AI enhances SOCs but human expertise vital against threats
N-able has published its first annual report examining the current landscape and future prospects of Security Operations Centres (SOCs), drawing on operational data from Adlumin's Managed Detection and Response (MDR) SOC team.
The report, titled the 2025 State of the SOC Report, analyses the increasing complexity of cyberthreats and the evolving role of SOCs in defending against them, with a particular focus on the impact of artificial intelligence (AI) and the continued necessity of human oversight.
According to N-able, the prevalence and sophistication of cyberattacks continue to rise, pushing SOCs to adapt beyond traditional response mechanisms. The implementation of AI within SOC operations is identified as central to improving efficiency, notably by automating tasks that were once handled manually and allowing analysts to divert attention to critical threat anticipation and response.
Vikram Ramesh, Chief Strategy Officer at N-able, commented on the findings: "Today's cybersecurity environment demands more than detection—it requires precision, adaptability, and speed. This report reinforces what we're seeing across the industry: cyber resiliency hinges on integrating AI with expert-led response.
"We're focused on building security operations that are resilient by design, capable of adapting in real-time, and ready to meet future challenges. Adlumin's SOC exemplifies our mission of delivering protection that's not just reactive but proactively built to anticipate and outpace evolving threats."
The report's conclusions are based on frontline incidents from Adlumin MDR SOC between December 2024 and February 2025. During this period, the SOC processed nearly 500,000 security alerts and raised 83,171 escalations. The report confirms that ransomware was a persistent major threat, with 2,684 ransomware incidents handled in that timeframe.
AI is credited with significant gains in SOC efficiency, with applications reducing analysis time and lessening the need for extended human review. The report highlights that AI can identify indicators of compromise in as little as 10 seconds. It is estimated that AI-managed automation now enables 70% of all incident investigations and remediation actions to be handled without direct human input.
Despite the gains from automation, the report underscores that specialised human expertise is still a cornerstone of SOC effectiveness. According to the findings, 86% of security alerts generated escalate to tickets, reflecting the fact that most incidents still require human validation or intervention to resolve effectively.
Another trend noted in the report is the shifting locus of threat detection. Endpoints remain the primary source, accounting for 56% of detections during the study period. However, cloud environments are quickly narrowing the divide, now representing 44% of all threat detections. The report also notes that nearly all breaches in cloud settings require account containment as part of remediation efforts.
Will Ledesma, Senior Director of MDR Cybersecurity Operations at Adlumin, shared perspective on the recent changes: "In 2024, the threat landscape escalated. The Adlumin MDR SOC was on the front lines of that shift, responding to thousands of escalations. What we've seen is clear: AI in cybersecurity is no longer just about enrichment; it's about adaptation. The State of the SOC Report reflects our journey: the threats we faced, the wins we earned, and how we continue to advance and evolve for businesses looking to outpace threats in 2025."
The report is designed to provide actionable insight for SOC operators, IT decision-makers, and cybersecurity professionals assessing the adoption of AI technologies in their operations. The experiences of the Adlumin SOC team during the observed period are presented as evidence of the tangible benefits and current limitations of AI in security management, with a clear emphasis on the necessity for ongoing human expertise.
N-able's research is one of several ongoing industry examinations into the integration of automation and AI in cyberdefence and its implications for organisational resilience against accelerating digital threats.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Techday NZ
4 days ago
- Techday NZ
Rapid7 launches agentic AI to boost MDR speed & accuracy
Rapid7 has announced the integration of agentic AI workflows into its security information and event management (SIEM) and extended detection and response (XDR) platform, aiming to change how managed detection and response (MDR) environments handle security threats within security operations centres (SOCs). The newly embedded agentic AI capabilities utilise Rapid7's AI Engine to autonomously execute core investigative tasks traditionally managed by SOC analysts. This development is intended to allow analysts to focus on deeper analysis, reduce investigation times, and enable faster resolution of security incidents for customers. Automation in security operations According to Rapid7, the new workflows are a response to the evolving threat landscape, where AI technologies are used by attackers to mount faster and more sophisticated campaigns. The company claims its agentic AI can handle alert triage with an accuracy rate of 99.93%, reportedly saving SOC teams more than 200 hours per week. The integration of these workflows is part of a wider effort to scale MDR services and improve transparency into the decision-making process when security events are detected and investigated. This is particularly important given the increasing volume and complexity of alerts faced by security teams. "AI isn't just an enhancement to security operations, it's a catalyst for a new era of scale, speed, and strategic decision-making. At Rapid7, we believe AI must be human-centric, transparent and accountable, and built on analyst expertise. The launch of agentic AI workflows for MDR represents the foundational step in our broader vision for agentic AI across the platform. Far more than just automation, this is the beginning of a system capable of intelligent and adaptive decision-making." This statement was made by Laura Ellis, Vice President of AI and Data at Rapid7. Focus on high-impact tasks Agentic AI workflows have been trained on playbooks authored by Rapid7's security operations centre experts and are continually refined through use in real-world scenarios. The company states these workflows aim to improve confidence in organisations' security posture through scalable, repeatable investigations, while ensuring that analysts can reallocate time to higher complexity issues. Further, these workflows are designed to enhance visibility into the reasoning and logic behind AI-driven decisions, providing greater control over the security process and transparency for organisations using the platform. "A world-class SOC optimizes for the 'human' decision moment. With agentic AI workflows, we're using AI to present the right information to enable accurate and fast human decisions that allow organizations to quickly find and stop today's AI-enabled attackers. Agentic AI workflows automate repetitive tasks, surface relevant findings, and provide contextual information to support analyst decision-making. By delivering timely, actionable insights, these workflows improve the quality of decisions being made and empower analysts to move confidently to the next step in the response process." This perspective was shared by Jon Hencinski, Vice President Detection & Response at Rapid7. Industry observations The approach taken by Rapid7 in embedding AI-driven workflows has also been commented on by industry analysts. Craig Robinson, Research Vice President at IDC, remarked: "Successful AI deployment in any cybersecurity platform needs to be thoughtful and planned: from the classification of data through to disciplined workflows and orchestration of detections with responses. Rapid7's approach to AI implementation checks each of these boxes with deliberate, transparent, practical AI processes that deliver real-world efficiencies for its customers." Continuous adaptation Rapid7 highlights that its agentic AI workflows are iteratively improved based on operational data and expert input, aiming to provide both scale and adaptability in cybersecurity environments where attack methods and volumes are continuously evolving. The company asserts that this focus on automation and transparency will result in improved alert fidelity, shorter investigation cycles, and a more strategic allocation of human resources within SOCs. Rapid7's enhanced MDR experience with agentic AI is intended to offer organisations increased command of their attack surfaces while responding to the speed and complexity of AI-driven threats. Follow us on: Share on:
Techday NZ
20-06-2025
- Techday NZ
Hornetsecurity launches AI cyber assistant for Microsoft 365
Hornetsecurity has launched a new AI Cyber Assistant to support its 365 Total Protection Plan 4, featuring tools designed to aid IT security teams and protect Microsoft Teams users from cyber threats. The new solution includes the Email Security Analyst, which automates the handling of reported suspicious emails, and Teams Protection, which is intended to detect and block malicious messages and impersonation attacks within the Microsoft Teams platform. Hornetsecurity has also confirmed updates to its AI Recipient Validation, aimed at preventing email misdirection and data leaks, now integrated into the 365 Total Protection Plan 4 suite. The AI Cyber Assistant is designed to ease workloads for security personnel while equipping end users with information to make informed decisions about potential threats. According to Hornetsecurity, the assistant continually evolves by deploying machine learning technology to support both end users and IT teams within their daily operations. Daniel Hofmann, Chief Executive Officer of Hornetsecurity, said: "To continue enhancing the next-gen security we provide, our new AI-powered Email Security Analyst automates responses to user queries about potential threats, alleviating the workload on SOC and service desk teams, while educating end users on the nature of attacks. IT security personnel benefit by gaining more time to focus on other pressing issues, while end users receive instant feedback, which also encourages them to continue reporting suspicious emails and contribute to the organisation's overall security." Email response automation The Email Security Analyst leverages a large language model to provide automated analysis and response to user-reported emails, reducing the manual review burden on Security Operations Centre (SOC) and IT Admin teams. This automation is intended to improve efficiency in handling suspicious emails flagged by users. As Hofmann explained: "Thanks to growing media attention, end users are becoming more suspicious about incoming emails. While this a welcome and positive development, each email they flag increases the burden on SOC and Service Desk teams to analyse and verify them on a case-by-case basis. Email Security Analyst replaces this traditional manual analysis and significantly reduces the time SOC teams spend on false-positive and negative reports." Providing AI-driven insights for each reported email, the tool assists in training employees to better discern malicious activity, while guiding them on necessary precautions to help strengthen organisational cybersecurity. Hofmann stated further: "Organisations have to strengthen their 'human firewall' by empowering employees to become active participants in their organisation's cybersecurity strategy. Cyber-attacks are constantly increasing, so CISOs and security teams need to strategically allocate resources that strengthen organisational security while upskilling end users to cover any blind spots." Microsoft Teams threat detection The Teams Protection feature aims to provide continuous monitoring and analysis of messages within Microsoft Teams, identifying and alerting users to potential threats using AI-driven detection methods. The technology analyses URLs and pictures within messages, employing supervised and unsupervised machine learning algorithms as well as computer vision models. These models scan for indicators of phishing such as brand logos, QR codes, and suspect text embedded in images. Administrators can remove conversations found to contain malicious messages and block compromised users from accessing Teams, helping to manage threats across Microsoft 365 tenants. Hofmann said: "Instant messaging platforms like Microsoft Teams are increasingly used as a main channel of business communications, and yet they tend to be overlooked as a potential attack vector. However, attackers are sending malicious links and malware both through Teams that are open externally and also via compromised internal Teams accounts. We have therefore developed Teams Protection to address this growing cybersecurity threat." User experience updates The release also brings a redesigned, multitenant control panel for 365 Total Protection, offering a streamlined interface intended to facilitate easier access to security, backup, and compliance features for Microsoft 365 users. The aim is to make administration more efficient while bringing multiple security functions together in a single platform. Hornetsecurity reports that it delivers its products and services through a global partner network, with organisations using the platform for a range of needs including email protection, backup, governance, risk and compliance, and security awareness training.
Techday NZ
13-06-2025
- Techday NZ
Arctic Wolf celebrates top ANZ partners as channel network doubles
Arctic Wolf has named REDD, CSW-IT, and Ethan Global as the recipients of its 2025 Australia and New Zealand (ANZ) Partner of the Year Awards. The awards were presented to acknowledge the contribution of partner organisations in delivering security operations and supporting efforts to reduce cyber risk for businesses across the region. Channel growth Arctic Wolf reported that its ANZ channel partner community has doubled in size, reflecting the company's continued investment in its partner-led strategy. The firm's global partner network now numbers more than 2,250, including resellers, solution providers, managed service providers (MSPs), cyber insurance collaborators, and technology alliances, spanning more than 100 countries. Alongside the growth in partner numbers, Arctic Wolf said it serves over 10,000 customers and supports more than 1,000 security engineers worldwide. Security landscape The company outlined that organisations in the ANZ region are facing a constantly shifting risk environment, influenced by the adoption of new technologies and increased geopolitical uncertainty. To address these challenges, Arctic Wolf has continued to focus on its partner-first approach and has introduced enhancements to its security platforms and MSP Partner Program. Following Arctic Wolf's acquisition of Cylance earlier this year, the company's partners in ANZ now have access to expanded go-to-market opportunities, including the latest Security Operations Centre (SOC) offerings and endpoint security solutions. Partner recognition The Alpha Partner of the Year award was presented to REDD. Brad Ferris, Chief Executive Officer at REDD, said, "At REDD, we're deeply honoured to be named Arctic Wolf's APAC Alpha Partner of the Year. This recognition reflects our team's relentless commitment to excellence, our customer-obsessed culture, and our focus on delivering world-class security outcomes across Australia and New Zealand. Together with Arctic Wolf, we're helping organisations face today's cybersecurity challenges with clarity, confidence, and resilience." CSW-IT received the Pack Hunter Partner of the Year award. Callum McDonald, Director at CSW-IT, commented, "We are so excited to be Arctic Wolf's Pack Hunter Partner of the year in Australia. This award reflects the dedication of our team, the strength of our strategic alignment with Arctic Wolf, and our shared commitment to helping customers stay ahead of evolving cyber threats." Ethan Global was named Rising Star Partner of the Year. Tony Geagea, Co-Founder and Chief Executive Officer at Ethan Global, said, "There's a reason why Australian organisations choose to work with us. We're more than just a security provider – we're AI, we're managed services, we're cloud, telco, and IT. To get security right, you need to have a holistic understanding of the environment, and that's our speciality. Thank you, Arctic Wolf for this year's Rising Star award - we are very excited about this strategic partnership." Commitment to the partner ecosystem David Hayes, Regional Director ANZ at Arctic Wolf, highlighted the importance of the company's partner relationships, stating, "By integrating Arctic Wolf's turnkey solutions, our open XDR platform, and the expertise of our partner teams, we serve as trusted advisors throughout the customer security journey." "As a 100% partner-based company, Arctic Wolf's entire portfolio of services is offered exclusively through our partners. Our local partner community is critical to bringing these innovations to the ANZ market, and we are committed to strengthening these relationships and delivering better outcomes for our customers." Arctic Wolf indicated that it will continue to build on its partner network in ANZ, aiming to meet expanding customer requirements while supporting efforts to address increasing security threats faced by organisations in the region.
