    Customer Testimonials
    Documentation Portal
    Support & Service Contact Us
    Schedule a Demo

    RSA 2025 Recap: The Missing Link in Exposure Management

    • Date: May 02, 2025
    • Read time: 4 minutes
    Andrew MacKay
    Chief Technology & Strategy Officer

    I recently attended the RSA 2025 Conference, and like many in the cybersecurity space, I was eager to see where the industry is heading. As I walked the expo floor, surrounded by hundreds of vendors each with a unique spin on threat prevention, one trend stood out above all: exposure management is officially the new vulnerability management.

    Almost every vendor was echoing a similar theme—reducing vulnerability and exposure risk through smarter prioritization. Their strategy? Aggregate data from tools like endpoint protection, vulnerability scanners, and network telemetry, then correlate it to identify the most likely attack paths. On paper, this makes sense. But something critical was missing.

    Attack Path to What?

    In conversation after conversation, I kept hearing about the “likely attack path.” But none of the vendors could answer a fundamental question: attack path to what?

    It was like reading a novel that builds tension, only to omit the final chapter. Here’s how those conversations typically went:

    • Me: “So you map the likely attack path to a host. But what about the data attack path? Isn’t the actual target of every breach the data?”
    • Vendor: “That’s a great point.”
    • Me: “What do you know about data attack paths—like dataset sensitivity or user access from that compromised host?”
    • Vendor: “We don’t have a data source for that.”
    • Me: “Isn’t data the real crown jewel?”
    • Vendor: “Yes, absolutely. That makes complete sense.”

    And just like that, a blind spot was exposed. Every product had a method to prioritize risk based on infrastructure—but none on the data itself.

    Introducing the Data Attack Path

    At this point, I would explain how our product at Superna approaches exposure from the data layer outward. We’ve developed a patented data risk scoring engine that correlates:

    • Host vulnerabilities
    • Data classification sensitivity
    • User access behavior
    • Permission and protection status

    All of this feeds into our patented AI-driven prediction model. The result? A manageable, focused remediation plan with one clear objective: protect the data.

    We recently launched our Data Attack Surface Manager to solve exactly this problem. You can read more about the announcement in our press release here.

    Vendor reactions were nearly unanimous:

    “Wow, that’s very cool. I didn’t even know this was possible. I can definitely see how this fills a huge gap.”

    It’s time we stop focusing only on securing endpoints and networks, and start managing exposure with the data in mind.

    Security Industry Theme #2: Defensive by Default

    The second theme that became clear during RSA 2025: cybersecurity remains largely reactive. Here are my takeaways from walking the floor:

    1. Almost no vendors are applying security at the data layer.
    2. Most tools focus on reporting issues, not fixing them.
    3. The entire ecosystem is heavily defensive, rarely offensive.
    4. Data recovery is an afterthought—handled by backup, not security.
    5. Backup ≠ security. Backups are the Plan B after security fails.
    6. Incident response is siloed—manual, slow, and uncoordinated.
    7. There’s a lack of automated, cross-layer response orchestration.

    We need a fundamental shift.

    A Vision for Coordinated Offense

    The future of cybersecurity lies in coordinated, multi-layer response. Imagine a world where:

    • Threat intelligence is shared in real-time across endpoint, network, and storage.
    • Detection at any layer triggers mitigation across all others.
    • The system predicts blast radius impacts to data before an attack spreads.
    • Incident response is automated, precise, and executed across the full stack.

    At Superna, our mission is to make this a reality. We’re building integrated response capabilities with leading vendors to ensure every layer—host, network, and storage—can detect, respond, and protect data in unison.

    In the coming weeks, I’ll share more details about how we’re delivering this vision to customers.

    Final Thoughts

    RSA 2025 showed that the cybersecurity industry is evolving—but it’s not evolving fast enough in the right direction. If we want to stay ahead of threats, we must stop looking only at how an attacker gets in, and start thinking about what they’re really after: our data.

    It’s time to bring the data layer into the exposure conversation. Let’s finish the story—and close the blind spot.

    Featured Resources

    BLOGS

    Redefining Data Security: Moving Beyond Legacy Products

    Legacy vendors like Varonis continue to promote a fragmented approach to data protection — separating DLP, classification, and UBA into
    Read More
    BLOGS

    Why Cyberstorage Built into Hardware Is a Security Dead End

    Imagine buying a new laptop because it comes with built-in antivirus software. Sounds absurd, right? Yet this is the flawed
    Read More
    BLOGS

    Data Attack Surface Management (DASM) – Redefining how data should be protected

    Superna Leads the Future of Data Security In 2016, Superna pioneered a new frontier in cybersecurity with the creation of
    Read More