What’s New in July 2025: Smarter, Faster, More Flexible Security Operations 

Security teams are under pressure. Alert volumes continue to climb, the security operations center (SOC) talent gap is growing, and CISOs must prove that their programs are reducing risk and maturing over time. Meanwhile, security engineers and architects are being asked to scale data ingestion, maintain visibility into data, and secure sprawling hybrid environments—all while controlling costs.

At the core of the July 2025 release is Exabeam Nova, our agentic AI platform built to automate threat detection, investigation, and response (TDIR). Exabeam Nova now includes six specialized AI agents that work together to reduce manual effort, improve accuracy, and accelerate decision making.

Meet Exabeam Nova, Again: Six Specialized AI Agents

Exabeam Nova isn’t just AI—it’s a coordinated team of 6 intelligent agents. Each one is designed to tackle a specific SOC function, working together to drastically reduce manual work, improve detection accuracy, and boost response times. There is an agent available to execute at every stage of the TDIR process from the initial triage and risk-score all the way through post threat reporting. 

Clarity and Confidence for Security Leaders

Security leaders are under pressure to demonstrate real improvement. Yet, most still lack real-time visibility into their security posture or how current detections align with frameworks like MITRE ATT&CK^®. Studies show the average organization covers only 21% of known adversary techniques with active detection rules. Most reporting methods are manual and reactive—teams only map to ATT&CK after an investigation has already begun.

The July release expands Exabeam Nova’s role within Outcomes Navigator, delivering real-time posture summaries, benchmarking insights, and executive-ready reporting.

Exabeam Nova Advisor Agent now delivers:

• Real-time posture summaries: Understand your current detection coverage and identify gaps across threat categories like lateral movement, credential access, ransomware, and data exfiltration.
• ATT&CK comparisons: Understand how your environment aligns to specific adversary tactics, techniques and procedures (TTPs).
• Prioritized recommendations: Take action with guidance on which data source to add or detection to deploy next.
• Executive-ready reports: Translate complex detection data into summaries for board presentations and compliance audits.
• Compliance dashboard support: Align to ISO, HIPAA, NIST, and CMMC with prebuilt context tables and audit-ready dashboards. While not part of Exabeam Nova in Outcomes Navigator, the compliance dashboards complement the broader reporting capabilities of the New-Scale Platform.

These capabilities help CISOs  answer key questions like “Where are we vulnerable?” and “How has our posture improved?” using real data and clear next steps, not spreadsheets.

Speed and Precision for Analysts

SOC analysts are overwhelmed. Alert volumes are high, context is often missing, and triage is time consuming. According to IBM Research, analysts spend 32% of their time investigating alerts that pose no real threat.

This release introduces several enhancements to streamline analyst workflows and reduce alert fatigue, and accelerate incident response.

• AI-generated case titles: Cases are labeled with clear, contextual descriptions like “Suspicious Command Execution on Domain Controller,” helping analysts prioritize without manual triage.
• Improved triage workflows: Threat Center now includes faster alert queue management with options to acknowledge, dismiss, or escalate alerts.

• 30+ behavioral correlation templates: New detection rules aligned with ATT&CK TTPs—such as persistence, evasion, and privilege escalation—improve visibility into complex threats.
• Dynamic watchlists: Analysts can track VIPs, privileged users, or sensitive systems, with risk scores updated in real time.

• Enriched timelines: Threat timelines now include user and asset behavior over time, with added context from historical trends.
• Tenable and Qualys integrations: Vulnerability data enriches cases, helping analysts assess whether affected assets have known exposures.

Together, these updates give analysts higher-fidelity detections with less noise and more time to focus on real threats.

Scalability and Control for Platform Teams

Security engineers and architects are responsible for onboarding data sources, managing ingestion costs, ensuring uptime, and maintaining full detection coverage. The July release introduces features to help reduce overhead and improve control.

• New 25GB/day deployment option: Makes New-Scale Fusion—the full New-Scale Security Operations Platform combining New-Scale SIEM, New-Scale Analytics, and NetMon—available to MSSPs and growing enterprises. The easiest SIEM to use is now available to this segment of customers.
• Silent log source monitoring: Detect when critical log sources like firewalls or EDR tools stop sending data, even if no alert is triggered. This helps ensure visibility gaps don’t go unnoticed, without generating unnecessary or false alerts.
• Cloud collector filtering: Regex-based filters allow teams to exclude noisy or irrelevant events at ingestion from AWS, Azure, and other high-volume sources. Cloud logs can account for 30–50% of SIEM costs, so this can result in real savings.
• Enrichment manager UI: Visual rule builder lets teams enrich log data—mapping IDs to usernames, resolving hostnames, or tagging log sources—without writing scripts.
• IP-based access restrictions: Restrict platform and API access to specific IP ranges for better segmentation and compliance for regulated industries.
• Behind-the-firewall automation: A new remote agent enables automated response actions within private networks and isolated environments. Teams can now disable local accounts, quarantine on-prem devices, or trigger remediation workflows that were previously unreachable by cloud-native tools.
• Prebuilt automation packs: OpenAPI-based integrations and prebuilt workflows—for example, integrations with Slack and Jira—speed up deployment without custom development.

These capabilities ensure platform teams have the control and flexibility they need to scale securely, reduce costs, and support the business—without sacrificing performance or visibility.

Exabeam Nova Real-World Impact: TDIR Automation and Precision

For Security Leaders:

Exabeam Nova Advisor Agent delivers real-time security posture summaries, prioritized guidance, and executive-ready reporting. Leaders can identify detection and coverage gaps, benchmark against ATT&CK, and receive actionable next steps, eliminating manual reporting and enabling faster, more informed decisions.

For SOC Analysts:

AI-generated case titles, improved triage workflows, and dynamic watchlists cut through alert fatigue. Enriched timelines and risk trend analysis help analysts detect evolving threats—like compromised insiders—while integrations with vulnerability management tools like Tenable and Qualys add critical context to prioritize response.

For Security Engineers and Platform Teams:

Engineers benefit from a new 25GB/day deployment option, silent log source monitoring, and regex-based cloud log filtering, reducing operational overhead, preventing visibility gaps, and lowering storage costs. Visual enrichment rule builders and IP-based access controls further streamline configuration and support compliance.

Key Takeaways: The Power of Agentic AI

With six specialized agents, Exabeam Nova is redefining what’s possible in security operations.

• Automated TDIR: Exabeam Nova agents handle routine tasks so analysts can focus on the threats that matter.
• Reduced manual workload: Automated case summaries, natural language search, and chat-based assistance minimize repetitive effort.
• Greater speed and precision: From alert to resolution, Exabeam Nova agents deliver context, clarity, and actionable guidance, reducing response times and improving response accuracy.

See It in Action: Join the Live Demo

These updates—and more—will be showcased in our upcoming webinar, “What’s New at Exabeam.” Join Kevin Binder and Matt Willems for a live demonstration of the new capabilities, real-world use cases, and expert tips on how to get the most from the platform.

Register Now