The intricate cabling and equipment of a server rack, the core of modern data infrastructure.
N-able’s AI Cyber Defense Report Details Shift in Attack Landscape
N-able released its second annual State of the SOC Report on March 24, 2026. The AI cyber defense report details a fundamental shift in cyberattacks. Traditional Security Operations Center (SOC) models are now insufficient. Key findings include a return of perimeter attacks and AI automating 90% of investigation activity. The report emphasizes AI-powered, layered cyber defense for business resilience.
What Happened
N-able, Inc. (NYSE: NABL) issued its second annual “State of the SOC Report” on March 24, 2026. The report highlights a fundamental shift in how cyberattacks unfold. It concludes that traditional SOC models are no longer sufficient. Key findings include a return of perimeter attacks and AI automating 90% of investigation activity. This N-able cybersecurity report underscores that AI-powered, layered cyber defense is essential for business resilience.
Details From Sources
The report draws on frontline telemetry and real-world investigations. Adlumin Managed Detection and Response (MDR) provided data from the N-able SOC. Data aggregated over 900,000 alerts from March to December 2025. Eighteen percent of alerts in 2025 originated from network and perimeter infrastructure (Unified Threat Management). This indicates a return of perimeter attacks, shifting from endpoint and cloud attacks. Approximately half of observed attacks never touched the endpoint.
AI autonomously executes 90% of investigation activity. This shifts the SOC analyst role from investigator to decision-maker and threat hunter. Security Orchestration, Automation, and Response (SOAR) workflows for alert orchestration surged by 500% year-over-year. This surge redefines the response layer. Layered security demonstrably impacts threat success. Each layer reduces the probability of a successful threat.
Organizations relying solely on endpoint monitoring would have missed 137,187 network and perimeter threats. The N-able SOC executed 145,074 automated SOAR containment actions. Will Ledesma, Director of MDR Cybersecurity Operations at N-able, stated that layered defense is “non-negotiable” in 2026. Vikram Ramesh, Chief Marketing Officer at N-able, added that an “end-to-end, layered security approach is no longer optional; it’s foundational.” N-able will showcase its AI-powered cybersecurity platform at RSA Conference 2026 from March 23-26. Find them at the Moscone Center in San Francisco, Booth #1449.
Why This Matters
Traditional SOC models are no longer sufficient due to escalating alert volumes. Faster attack execution and increasingly sophisticated adversaries contribute to this. The N-able SOC processed an average of two alerts per minute from March to December 2025. This rate outpaces manual investigation models. Organizations without “depth across the security stack” operate blind. End-to-end, layered security is crucial for business resilience. It keeps operations running and businesses moving forward.
Background Context
This is N-able’s second annual “State of the SOC Report.” N-able is a global cybersecurity company. It focuses on delivering business resilience. N-able protects over 500,000 organizations worldwide. They use their AI-powered cybersecurity platform. The N-able platform provides advanced end-to-end capabilities, simplified workflows, and market-leading integrations. It also offers flexible deployment options.
Related Data or Statistics
- 90% of investigation activity is executed autonomously by AI.
- 18% of alerts originated from network and perimeter infrastructure (Unified Threat Management) in 2025.
- SOAR-orchestrated alert workflows saw a 500% year-over-year surge.
- Organizations relying exclusively on endpoint monitoring would have missed 137,187 network and perimeter threats.
- The N-able SOC processed an average of two alerts per minute between March and December 2025.
- The N-able SOC executed 145,074 automated SOAR containment actions.
- N-able protects more than 500,000 organizations worldwide.
Future Implications (SPECULATIVE)
The report suggests an accelerated need for AI-driven operations. This will help keep pace with evolving threats. The role of SOC analysts is expected to continue shifting. They will become decision-makers and threat hunters, rather than solely investigators.
Conclusion
N-able’s State of the SOC Report highlights the critical evolution of cyber threats. It underscores the imperative for AI-powered, layered cyber defense. Key findings include AI security automation’s significant impact and the resurgence of perimeter attacks. Adaptive and comprehensive security strategies remain important for business resilience.
FAQ Section
Q1: What is N-able’s 2026 State of the SOC Report about?
A1: N-able’s second annual State of the SOC Report details a fundamental shift in cyberattacks, the insufficiency of traditional SOC models, and the essential role of AI-powered, layered cyber defense.
Q2: What are the key findings regarding cyberattack trends in the report?
A2: The report reveals a return of perimeter attacks, with 18% of alerts originating from network infrastructure, and notes that approximately half of observed attacks never touch the endpoint.
Q3: How is AI impacting cyber defense investigations, according to the report?
A3: The report states that AI now autonomously executes 90% of investigation activity, shifting the SOC analyst role from investigator to decision-maker and threat hunter.
Q4: Why is layered cyber defense considered essential for business resilience?
A4: According to the report, layered security measurably reduces the probability of threat success, and an end-to-end approach is foundational for keeping operations running and businesses moving forward.
Q5: Where can readers find the full 2026 State of the SOC Report?
A5: The full report is available on the N-able website.
To access the full State of the SOC Report, readers can visit the N-able website. Attendees of RSA Conference 2026 can visit N-able at Booth #1449 in the South Hall.