State of the SOC 2026: What the Data Reveals about Detection and Response
Modern SOCs are under increasing pressure as alert volume rises and attackers move faster than human-only workflows can keep up. In this session, N‑able experts break down what 900,000+ real-world alerts reveal about detection gaps, shifting entry points, and why single-layer security strategies continue to fail in real environments.
Based on frontline telemetry and response insights from the Adlumin MDR SOC, we’ll unpack where attacks are surfacing first, what’s driving alert overload, and where automation and AI are delivering measurable impact across investigation and response workflows.
What you’ll learn:
- Where modern attacks are surfacing first and why the network perimeter is re-emerging
- Why alert volume has outpaced human-only SOC models
- Where AI and automation are delivering measurable gains in response speed and coordination
- Why endpoint-only strategies fall short in real-world environments
- Practical steps MSPs and IT teams can take to reduce noise and improve response readiness
Why attend:
The 2026 data shows a fundamental shift: after years of cloud-focused attacks, the SOC observed a meaningful return to network and perimeter exploitation, including alerts tied to UTM and perimeter activity, reinforcing why defense-in-depth isn’t optional for resilience in 2026.
Who should attend:
- MSPs responsible for detection, response, and customer security outcomes
- Mid-market IT and security teams managing growing alert volumes
- Security leaders evaluating SOC maturity and resilience
- Teams responsible for incident response, MDR, or security operations strategy
Speakers
Will Ledesma
Will Ledesma is a seasoned cybersecurity leader with over 24 years of experience in cyber. Currently serving as the Director of MDR Cybersecurity Operations at N‑able, Will has successfully built and scaled a robust Security Operations Center (SOC) supporting nearly 4,000 clients. His expertise spans strategic leadership, threat hunting, incident response, and team development, with a focus on safeguarding the confidentiality, integrity, and availability of critical systems.
With a proven track record across diverse roles—including military service as a Cyber Defense Operator in the U.S. Air Force Reserves and leadership positions throughout his career—Will excels in building high-performing teams, driving operational excellence, and delivering innovative cybersecurity solutions. His passion for mentorship, technical innovation, and operational resilience underscores his commitment to advancing the cybersecurity field.
Jim Waggoner
Jim Waggoner is a product management professional with over 20 years of experience in cybersecurity, helping deliver top-notch solutions for businesses of all sizes. Currently, he’s the Vice President of Product Management in N‑able cybersecurity business unit, and has held similar leadership roles at Trellix, FireEye, McAfee, and Symantec. Jim is all about creating smart strategies, leading teams, and bringing innovative ideas to life.
Brendan Griffin
Brendan Griffin is an information security research and cyber threat intelligence leader with more than a decade of experience. He oversees N‑able’s Threat Research group, delivering advanced threat research that informs and strengthens the company’s products and services.
He previously built and led a security program supporting a global news network providing threat intelligence, security readiness, and incident response for journalists operating in high-risk environments worldwide. Earlier in his career, Brendan held senior intelligence and product leadership roles for seed- and late-stage startups. He holds a bachelor’s degree in philosophy and, outside of work, is renovating his hundred-year-old home in Washington, DC.