Deepwatch has unveiled its NEXA™ ecosystem, a pioneering agentic AI platform designed specifically for managed detection and response (MDR), creating a collaborative interface where human analysts and intelligent agents work together in real time to accelerate threat detection and containment.
Unlike traditional MDR solutions that rely on automation in the background, NEXA™ brings artificial intelligence to the forefront—creating an interactive, collaborative environment where human analysts and AI agents work in harmony. The goal is to empower security operations centers (SOCs) to detect, investigate, and contain threats faster, more accurately, and with greater transparency.
By integrating human expertise with intelligent, autonomous agents, Deepwatch’s NEXA™ platform delivers a new model of cyber defense that learns continuously, evolves dynamically, and scales intelligently with organizational needs.
A New Era for Managed Detection and Response
Managed detection and response has traditionally been centered on automation behind the scenes—streamlining workflows, correlating data, and alerting analysts when anomalies occur. However, as cyber threats become increasingly adaptive, autonomous, and AI-driven, this model struggles to keep pace.
Enter NEXA™, Deepwatch’s response to the evolving threat landscape. Designed as a living ecosystem of intelligent, communicative AI agents, NEXA™ transforms the MDR experience from reactive alert-handling to proactive, collaborative intelligence.
Rather than simply automating manual tasks, NEXA™ enables security professionals to directly engage with AI in natural language, conduct deeper investigations, and visualize evolving threats in real time. The result is not just operational efficiency—but a fundamental reimagining of what MDR can achieve.
Key Capabilities and Features of NEXA™
Deepwatch’s NEXA™ ecosystem integrates six specialized intelligent agents, each with distinct functions that mirror and amplify core security operations roles. Together, they form a self-reinforcing system capable of learning, adapting, and refining its detection capabilities over time.
1. CTEM Agent – Continuous Threat Exposure Management
This agent continuously scans the organization’s assets, configurations, and network exposures to identify vulnerabilities or misconfigurations that could be exploited. It provides contextual insights that help prioritize remediation efforts based on real-world risk.
By integrating directly with vulnerability management tools, the CTEM Agent gives analysts a constantly updated view of their exposure landscape—ensuring that defensive strategies evolve as fast as the threats themselves.
2. Detection Advisor Agent
Aligned with the MITRE ATT&CK® framework, this agent acts as a knowledge engine that recommends new detection strategies, correlates threat behaviors, and identifies coverage gaps.
It enables security teams to understand which adversary techniques are most likely to target their environment and how existing controls measure up. This makes NEXA not just reactive, but predictive and preventative.
3. Ticket Analyzer Agent
Managing ticket queues is often one of the most resource-draining aspects of security operations. The Ticket Analyzer Agent automates triage by classifying, prioritizing, and assigning incident tickets.
By filtering out false positives and routing actionable cases to the right teams, it drastically reduces noise and analyst fatigue. According to Deepwatch, NEXA can reduce low- and medium-severity alerts by as much as 98%, freeing analysts to focus on high-impact investigations.
4. Investigative Agent
This agent assists SOC analysts by automatically correlating indicators of compromise (IOCs), timelines, and contextual evidence from multiple data sources. It functions as an intelligent research assistant—surfacing relevant findings within seconds instead of hours.
Through natural language interactions, analysts can query the Investigative Agent for details like, “Show me related events in the past 72 hours” or “Identify other endpoints with similar behaviors,” enabling a fluid, conversational approach to incident response.
5. Narrative Agent
Communicating complex security incidents in business language has long been a challenge for security teams. The Narrative Agent bridges that gap by generating clear, board-ready summaries of security posture, threat trends, and ongoing investigations.
It transforms technical data into human-readable insights that executives, risk officers, and compliance teams can easily understand—helping align security priorities with business objectives.
6. Response Agent
The Response Agent handles automated containment and remediation actions, working in conjunction with analysts to neutralize threats. It can isolate compromised endpoints, block malicious IPs, or trigger playbook responses within seconds—accelerating mean time to respond (MTTR) by up to 10 times.
By connecting all six agents through a shared intelligence fabric, NEXA™ forms a continuous feedback loop that integrates detection, investigation, and response into one evolving cycle of learning and improvement.
The Power of Agentic AI in Security Operations
At the core of NEXA™ lies the principle of agentic AI—a concept that goes beyond automation to enable AI entities that act autonomously within defined governance boundaries. These agents don’t just execute commands; they observe, reason, collaborate, and improve over time.
This design philosophy enables NEXA™ to function as both a trusted partner for analysts and a strategic asset for executives, offering operational speed and contextual clarity simultaneously.
For instance, a SOC analyst can query NEXA for “current ransomware exposure risk” while a CISO can ask for a “summary of incident trends by business unit for this quarter.” Both receive instant, relevant, and accurate responses in plain language.
This natural language interface democratizes cybersecurity data, allowing different stakeholders—from technical experts to board members—to interact with security intelligence directly without needing specialized tools or queries.
Why NEXA™ Matters in Today’s Cyber Landscape
The launch of NEXA™ signals more than just a product update—it represents a paradigm shift in how organizations approach managed detection and response.
1. A Step Beyond Automation
Most MDR platforms automate processes behind the scenes. NEXA™ brings automation into the spotlight—integrating AI into the analyst’s workflow and even the customer’s experience.
By working with humans instead of replacing them, agentic AI enhances decision-making while maintaining accountability, oversight, and ethical governance.
2. Addressing Analyst Fatigue
SOC teams are often overwhelmed by alert volumes and fragmented toolsets. NEXA™ unifies these environments, reducing redundant triage work and eliminating silos. The result is improved morale, productivity, and retention among security teams.
3. Adapting to Autonomous Threats
As attackers increasingly leverage AI-driven tactics, defenders need systems that can match their speed and sophistication. NEXA’s agentic ecosystem continuously evolves to adapt in real time, ensuring that defenses never stand still.
4. Empowering Executives with Clarity
For board-level stakeholders, security conversations often lack transparency. NEXA™ transforms technical complexity into strategic intelligence—allowing business leaders to understand risks, justify investments, and measure performance with confidence.
Implementation and Integration Considerations
Deploying an agentic AI ecosystem like NEXA™ requires thoughtful planning and governance. Organizations must ensure alignment across technology, people, and processes to maximize its value.
1. Technology Integration
Enterprises should evaluate how NEXA™ connects with existing systems such as SIEM, EDR, vulnerability management, and ticketing platforms. Ensuring seamless data flow into and out of the NEXA ecosystem is critical for achieving real-time insight and automation.
2. Governance and Policy Frameworks
Autonomous agents require clear operational guardrails. Organizations must define policies around decision-making authority, data access, and auditability to maintain compliance and prevent unintended actions.
Deepwatch emphasizes that all autonomous activity within NEXA™ is fully auditable, with detailed logs that maintain accountability and transparency.
3. Training and Change Management
Transitioning from traditional MDR workflows to an agentic AI ecosystem requires a cultural shift. Analysts, security leaders, and business users must be trained on how to interact with AI agents, interpret outputs, and adapt workflows.
4. Defining Success Metrics
Before deployment, organizations should establish clear KPIs such as:
-
Reduction in mean time to detect (MTTD) and mean time to contain (MTTC)
-
Decrease in false positives and alert noise
-
Increase in actionable insights generated
-
Enhanced visibility and coverage across assets
Tracking these metrics ensures measurable impact and continuous improvement.
5. Scalability and Future-Readiness
NEXA™ is built to scale. However, as cyber risks evolve, organizations should verify that their deployment can accommodate new agents, integrate emerging telemetry sources, and maintain transparency as the ecosystem grows.
The Future of MDR: Continuous Learning and Human-AI Collaboration
Deepwatch’s introduction of NEXA™ points to a broader industry trend—the convergence of autonomous intelligence and human judgment. The most resilient security operations of the future will not rely solely on automation or human expertise, but on the synergy between the two.
NEXA™ exemplifies this future by turning every security operation into a living, learning system that gets smarter with every alert, incident, and response. Its continuous feedback loop ensures that intelligence gained from one event strengthens defenses across the entire ecosystem.
In doing so, Deepwatch is not only responding to today’s cybersecurity challenges but anticipating tomorrow’s.
Conclusion
With the launch of NEXA™, Deepwatch is charting a new course for managed detection and response—one driven by collaboration, context, and continuous improvement.
By combining human expertise with agentic AI, NEXA™ empowers organizations to detect threats faster, reduce alert fatigue, and make smarter security decisions. Its six intelligent agents unify detection, investigation, and response within a single platform that learns and evolves continuously.
For organizations facing increasingly autonomous adversaries, NEXA™ offers more than protection—it provides a competitive advantage, aligning cybersecurity strategy with business outcomes.
As AI reshapes every corner of the enterprise, Deepwatch’s NEXA™ stands as a powerful reminder that the future of security isn’t just automated—it’s adaptive, intelligent, and deeply human-centered.
SOC News provides the latest updates, insights, and trends in cybersecurity and security operations.
Read related news – https://soc-news.com/zenity-unveils-runtime-protection-for-ai-agents/
