What You Missed on the Expo Floor
Key Moves in Network Security at Black Hat USA 2025:
- OPSWAT showcased its critical infrastructure protection solutions.
- Cloudflare emphasized its unified, AI-powered security platform.
- Corelight showcased its Open NDR platform with AI-powered triage and incident response.
- Vectra AI highlighted its Security AI platform to detect attacker behaviors across network, identity, cloud, and IoT/OT environments.
- Fortinet demoed its unified SOC platform with AI-driven network analytics.
Network security was front and center at Black Hat USA 2025, with vendors and researchers focused on defending increasingly complex, hybrid environments. From AI-powered threat detection to encrypted traffic visibility, the expo floor was packed with innovations aimed at securing the modern enterprise network.
Our team was on the ground throughout the event—attending keynotes, sitting in on panel discussions, and speaking directly with solution providers and CISOs. The conversations revealed a clear shift: Network security is no longer just about perimeter defense. It’s about deep visibility, real-time analytics, and adaptive controls across distributed infrastructure.
Here are some key themes from the show that stood out:
Open NDR and Encrypted Traffic Visibility: Corelight’s Expansions
Corelight launched new integrations for its Open NDR platform, enabling analysts to detect threats in encrypted traffic and DNS tunneling. Theater sessions with partners explored how enriched network evidence accelerates incident response and improves SOC efficiency.
Corelight’s message was simple but powerful: “The truth is in the packets.” Their platform helps security teams see what traditional tools miss, especially in environments where encryption obscures malicious activity.
Unified SOC and Network Analytics: Fortinet’s Fabric in Action
Fortinet drew crowds with its Security Fabric Theater, where it showcased its unified SOC platform. The system combines centralized analytics, AI-driven response, and real-time visibility across hybrid networks. Fortinet’s demos highlighted how its platform secures users, applications, and infrastructure from data center to edge.
Sessions on continuous threat exposure management (CTEM) and insider risk emphasized the importance of proactive network monitoring. Fortinet also addressed the rise of polymorphic malware and deepfake-driven social engineering, urging defenders to rethink how network telemetry is used in detection.
AI-Native Network Defense: Cisco’s Hypershield and Talos Insights
Cisco made a strong showing with its AI-native Hypershield platform, designed for hyper-distributed protection across cloud, edge, and on-prem environments. Hypershield integrates with Cisco Talos threat intelligence and XDR, enabling real-time response to network anomalies and malware. Cisco also played a key role in the Black Hat Network Operations Center (NOC), providing DNS filtering, malware analysis, and network observability.
Talos experts hosted multiple sessions, including threat briefings on GenAI abuse and automated ransomware recovery. Their message was clear: Network defense must evolve to counter AI-driven threats, and visibility is the foundation of resilience.
SASE and Zero Trust Expansion: HPE’s Unified Networking Portfolio
HPE unveiled its first unified networking portfolio since acquiring Juniper Networks. The highlight was the new SASE Copilot for HPE Aruba Networking EdgeConnect, which uses AI to analyze network activity, identify security gaps, and enforce zero trust policies across devices and users.
HPE also introduced expanded NAC capabilities and AppEngine integration for real-time app classification and risk-based policy enforcement. These updates reflect a broader trend toward converged networking and security, where visibility and control are unified under a single platform.
What We Heard in the Hallways
“AI is changing how attackers move. Our SOC has to move faster.”
—Carl Windsor, CISO, Fortinet
Why It Matters
Network security is undergoing a transformation. The perimeter is porous, the traffic is encrypted, and the threats are automated. The vendors at Black Hat USA 2025 responded with platforms that prioritize visibility, speed, and intelligence.
The takeaway for BDMs and TDMs: Network security must be adaptive, AI-aware, and deeply integrated across the stack. Whether it’s through open NDR, unified SOCs, or SASE copilots, the future of network defense is proactive and precise.
As connections multiply, so do the risks. Check out our list of top network security solution providers for some best practices.
