N-able has introduced advanced AI-driven detections in its Security Operations Centre, enhancing the capability to identify threats that conventional monitoring systems might miss. This update is essential as cybercriminals increasingly use familiar administrative tools to avoid detection. The modifications specifically target unusual PowerShell executions, suspicious DNS activities, and atypical Windows process behaviors, granting analysts improved visibility into various security layers.
The 2026 State of the SOC Report from N-able highlights a concerning trend, revealing that almost half of the detected attacks bypassed endpoints directly, occurring instead across cloud, perimeter, network, or identity layers. One significant feature introduced assesses all PowerShell executions in monitored environments to spot misuse disguised as legitimate actions, particularly through “living-off-the-land” techniques.
Additionally, machine learning algorithms have been integrated to identify suspicious DNS behaviors that may indicate command-and-control activities. The final enhancement is the Single-Event Process Execution (SEPE) model, which evaluates Windows process behaviors based on attributes like process name and path. This comprehensive approach represents a crucial shift in cybersecurity strategies, focusing on behavior monitoring across multiple layers to enhance threat detection.