N-able Report Reveals the Future of the SOC Relies on AI, While Human Intervention Remains Essential

Cyberthreats have intensified, testing the resilience of security teams as attackers grow more elusive and relentless. SOCs remain a critical line of defense—but keeping pace demands more than traditional playbooks. Integrating AI into SOC workflows isn't just a strategic shift—we believe it's a major key to unlocking new levels of efficiency that the human factor alone can't deliver. From accelerating detections to automating investigations and reporting, AI empowers analysts to focus on what truly matters: anticipating threats, not just reacting to them.

"Today's cybersecurity environment demands more than detection—it requires precision, adaptability, and speed. This report reinforces what we're seeing across the industry: cyber resiliency hinges on integrating AI with expert-led response," said Vikram Ramesh, Chief Strategy Officer at N-able. "We're focused on building security operations that are resilient by design, capable of adapting in real-time, and ready to meet future challenges. Adlumin's SOC exemplifies our mission of delivering protection that's not just reactive but proactively built to anticipate and outpace evolving threats."

The 2025 State of the SOC Report highlights key takeaways related to incident preparedness and response, all stemming from the frontline experiences of the Adlumin MDR SOC during December 2024 through February 2025. A few key findings include:

AI is a dominant driver of improvements to SOC efficiency: The use of AI tools has cut down SOC analysis time, eliminating the need for lengthy human review. AI now pulls indicators of compromise (IOCs) in as quickly as 10 seconds.
Human expertise remains critical in AI & SOC success: While AI can help combat threats, it cannot fully take the place of SOC analysts. The report reveals that 86% of security alerts escalate into tickets, which indicates most alerts still require human validation.
Most threat detections still stem from endpoints—cloud environments are quickly closing the gap: 56% of detections originate from the endpoint and 44% originate from the cloud. Additionally, almost all cloud-based breaches require account containment to mitigate threats.
Majority of incident investigations can be completely automated with AI, reducing response time and analyst workload: AI can automate 70% of all incident investigations and threat remediation activity.

The report's findings are pulled directly from the Adlumin SOC between December 2024 and February 2025, which has successfully protected businesses by processing nearly 500,000 alerts and creating 83,171 security escalations. Among these incidents, ransomware remained a top concern, with the team handling 2,684 ransomware threats.

"In 2024, the threat landscape escalated. The Adlumin MDR SOC was on the front lines of that shift, responding to thousands of escalations," said Will Ledesma, Senior Director of MDR Cybersecurity Operations at Adlumin, an N-able company. "What we've seen is clear: AI in cybersecurity is no longer just about enrichment; it's about adaptation. The State of the SOC Report reflects our journey: the threats we faced, the wins we earned, and how we continue to advance and evolve for businesses looking to outpace threats in 2025."