N-able has introduced new AI capabilities for its Security Operations Centre (SOC), delivered through enhancements to its Adlumin Managed Detection and Response (MDR) offering. The updates include detection technologies such as Anomalous PowerShell, DNS Disruption, and the Single-Event Process Execution (SEPE) AI model, aimed at improving detection of stealthy cyber threats.
Modern attackers often use legitimate tools such as PowerShell and DNS for malicious activity. Traditional security approaches can struggle to identify this type of behaviour, particularly when attacks extend beyond the endpoint. N-able’s 2026 State of the SOC Report highlights that a significant proportion of attacks occur across network, perimeter, cloud, or identity layers rather than solely on endpoints. The new capabilities are designed to improve visibility across identity, endpoint, and network activity to help identify suspicious behaviour.
Anomalous PowerShell Detection provides monitoring of PowerShell activity to identify potentially malicious command execution, including techniques where legitimate system tools are used for malicious purposes. It analyses PowerShell executions across monitored environments to detect unusual patterns.
DNS Disruption Alert uses machine learning to identify unusual DNS activity, including potential command-and-control (C2) communication, beaconing behaviour, and distributed denial-of-service (DDoS) patterns. It is intended to support detection of suspicious network communications that may not be identified through traditional endpoint monitoring.
The SEPE AI framework focuses on identifying unusual Windows process behaviour by analysing attributes such as process name, file path, and parent-child process relationships. It is designed to provide contextual information to support SOC analysis.
These updates form part of N-able’s broader approach to integrating AI capabilities into its security offerings, with the aim of supporting earlier detection of threats, automating parts of security workflows, and reducing operational workload for security teams.
The developments reflect the increasing complexity of cyber threats and the limitations of traditional detection methods, particularly in environments requiring visibility across multiple layers including endpoint, identity, and network activity.
