it-sa Expo&Congress 2025: Zero Trust, NIS2 Readiness, and AI-Driven Defense

Passwordless and MFA positioned as default controls supported by SSO standardization and FIDO2 alignment

Privileged access hardening framed as operational risk reduction with policy automation and tighter just-in-time access

Identity threat detection tied to directory hygiene and continuous posture scoring across hybrid estates

Consolidation narrative around unified identity platforms and API-first hooks into SaaS and cloud estates

Customer enablement emphasized through hands-on demos and reference architectures for rapid rollout

NIS2 mapped to practical control sets and audit readiness with templates, workflows, and gap tracking

ISO 27001 alignment embedded into ticketing and policy lifecycles with evidence capture and reviewer signoff

Risk registers connected to asset and vulnerability data for live risk scoring and board-friendly reporting

Regulatory coverage extended to sector specifics with playbooks and auditor-facing exports

Automation pitched for recurring attestations, exceptions, and escalations to reduce manual overhead

Asset discovery extended beyond IT into PLC and SCADA with passive fingerprinting and safe interrogation

Network segmentation and anomaly detection framed for brownfield plants with low disruption rollout plans

Playbooks connected plant alarms to SOC workflows with clear handoffs between OT and IT responders

Supplier and maintenance access governed through time-bound credentials and session recording

Emphasis on standards-minded deployments for critical infrastructure and regulated manufacturing

ZTNA and SASE positioned as direct VPN replacement with identity-aware policies and device signals

CNAPP and CSPM stitched into CI and runtime to close misconfigurations and exposed services

Data-aware controls added to microsegmentation and access paths to enforce least privilege at scale

Integrations showcased via API catalogs and event streams feeding SIEM, ticketing, and ITSM

Reference architectures highlighted for hybrid connectivity and phased migration patterns

Ransomware resilience centered on immutable backups, clean room recovery, and rapid blast radius assessment

Key management, tokenization, and encryption used to enforce data minimization and safe sharing

DLP repositioned around context-aware policies spanning endpoints, email, SaaS, and cloud storage

Backup platforms added ransomware detection and automated restore testing to prove recoverability

Regulatory reporting supported by retention policies and tamper-evident audit trails

Intelligence feeds operationalized into detection pipelines with curated IOCs and behavior-driven analytics

Hunt workflows combined endpoint telemetry, identity events, and network traces for proactive discovery

Incident response playbooks templated for containment, forensics, and communications with clear RACI

Malware analysis insights distilled into YARA, Sigma, and threat hunt packages for reuse

Knowledge bases and case timelines structured for auditor-ready post-incident documentation

EDR tuned for signal-to-noise with behavioral detection and automatic containment on high-confidence events

Device posture checks routed to identity and network policies for dynamic access decisions

Vulnerability and configuration drift prioritized with guided remediation and maintenance windows

Offline protections and rollback emphasized for ransomware and destructive payloads

Unified agent stories positioned to reduce agent sprawl and simplify lifecycle management

Secure email gateways layered with impersonation, BEC, and payload detonation controls for modern lures

Web and DNS controls enforced acceptable use and command-and-control disruption at scale

Firewall and IDS capabilities aligned to app identity and user context for policy clarity

Threat intel sharing automated between perimeter, endpoint, and SIEM to tighten feedback loops

Post-delivery remediation workflows showcased for rapid purge and user safety prompts

SBOM generation and policy gates integrated into CI to block vulnerable components early

SAST, DAST, and SCA combined into unified findings with developer-ready fixes and prioritization

Secrets scanning and IaC checks enforced pre-commit and in pipelines to prevent drift

Runtime protection and API security added for microservices with positive security models

Developer enablement delivered via IDE plugins, secure blueprints, and paved road patterns

Content packs and use case libraries accelerated onboarding with mapped detections and KPIs

SOAR runbooks codified repetitive tasks and evidence handling to reduce MTTR

XDR tied identity, endpoint, email, and network signals into correlated incident stories

Cost and scale managed through data tiering, targeted ingestion, and lake integrations

Outcome metrics communicated through executive dashboards focused on dwell time and containment

Service tiers framed around measurable outcomes with clear SLAs and named playbooks

Co-managed models provided transparency with shared consoles and evidence-level access

Threat hunting offered as continuous service with periodic hypothesis-driven reports

Response retainers packaged with guaranteed surge capacity and on-site options

Onboarding accelerators emphasized data source activation and business context capture

AI assistants embedded in analyst workflows for triage drafting, enrichment, and query generation

LLM-powered search exposed incident context and root cause narratives from heterogeneous data

Guardrails highlighted for model safety, privacy, and provenance tracking in regulated environments

AI used to normalize alerts, reduce duplicates, and recommend next best actions with rationale

Human-in-the-loop validation positioned as mandatory checkpoint for high-impact decisions

Platform consolidation with open APIs emerged as the dominant integration message

Compliance-first narratives translated regulation into implementable controls and evidence trails

Resilience by design focused on recovery proof points and operational continuity

Enablement through live demos, workshops, and reference architectures accelerated adoption

Partnerships showcased interoperability and packaged outcomes across identity, cloud, and SOC