What You Missed on the Expo Floor
Key Moves in Data Security at Black Hat USA 2025:
- Black Duck emphasized the need to operate at the speed of AI. It also recently launched the Black Duck Security GitHub App.
- Thales debuted File Activity Monitoring for unstructured data and GenAI insights.
- Varonis showcased Snowflake misconfiguration detection and Postgres RCE chaining.
- HPE unveiled Alletra X10000 for ultra-fast enterprise backup and recovery.
- Cyera demoed Dataverse ONE for real-time sensitive data governance.
Data security was a headline theme at Black Hat USA 2025, with vendors and researchers focused on protecting sensitive information across hybrid, multi-cloud, and AI-driven environments. From insider risk to ransomware recovery, the show highlighted how data protection is evolving to meet the demands of scale, speed, and complexity.
Our team was on the ground throughout the event—attending keynotes, sitting in on panel discussions, and speaking directly with solution providers and CISOs. The conversations made one thing clear: Data security is no longer just about encryption and access control. It’s about visibility, automation, and resilience across the entire data lifecycle.
Here are some key themes from the show that stood out:
AI-Native DSPM
AI-native DSPM emerged as a critical layer in modern data security architecture, designed to keep pace with the scale and complexity of today’s digital environments.
BigID introduced new AI-native capabilities to its Data Security Platform, including automated discovery of Shadow AI risks, insider threat detection, and privacy-aware classification. The platform now supports real-time policy enforcement across structured and unstructured data, helping teams stay ahead of emerging threats.
Cyera showcased its Dataverse ONE experience, where attendees could interact with its AI-native data governance engine. The platform offers deep visibility into sensitive data across cloud environments and integrates with AI workflows to ensure compliance and control. Cyera’s booth was one of the most visited in the Business Hall, reflecting growing interest in DSPM tools that go beyond scanning and reporting.
Insider Risk and Misconfigurations
Across the Business Hall, insider risk and misconfigurations remained persistent challenges in securing cloud and data infrastructure, often serving as entry points for advanced threats.
Varonis delivered one of the most hands-on experiences at the show with its Operation: Frostbyte CTF, simulating real-world attacks on Snowflake environments. The company also presented research on CVE-2024-10979, a Postgres RCE vulnerability that can be chained with other flaws to compromise cloud-hosted databases.
Their session on authentication failures highlighted how even advanced methods like MFA are being bypassed, and why post-authentication monitoring is critical. Varonis emphasized the need for continuous data access auditing and anomaly detection to catch insider threats before they escalate.
Encryption and Real-Time Monitoring
As encryption and real-time monitoring become a foundational aspect of securing dynamic data flows and application logic, there was a noticeable push toward continuous visibility and intelligent response across both file systems and APIs.
Thales unveiled File Activity Monitoring (FAM), a new solution for tracking access to unstructured data in real time. FAM integrates GenAI-powered analytics to surface unusual behavior, such as unauthorized downloads or privilege escalation.
Thales also demoed its unified API security platform, which now includes real-time BOLA (Broken Object Level Authorization) detection and response. This closes a critical gap in protecting business logic and sensitive data exposed via APIs, especially in AI-driven applications.
Resilience and Recovery
Resilience and recovery gained urgency as organizations confront increasingly disruptive cyberattacks, particularly ransomware.
HPE made headlines with its launch of the Alletra Storage MP X10000, a modern data protection solution optimized for ultra-fast backup and restore. The system achieves up to 1.2 petabytes per hour in backup speed, nearly double its closest competitor.
HPE also announced a new integration hub for Zerto, enabling third-party cybersecurity platforms like CrowdStrike to trigger automated recovery workflows. This combination of threat detection and instant rollback helps organizations minimize downtime and data loss during ransomware attacks.
What We Heard in the Hallways
“We’re seeing attackers chain misconfigurations like never before. Visibility is everything.”
—Brian Vecci, Field CTO, Varonis
“Recovery speed is the new metric. If you can’t restore in minutes, you’re exposed.”
—David Hughes, SVP & GM, SASE & Security, HPE
Why It Matters
Data security is a cross-functional discipline that touches identity, cloud, AI, and compliance. The innovations at Black Hat USA 2025 reflect a shift toward proactive, intelligent, and resilient data protection strategies.
The message for BDMs and TDMs: Protecting data means understanding it, monitoring it, and being ready to recover it instantly. Whether it’s through AI-native DSPM, real-time encryption analytics, or ultra-fast backup platforms, the future of data security is integrated, automated, and built for scale.
Data is currency, intelligence, and risk all at once. See our curated guide to leading Data Security providers.
