N-able has enhanced its Security Operations Centre with new AI-driven detections through its partnership with Adlumin Managed Detection and Response. This update focuses on identifying suspicious activities that traditional monitoring tools may overlook, particularly as cybercriminals increasingly exploit familiar administrative tools to evade detection.
The latest features target anomalous PowerShell execution, suspicious DNS behaviour, and unusual Windows process execution, thereby providing analysts with greater visibility into endpoint, network, and identity activities. N-able’s 2026 State of the SOC Report indicates a shift in attack methods, noting that nearly half of observed attacks did not engage endpoints directly, unfolding instead across network, perimeter, cloud, or identity layers.
One notable new feature evaluates every PowerShell execution within monitored environments. This analysis aims to detect misuse disguised as legitimate activity, particularly associated with “living-off-the-land” techniques, where attackers utilize trusted tools already embedded in a system to avoid detection. A second addition employs machine learning algorithms to uncover suspicious DNS activities, which may signal command-and-control traffic, beaconing, or distributed denial-of-service behaviours that could elude endpoint monitoring.
The third element introduced is a model called Single-Event Process Execution, or SEPE. This model scrutinizes Windows process behaviours, assessing each event based on various attributes such as process name, path, parent process, and parent process path to provide analysts with more contextual behavioural data.
The announcement reflects a broader paradigm shift in cyber defence strategies, emphasizing the importance of monitoring behaviour across multiple layers rather than solely relying on endpoint signals. Security vendors and internal teams are increasingly focusing on detecting low-visibility techniques that blend seamlessly into normal system and network activities. This entails tracking legitimate tool usage, network patterns, and process chains that would not typically trigger traditional rule-based alerts, thereby enabling earlier identification of attacks, particularly when threat actors are attempting to remain concealed.
Troels Rasmussen, Vice President and General Manager of Security at N-able, noted that these new detections are tailored to address the evolving challenges in cybersecurity. “The fastest-growing attacks today don’t look malicious; they look like business as usual,” he stated. Rasmussen further explained, “Threat actors are blending into everyday activity using built-in tools like PowerShell. Our AI-driven approach correlates PowerShell, DNS disruption, and process behaviour to expose what legacy tools miss, helping teams detect and respond earlier, even when attackers are deliberately trying to disappear.”
The adjustments to N-able’s detection capabilities highlight the increasing reliance on AI models within managed detection and response services. By moving away from rigid signatures or predefined rules, these systems seek to identify behavioural patterns that deviate from the norm, enhancing their chances of detecting attacks, especially as adversaries modify their tactics to avoid traditional detection methods.
The commercial appeal for managed security providers lies in the potential to reduce the number of weak or irrelevant alerts while emphasizing incidents that require analyst scrutiny. This becomes crucial as security teams face mounting pressure to investigate more data across diverse systems without corresponding increases in personnel.
The new AI-driven additions are part of N-able’s broader initiative to integrate artificial intelligence into its security platform, automating aspects of the detection process. The company introduced these changes in response to the rapid evolution and complexity of modern attacks, which increasingly expose the limitations of traditional detection methodologies.
N-able currently serves over 500,000 organizations globally, and the new detection features are designed to assist customers in identifying malicious activities across various layers of their infrastructure, rather than relying solely on endpoint telemetry. As the landscape of cyber threats continues to evolve, such innovations underscore the necessity of adaptive and multifaceted security strategies.
See also
Anthropic’s Claims of AI-Driven Cyberattacks Raise Industry Skepticism
Anthropic Reports AI-Driven Cyberattack Linked to Chinese Espionage
Quantum Computing Threatens Current Cryptography, Experts Seek Solutions
Anthropic’s Claude AI exploited in significant cyber-espionage operation
AI Poisoning Attacks Surge 40%: Businesses Face Growing Cybersecurity Risks
