N-able boosts SOC intelligence to counter ‘business as usual’ cyberattacks

N-able, Inc. has announced a significant expansion of its AI-driven Security Operations Center (SOC) capabilities, introducing specialized detection models designed to expose stealthy "living-off-the-land" attacks. The update, delivered through N-able’s Adlumin Managed Detection and Response (MDR) platform, arrives as the company’s 2026 State of the SOC Report reveals that nearly 50% of modern attacks now bypass the endpoint entirely.

Exposing "legitimate" malice

The new enhancements focus on identifying malicious activity that traditionally mimics standard business operations. By shifting from signature-based detection to AI-driven behavioral analysis, the N-able SOC can now intercept threats in layers that legacy tools often miss:

• Anomalous PowerShell detection: Every PowerShell execution across monitored environments is now analyzed in real-time. The AI identifies subtle indicators of misuse, such as obfuscated commands or unauthorized administrative shifts, that would otherwise appear to be routine IT maintenance.

• DNS disruption alerts: Utilizing machine learning, this feature identifies patterns consistent with Command-and-Control (C2) beaconing and DDoS preparations, uncovering malicious communications that hide within standard network traffic.

• SEPE AI model: The "Single-Event Process Execution" framework analyzes Windows process behavior by correlating process names, paths, and parent-child relationships to flag anomalous execution sequences across customer environments.

The shift to "decision-maker" SOC analysts

According to N-able’s latest research, the velocity of alerts has officially outpaced human capacity, with the N-able SOC now processing an average of two alerts per minute. To combat this, the platform has automated roughly 90% of initial investigation activity via AI.

"The fastest-growing attacks today don't look malicious; they look like business as usual," said Troels Rasmussen, Vice President and GM of Security at N-able. "Our AI-driven approach correlates behavior across identity, network, and endpoint layers to expose what legacy tools miss, allowing teams to respond earlier even when attackers are trying to disappear."

Hyperautomation and strategic alliances

Coinciding with the SOC upgrades, N-able has expanded its Technology Alliance Program (TAP), integrating new partners like Atomatik and Zensec. These partnerships introduce "SOC Analyst Agents" and hyperautomation workflows directly into the N-able ecosystem, enabling MSPs to automate multi-step remediation tasks like phishing investigations and ransomware recovery.

By offloading routine alert triage to these autonomous agents, N-able is attempting to pivot the role of the human SOC analyst from a manual investigator to a high-level threat hunter and decision-maker.

"Resilience today isn't defined by what you can detect in isolation," noted Vikram Ramesh, Chief Marketing Officer at N-able. "It’s defined by how effectively you can coordinate a response across the entire environment at machine speed."