Exabeam Introduces First Cybersecurity Strategy Agent For SOC Leadership
Exabeam Nova is now the only agentic AI that empowers security leaders to: Build Strategic Plans: Automatically generate data-backed roadmaps using daily posture assessments, MITRE ATT&CK coverage, and organizational security data.
Automatically generate data-backed roadmaps using daily posture assessments, MITRE ATT&CK coverage, and organizational security data. Communicate with the Executive Team and Board : Generate boardroom-ready summaries that reframe technical metrics into business outcomes, enabling leadership to understand progress, support investment decisions, and evaluate ROI.
: Generate boardroom-ready summaries that reframe technical metrics into business outcomes, enabling leadership to understand progress, support investment decisions, and evaluate ROI. Identify and Prioritize Gaps: Uncover issues like missing log sources, misconfigurations, and ineffective threat detection content that weakens security posture.
Uncover issues like missing log sources, misconfigurations, and ineffective threat detection content that weakens security posture. Run What-If Analysis: Simulate adjustments or additions to security tooling and detection capabilities to evaluate how proposed actions close gaps and improve security posture.
Simulate adjustments or additions to security tooling and detection capabilities to evaluate how proposed actions close gaps and improve security posture. Track and Improve Maturity: Benchmark security posture daily, monitor measurable improvements, and align security operations with long-term organizational goals.
'AI in cybersecurity has been mostly about analyzing and responding to alerts, but that's not enough anymore,' said Steve Wilson, Chief AI and Product Officer at Exabeam. 'Exabeam Nova has expanded to become something larger. It's the first and only AI system that includes an agent built for the CISO. Exabeam Nova doesn't just tell security leaders where they stand, it diagnoses where they're at-risk, maps a plan to improve, and arms leaders with the facts to explain decisions to their executive team and board.'
'We're more focused than ever on delivering intelligent, outcomes-driven security solutions that scale with today's threats, and anticipate tomorrow's,' said Chris O'Malley, CEO of Exabeam. 'Security teams are woefully underfunded and asked to do more with less, yet threats continue to multiply. Exabeam Nova is creating a historic shift in how SOCs operate — moving from reactive alert chasing to strategic process optimization. What we're hearing from customers is clear: they trust Exabeam Nova. It's accurate, reliable, and delivers the real, measurable outcomes they've been waiting for.'
With the addition of the Exabeam Nova Advisor Agent, Exabeam Nova now includes six agents purpose-built to automate decisions, streamline investigations, and deliver continuous benchmarking of program effectiveness with clear, prioritized recommendations to drive improvement. Embedded into the foundation of the New-Scale Security Operations Platform, Exabeam Nova is deeply integrated into the complete threat detection, investigation and response (TDIR) workflow. Unlike vendors that bolt AI onto outdated infrastructure, Exabeam Nova was developed from the ground up as a coordinated system of agents, each aligned to a real-world SOC function to increase productivity and efficiency.
Delivering Meaningful Value for Customers
Within 90 days of launch, Exabeam Nova users report five-times faster investigations with improved accuracy. Users overwhelmingly cite the ability to work smarter and prove the business impact of their security programs as Exabeam Nova's greatest value.
'What really sets Exabeam Nova apart is how seamlessly the AI agents work together,' said Joep Kremer, Business Unit Director Cyber Security at ilionx. 'From the moment an alert comes in, the case investigator builds a summary, the assistant helps us dig deeper, and the advisor shows how it all ties back to our overall posture. We can search in plain language, visualize trends instantly, and act on clear, prioritized insights — all in one platform. It's like having a full team of experts working behind the scenes to keep us fast, focused, and aligned. Exabeam Nova isn't just smart it is a game-changer for our SOC.'
'We have been very happy with Exabeam's openness to feature feedback, the quick release rates of new features and the overall usefulness and quality of those features,' said David Andrews, Tat Extreme Networks. 'The new SIEM Security Coverage Analysis Report from the Exabeam Nova Advisor Agent,for example, has allowed us to identify strengths, weaknesses and gaps in our alerting while also providing recommendations on making better use of our log sources.'
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Channel Post MEA
3 days ago
- Channel Post MEA
Exabeam Renews Partner Program
Exabeam has unveiled the Exabeam APEX Partner Program, a modernized, partner-informed global channel initiative built to meet the evolving demands of today's cybersecurity landscape. As a channel-first company, Exabeam has consistently evolved its partner program over time to meet the ongoing needs of its business partners. Far more than a channel refresh, the new Exabeam APEX Partner Program is a bold step forward, directly addressing persistent industry frustrations around rigid tiering, limited autonomy, and inconsistent regional support. It reflects insights gathered from a Voice of the Partner survey, one-on-one interviews, and post-merger insights which underscore the long-term commitment Exabeam has to transparency, enablement, and shared success. 'At Exabeam, we're committed to delivering a partner experience that's modern, meaningful, and built to last,' said Craig Patterson, Global Channel Chief at Exabeam. 'Too many programs in the market are rigid, complex, and disconnected from what partners actually need. We listened, and we built something different. APEX prioritizes competency over contracts, enablement over transactions, and collaboration over assumptions. With 97% of our business running through the channel, this is a structural reinvention, co-designed with partners to deliver measurable value, real-world impact, and long-term growth.' By eliminating legacy obstacles and overcomplicated processes, the Exabeam APEX Partner Program empowers partners with greater flexibility, faster onboarding, and deeper collaboration. Its streamlined, competency-based framework simplifies licensing, improving margins, and enables a faster, more equitable path to value in a competitive cybersecurity market. 'We believe the best outcomes are achieved with customer-obsessed partners, by design,' said Chris O'Malley, CEO at Exabeam. 'The Exabeam APEX Partner Program represents more than a relaunch — it's a renewed commitment to being a truly partner-first company in best serving customers. We are leaning in, investing in our partners, and working shoulder-to-shoulder to extend our reach, accelerate time to value, and drive success for our customers.' Listening, Learning, and Delivering for the Channel In preparation for the launch of the Exabeam APEX Partner Program, Exabeam launched its global Voice of the Partner survey in Q1 2025 to identify the specific needs of VARs, MSPs, and MSSPs around the world. The insights received shaped a persona-driven program with clear enablement paths, simplified structures, and meaningful regional adaptability. Building on those insights, Exabeam is also introducing two new routes to market: Technology Solution Distributors (TSDs) and a dedicated referral track for consultants, advisors, and ecosystem alliances. A key evolution of the Exabeam APEX Partner Program is the shift to a competency-based tiering model that rewards performance, not just sales volume. According to the Voice of the Partner survey, 27% of partners ranked training, certifications, and business development as their top priorities, nearly double the 14% who cited incentives and rebates. The new program reflects this shift, aligning advancement with strategic enablement and technical expertise, and delivering a transparent, achievable path to greater opportunities. Key elements of the Exabeam APEX Partner Program include: Flexible, Competency-Based Tiering: Advancement is earned through certifications, specializations, and customer success, not arbitrary revenue thresholds. Clear, Predictable Incentives: Starting discounts, stackable rebates, and commitment accelerators drive profitability and reward investment. Simplified Onboarding and Pricing: Streamlined processes that reduce friction and boost partner profitability. Revamped Role-Based Enablement: Training and certifications aligned with the Exabeam product roadmap to accelerate time-to-value and support innovation. Integrated Go-to-Market Alignment: Enhanced collaboration across Sales, Marketing, Product, and Support ensures a consistent and scalable partner experience. Global Alignment with Local Flexibility: Regions can add or waive requirements based on local market realities, while maintaining consistency in structure and benefits
Zawya
4 days ago
- Zawya
Cequence Security launches AI gateway, safely enabling enterprises to realize the promise of agentic AI productivity
Dubai, UAE — Cequence Security, a pioneer in application security, today unveiled the Cequence AI Gateway, a powerful new solution enabling enterprises to take full advantage of the productivity gains promised by agentic AI. Bridging the gap between AI agents and enterprise applications, the AI Gateway enables instant connectivity with the guardrails enterprises need to stay in control. Enterprises, eager to embrace the power of artificial intelligence (AI), have lacked the tools needed to do so safely and efficiently at scale. For CISOs and security-first engineering leaders, the rush to expose applications to agentic AI is outpacing guardrails such as those outlined by the EU AI Act and Anthropic's ASL. CIOs are understandably concerned about the opportunity cost incurred by having to up-skill needed developers. At the same time, they want a solution that accelerates ROI by avoiding insecure, one-off prototypes in favor of a scalable, enterprise-grade solution. Cequence AI Gateway is that missing layer, instantly connecting AI agents to enterprise applications and APIs using emerging standards like the Model Context Protocol (MCP) while enforcing real-time policies that prevent abuse, protect data, and ensure AI acts within bounds. 'The race to adopt agentic AI in enterprises is well underway, but the foundation to support it is immature," said Ameya Talwalkar, CEO and co-founder of Cequence Security. 'This has left organizations backed into a corner, connecting AI agents to critical systems without sufficient security, oversight, or context. With the combination of our Unified API Protection platform and the new AI Gateway, Cequence delivers both sides of the equation: open, seamless access for AI agents, and the enterprise-grade security, governance, and visibility that leaders need to trust this next wave of automation.' The Cequence AI Gateway Advantage: Your AI Easy Button – AI Gateway converts any API into an MCP-compatible endpoint, enabling agentic AI access to any internal, external, or SaaS application in minutes, without coding. Avoids time and costs associated with up-skilling, coding, QA, integration, hosting, and ongoing management. No need to update your solution when new protocol versions emerge, as the AI Gateway handles this for you. End-to-End Authentication and Authorization – OAuth 2.0 IdP support ensures appropriate identity-based access to systems and data, preventing unauthorized AI agent access. Existing solutions lack seamless integration with enterprise IdPs. Monitoring and Visibility of AI Interactions – Real-time visibility into AI-API traffic with full audit logging enables detailed tracking of agent and user behavior, what applications are being accessed, and which API calls are being made via agents. Enterprise-Ready – Unlike alternatives, Cequence is designed for the enterprise, offering a SaaS solution with continuous environment monitoring and discrete pre-prod/prod modes. Integrates with existing infrastructure without disruption. Today, the Cequence Unified API Protection (UAP) platform is used by a broad spectrum of the world's largest organizations to monitor and secure their applications and APIs. The combination of AI Gateway and UAP allows Cequence customers to stop agent-fueled attacks, fraud, and abuse such as the high-profile incidents recently publicized in the news. 'Cequence doesn't just secure applications and APIs. They enable entirely new business models, said Amir Sarhangi, CEO and co-founder of Skyfire, creators of the KYAPay open payment and identity protocol for AI Agents. 'The AI Gateway is critical infrastructure that brings agentic AI into the real world by making secure, compliant access to enterprise APIs scalable and seamless. Cequence is a trusted partner because they know how to protect real time interactions without slowing innovation. It's a critical component as we build the infrastructure that gives AI agents everything they need to transact, including verified identity, real-time micropayments, and instant monetization." Early adopters have been quick to recognize AI Gateway value. 'We were trying to enable a complex, customer-facing agentic application experience, a process we thought would take months,' said an early enterprise customer. 'With Cequence AI Gateway, we went from 'stalled' to 'operational' in under 48 hours. Now, customers can ask natural language questions and get real-time answers, reducing costly support interactions. It solves a real business problem faster and more safely than we thought possible.' 'This launch is a natural evolution of our Unified API Protection platform,' said Shreyans Mehta, CTO and co-founder at Cequence Security. 'We've engineered the AI Gateway to transform any application or API into an MCP-compatible endpoint, with real-time enforcement policies baked in. It's built to meet developers where they are, while giving security teams the control they need. It's not just about enabling agentic AI; it's about enabling it responsibly at scale.' Mehta added: 'Building this requires deep knowledge of how APIs are structured, used, and abused at scale. That's why Cequence is uniquely positioned to enable the next generation of intelligence automation responsibly.' Enabling agentic AI starts at the API layer, and that's where Cequence leads. Cequence was built to solve difficult API security challenges in real time, at scale. While others are still trying to figure out how to safely expose APIs to agentic AI, Cequence brings years of enterprise experience to a problem that demands security-first thinking. It's designed by the same team that protects over 10 billion API interactions daily, and is built to handle the performance, governance, and authentication challenges unique to this new era of AI automation. Availability Cequence AI Gateway: August 2025 Deployment formats: SaaS and Helm chart Additional Resources Learn more on the Cequence AI Gateway product page Discover the full Cequence Unified API Protection platform Follow us on LinkedIn and About Cequence Security Cequence is a pioneer in API security and bot management, making the applications and APIs that organizations depend on AI-ready while protecting them from attacks, business logic abuse, and fraud. Our unique solutions unlock the promise of agentic AI productivity while providing real-time security against increasingly subtle and sophisticated threats. Cequence delivers value in minutes rather than days or weeks with a highly scalable, no-code, no-risk approach. Trusted by the largest and most demanding private and public sector organizations, Cequence protects more than 10 billion daily API interactions and 4 billion user accounts. To learn more, visit Media Contact cequence@
Zawya
6 days ago
- Zawya
Most organizations miss business context when assessing cyber risk, finds new research from Qualys
According to new research commissioned by Qualys and conducted by Dark Reading, despite rising investments, evolving frameworks, and more vocal boardroom interest, most organizations remain immature in their risk management programs. Nearly half of organizations (49%) surveyed for Qualys' 2025 State of Cyber-risk Assessment report, today have a formal business-focused cybersecurity risk management program. However, just 18% of organizations use integrated risk scenarios that focus on business-impacting processes, showing how investments manage the likelihood and impact of risk quantitatively, including risk transfer to insurance. This is a key deficiency, as business stakeholders expect the CISO to focus on business risk. Key findings from the research include: Formal Risk Programs are Expanding, But Business Context is Still Missing 49% of surveyed organizations report having a formal cyber risk program in place which looks like a promising statistic on the surface. But dig deeper, and the data shows otherwise: Business Alignment Gaps: Only 30% report that their risk management programs are prioritized based on business objectives Recent Implementations: 43% of existing programs have been in place for less than two years, indicating a nascent stage of maturity Future Plans: An additional 19% are still in the planning phase More Investment ≠ Less Risk: Why the Cyber ROI isn't Adding Up Cybersecurity spending has continued to grow. Yet one of the most revealing insights from the study is that a vast majority (71%) of organizations believe that their cyber risk levels are rising or holding steady. 51% say their overall cyber risk exposure is increasing 20% say it remains unchanged Only 6% have seen risk levels decrease The Missing Metric: Business Relevance in Asset Intelligence Visibility in cyber risk management is about a principle that hasn't changed in 20 years: you can't protect what you can't see. Yet even in 2025, asset visibility remains one of the biggest blind spots: 83% of organizations perform regular asset inventories, but only 13% can do so continuously 47% still rely on manual processes 41% say incomplete asset inventories are among their top barriers to managing cyber risk Risk Prioritization Needs to be a Business Conversation, Not a Technical One Another illusion that persists is the idea that all risks can and should be patched. The longstanding practice of prioritizing vulnerabilities based solely on severity is no longer sufficient. The industry looks to be grasping the fact that risk prioritization needs to go beyond single scoring methods like CVSS alone, with 68% of respondents using integrated risk scoring combining threat intelligence or using cyber risk quantification with forecasted loss estimates to prioritize risk mitigation actions. However, these next data points show that the industry still has some way to go: Nearly one in five (19%) of organizations continue to rank vulnerabilities using a single score like CVSS alone Just 18% update asset risk profiles monthly Reporting Risk in Business Terms, Not Security Jargon Executives do not want to hear how many vulnerabilities have been patched. They want to understand what the organization stands to lose, and what's being done to protect it. Yet the study finds that while 90% of organizations report cyber-risk findings to the board: Only 18% use integrated risk scenarios Just 14% tie risk reports to financial quantification Business stakeholders are only involved less than half the time (43%) And only 22% include finance teams in cyber risk discussions 'The key takeaway from the research isn't just that cyber risk is rising. It's that current methods are not effectively reducing that risk by prioritizing the actions that would make the greatest impact to risk reduction, tailored to the business. Every business is unique; hence, each risk profile and risk management program should also look unique to the organization. Static assessments, siloed telemetry, and CVSS-based prioritization have reached their limit,' commented Mayuresh Ektare, Vice President, Product Management, Enterprise TruRisk Management, Qualys. 'To address this, forward-leaning teams are adopting a Risk Operations Center (ROC) model: a technical framework that continuously correlates vulnerability data, asset context, and threat exposure under a single operational view. The ROC model provides a proven path forward for organizations ready to manage cyber risk the way the business understands it and expects it to be managed,' Ektare continued. Below are some recommendations to help businesses better align cybersecurity risk with business priorities: Business risk is all about context. In order to have a good understanding of organizational risk, a business first needs to understand what their business-critical assets are, then understand their risk factors or threats as it relates to those crown jewel assets. Without this context, vulnerabilities or threats are just information. If everything is critical, nothing is. Prioritizing risks is paramount as organizations do not have unlimited resources. In order to be capitally efficient, companies need to spend as little as possible to avoid the largest possible amount of risk. Whatever is not mitigated through technology represents risk that needs to be accepted, or transferred to cyber insurance. To get a good read of the cyber-risks across the enterprise, organizations need a diverse telemetry of risk signals. Organizations can't rely on just one — such as scanning for vulnerabilities — instead, companies need visibility into their application security, identity security stack, and more, every part of the enterprise that is exposing your attack surface. Instead of focusing on reactive incident response — for example with a SIEM or a SOC — organizations need a better system that proactively looks to predict risks and works to reduce the likelihood of an event happening by implementing a Risk Operations Center (ROC). This approach to risk management helps leaders make better, more informed decisions based on their unique business context. Organizations need to overhaul the way they are communicating cyber-risk to the board. Integrated risk scenarios that focus on business-impacting processes, such as how investments and insurance impact risk, will be the future of 'business-oriented' risk reporting, and much more effective at the purpose of communicating to board members.
