RSA 2025 Recap: The Missing Link in Exposure Management

  • Date: May 02, 2025
  • Read time: 4 minutes

I recently attended the RSA 2025 Conference, and like many in the cybersecurity space, I was eager to see where the industry is heading. As I walked the expo floor, surrounded by hundreds of vendors each with a unique spin on threat prevention, one trend stood out above all: exposure management is officially the new vulnerability management.

Almost every vendor was echoing a similar theme—reducing vulnerability and exposure risk through smarter prioritization. Their strategy? Aggregate data from tools like endpoint protection, vulnerability scanners, and network telemetry, then correlate it to identify the most likely attack paths. On paper, this makes sense. But something critical was missing.


Attack Path to What?

In conversation after conversation, I kept hearing about the “likely attack path.” But none of the vendors could answer a fundamental question: attack path to what?

It was like reading a novel that builds tension, only to omit the final chapter. Here’s how those conversations typically went:

  • Me: “So you map the likely attack path to a host. But what about the data attack path? Isn’t the actual target of every breach the data?”
  • Vendor: “That’s a great point.”
  • Me: “What do you know about data attack paths—like dataset sensitivity or user access from that compromised host?”
  • Vendor: “We don’t have a data source for that.”
  • Me: “Isn’t data the real crown jewel?”
  • Vendor: “Yes, absolutely. That makes complete sense.”

And just like that, a blind spot was exposed. Every product had a method to prioritize risk based on infrastructure—but none on the data itself.


Introducing the Data Attack Path

At this point, I would explain how our product at Superna approaches exposure from the data layer outward. We’ve developed a patented data risk scoring engine that correlates:

  • Host vulnerabilities
  • Data classification sensitivity
  • User access behavior
  • Permission and protection status

All of this feeds into our patented AI-driven prediction model. The result? A manageable, focused remediation plan with one clear objective: protect the data.

We recently launched our Data Attack Surface Manager to solve exactly this problem. You can read more about the announcement in our press release here.

Vendor reactions were nearly unanimous:

“Wow, that’s very cool. I didn’t even know this was possible. I can definitely see how this fills a huge gap.”

It’s time we stop focusing only on securing endpoints and networks, and start managing exposure with the data in mind.


Security Industry Theme #2: Defensive by Default

The second theme that became clear during RSA 2025: cybersecurity remains largely reactive. Here are my takeaways from walking the floor:

  1. Almost no vendors are applying security at the data layer.
  2. Most tools focus on reporting issues, not fixing them.
  3. The entire ecosystem is heavily defensive, rarely offensive.
  4. Data recovery is an afterthought—handled by backup, not security.
  5. Backup ≠ security. Backups are the Plan B after security fails.
  6. Incident response is siloed—manual, slow, and uncoordinated.
  7. There’s a lack of automated, cross-layer response orchestration.

We need a fundamental shift.


A Vision for Coordinated Offense

The future of cybersecurity lies in coordinated, multi-layer response. Imagine a world where:

  • Threat intelligence is shared in real-time across endpoint, network, and storage.
  • Detection at any layer triggers mitigation across all others.
  • The system predicts blast radius impacts to data before an attack spreads.
  • Incident response is automated, precise, and executed across the full stack.

At Superna, our mission is to make this a reality. We’re building integrated response capabilities with leading vendors to ensure every layer—host, network, and storage—can detect, respond, and protect data in unison.

In the coming weeks, I’ll share more details about how we’re delivering this vision to customers.

Final Thoughts

RSA 2025 showed that the cybersecurity industry is evolving—but it’s not evolving fast enough in the right direction. If we want to stay ahead of threats, we must stop looking only at how an attacker gets in, and start thinking about what they’re really after: our data.

It’s time to bring the data layer into the exposure conversation. Let’s finish the story—and close the blind spot.