NEXA Puts MDR Operations and Customers on the Same Page
Deepwatch has introduced NEXA, an agent-based AI ecosystem built to connect MDR teams and customers across one workflow. Instead of automating tasks in the SOC and calling it a day, NEXA links detection, investigation, response, and customer collaboration so everyone moves faster with fewer handoffs.
For operations leaders, this means clearer decisions, fewer delays, and evidence you can take to the board. It's collaboration at the point of action, not after the fact.
What Changes for Operations
- Shared visibility: security and business leaders see the same picture in business terms.
- Natural language access: ask for risk, status, and impact in plain English-no query language required.
- Human-in-the-loop: AI proposes, people approve-especially for actions like host isolation.
- Faster closure: fewer back-and-forths on tickets, clearer evidence trails, tighter MTTR.
How the Six Agents Work Together
NEXA combines six agents-three for SOC analysts and three for customer collaboration-so detection and decision-making stay connected.
- Investigative Agent: accelerates alert analysis and context gathering.
- Narrative Agent: turns raw signals into timelines and summaries people can act on.
- Response Agent: recommends or initiates remediation actions with approvals.
- CTEM Agent: converts exposure data into material risk the business understands.
- Detection Analyzer Agent: shows what detections cover a given threat or exploit.
- Ticket Analyzer Agent: surfaces status, blockers, and response recommendations across tickets.
As one Deepwatch leader put it, "These customer agents work collaboratively to proactively reduce risk and strengthen the security posture of any organization, always keeping humans in the loop. Organizations can stop threats before they become incidents."
Customers Can Just Ask
Non-technical and technical leaders can ask questions in plain English and get answers in seconds-like the material impact of a high-risk exposure, which detections cover a new exploit, or the current status of tickets and next steps. You don't need a SOC console or SQL just to get clarity.
Human oversight remains built in. "In each of these decisions, humans are involved in validating the accuracy of the results and decision-making, such as approval of host or endpoint isolation."
Frameworks That Tie to Business Impact
NEXA maps detections to established frameworks and workflows you already use. It supports MITRE ATT&CK and feeds into standard EDR playbooks (like isolating an infected endpoint). It also supports CTEM, where the CTEM Agent translates exposure metrics into material risk the executive team can prioritize.
"NEXA is purpose-built to seamlessly map detections with existing frameworks like MITRE and CTEM⦠The CTEM agent takes technical metrics like threat exposures in assets and determines their business impact on material risk that the executives and the board care about and can act upon." For operations, that's the bridge from signals to strategy.
What This Looks Like Day to Day
- Clearer decisions: security findings come with context, impact, and recommended actions.
- Fewer escalations: customer-facing agents answer the routine questions in seconds.
- Cleaner handoffs: tickets carry narrative, evidence, and next steps-less chasing.
- Board-ready updates: exposures roll up into risk language executives actually use.
- Controlled automation: you approve critical actions while AI handles the repetitive work.
Practical Steps to Pilot
- Start with the CTEM Agent on a focused asset set to quantify exposure-to-risk.
- Enable natural language queries for ops leaders and incident managers.
- Define approval thresholds for automated actions (e.g., isolate endpoint with manager sign-off).
- Connect your EDR and ticketing system so narratives and recommendations flow into existing workflows.
- Measure MTTR, escalations avoided, and ticket cycle time to prove value fast.
Why It Matters
Most tools speed up the SOC but leave business stakeholders guessing. NEXA closes that gap. Six agents work as one system-detection to response to business impact-so operations can keep risk visible, action clear, and momentum steady.
Level Up Team Skills
If you are building AI capabilities across operations and security, these resources can help:
Your membership also unlocks:
