SquareX at BSidesSF and RSAC 2025 Conference

Bringing Browser Security to the Forefront

What a week it’s been! The SquareX team just returned from San Francisco where we attended two back-to-back cybersecurity events: BSides SF and RSAC 2025 Conference. These events gave us the perfect opportunity to connect with the security community and showcase how our Browser Detection and Response (BDR) solution is changing the game for enterprise security teams.

BSides SF: Where Data Splicing Attacks Took Center Stage

Our San Francisco journey began at BSides SF, held at City View at Metreon. The energy was palpable as our founder Vivek Ramachandran and security researcher Audrey Adeline took to the stage to present Data Splicing Attacks: Breaking Enterprise DLP from the Inside Out.

The talk pulled back the curtain on how attackers are using sophisticated techniques like data sharding and ciphering to completely bypass traditional DLP solutions. Reception was positive — the presentation generated significant buzz, with many attendees expressing concern about the inadequacy of conventional DLP tools against these new attack vectors.

Between sessions, we also handed out our fan-favorite Hackers: Superheroes of the Digital Age comic books and caught up with familiar faces in the industry. We were glad for the opportunity to attend BSides SF before the the rush of RSAC— BSides always delivers that intimate community feel that makes for meaningful conversations about security.

On to RSAC Conference: Day 1

Freshly energized from the excitement of Bsides SF, we headed to the Moscone Center for RSAC Conference 2025 the next day. This marked our second appearance at the conference, and we were excited to showcase the latest enhancements to our Browser Detection and Response (BDR) solution at booth S-2361.

Despite Day One being a shorter day, we had many visitors curious about what browser-native security actually means in practice. We lost count of how many times we heard a statement like: “Wait, so you’re saying our EDR, SASE and SSE solutions are missing these browser-based attacks?”

Our founder Vivek Ramachandran also appeared on a CyberRisk TV interview with Matt Alderman, talking about our Year of Browser Bugs (YOBB) initiative, aimed at drawing attention to the lack of security research and rigor for the browser.

https://medium.com/media/cb43ed900fa2a49c9713da1ff7c13b8a/href

Day 2: The BDR Thesis Gains Traction

The first full day of RSAC saw the same levels of high energy. With a steady stream of visitors, we could barely keep our new stickers and “Hackers: Superheroes of the Digital Age” comics stocked! But what really motivated the team was the positive reception to our core thesis: many security professionals agreed that using network-layer solutions to infer application-layer attacks simply doesn’t work anymore, especially given how much the browser has evolved in the past decade.

Another highlight was our Security Researcher Audrey Adeline’s talk at Cloud Village on Browser Native Ransomware in a Cloud-First World. Part of SquareX’s bleeding-edge security research, Audrey introduced a new class of ransomware that targets cloud storage and SaaS apps while residing entirely in the browser — making these attacks completely invisible to EDRs and traditional anti-ransomware solutions.

After a full day at the booth, our team members headed to dinner to debrief and recharge, sharing insights from their conversations throughout the day. A few others attended industry networking events around San Francisco, where we met even more great folks in a more relaxed environment than the crowded show floor.

Day 3: Our Busiest Day Yet

The third day — and our most action-packed — featured John Carse, our Field CISO, delivering an insightful session on Shadow SaaS in a Cloud-First World at Cloud Village, where he broke down the growing risks associated with unauthorized SaaS applications in today’s cloud-first enterprises, as well as strategies to mitigate Shadow SaaS risks.

Outsdithe flurry of activity at the booth, one of our proudest moments was launching The Browser Security Field Manual, our latest book co-authored by Vivek and Audrey. This comprehensive, first-of-its-kind guide addresses the browser as a major attack surface — and provides actionable strategies for defending against sophisticated browser-based attacks. The book was wildly popular, with attendees lining up for signed copies throughout at the RSAC Bookstore.

After booth hours — the day wasn’t over yet! Team SquareX headed to St. Francis Yacht Club, where we hosted a CISO networking dinner that brought together security leaders for deeper conversations. Read more about our experience here!

Day 4: Final Connections and Closing Thoughts

The final day of RSAC might have been shorter, but our momentum never slowed. With the conference winding down, we noticed attendees were more focused and came with specific questions about implementing browser security in their organizations.

Our Field CISO John Carse also represented SquareX at Adversary Village’s roundtable discussion on ROI-Driven Cyber Defense, sparking important conversations about measuring the business impact of security investments — particularly for emerging threat vectors like browser-based attacks.

Back at the booth, we conducted our final demonstrations, with particular interest in our browser-native DLP capabilities and our approach to detecting sophisticated identity attacks.

As we packed up our booth that afternoon, there was a sense of accomplishment among the team. The conversations throughout the week had validated our mission — browsers have indeed become the new enterprise endpoint, and organizations are recognizing the need for dedicated browser security solutions. A fulfilling four days indeed!

The Bigger Picture

As we look back on our time at BSides SF and RSAC 2025 Conference , we’re incredibly grateful for the opportunity to showcase our Browser Detection and Response solution to some of the best and brightest minds in cybersecurity.

Each conversation reinforced that we’re addressing a critical security gap, and the validation from industry veterans, CISOs, and security practitioners was both humbling and energizing. These events reminded us why we built SquareX in the first place — to protect organizations from sophisticated browser-based threats that traditional security tools simply can’t see.

Thank you to everyone who visited our booth, attended our talks, and engaged with us about the future of browser security. The journey has just begun, and we couldn’t ask for a better community to be part of!

SquareX at BSidesSF and RSAC 2025 Conference was originally published in SquareX Labs on Medium, where people are continuing the conversation by highlighting and responding to this story.

The post SquareX at BSidesSF and RSAC 2025 Conference appeared first on Security Boulevard.

View the full article