Five key takeaways from N-able’s 2025 SOC Report

1. The endpoint remains critical, but the cloud is rising

Attackers still target endpoints, but the report shows cloud threats are quickly growing. Between December 2024 and February 2025, 56% of detections in Adlumin’s SOC came from endpoints, while 44% were cloud-based. As more work moves to the cloud, attackers are targeting it more often.

This shift calls for strong protection for both endpoints and cloud accounts. An example in the report describes a financial firm that avoided a major ransomware incident by quickly isolating affected endpoints after attackers compromised VPN credentials. The lesson is clear, organisations must be prepared to act fast across both traditional and cloud environments.

2. Speeding up incident response with AI and automation

The report has also identified that AI and automation is able to make SOCs more efficient. Between December 2024 and February 2025, 70% of incident investigation and response tasks were automated. AI can now handle alert triage, investigate threats, and create reports in seconds, giving analysts more time for important tasks.

Automation helps identify unusual activity, recognise attack patterns, and explain investigations clearly to others.

3. Human analysts are still essential

Despite AI’s progress, human expertise is still needed. Most alerts (86%) must be reviewed before being escalated, and about 10% of cases require direct action from the MDR team.

AI supports analysts by handling routine work, letting them focus on complex threats and planning. To get the best out of your SOC, utilising both AI and human skills is an important factor.

4. Quick action is key to stopping threats

Cyber attacks often happen quickly, so a fast response is vital. The shortest breakout time noted in 2024 by the Adlumin team was under 8 minutes. In one case, Adlumin’s quick endpoint isolation stopped a ransomware attack within 16 minutes.

During the period studied, 95% of proactive responses involved resetting passwords or disabling accounts. Automating these actions gives organisations a crucial advantage in stopping attacks swiftly.

5. AI greatly improves threat hunting and efficiency

The report highlights a 153x increase in threat hunting after introducing AI tools. By automating routine checks, AI lets analysts look for new threats and vulnerabilities more effectively.

AI can process large amounts of data and spot patterns at a faster rate than humans could. As AI develops further, it will work more closely with analysts to protect organisations.

What does the future look like?

The 2025 SOC Report shows that cyber threats will keep changing, but so will SOCs. The future lies in combining advanced AI with skilled analysts. Whether security is managed internally or externally, SOCs that use both technology and human insight will respond best to new challenges.