StrongestLayer Launches Next Iteration of Its Platform That Moves Email Triage Upstream, Cutting SOC Alert Volume by More Than 80%
New Evidence Engine autonomously investigates every email threat and delivers decision-ready cases to security teams, eliminating the manual triage workflow that consumes up to 25% of analyst time
CHICAGO, March 18, 2026 /PRNewswire/ -- StrongestLayer, an AI-native email security company, today announced the next generation of its industry-leading platform. The release introduces the Evidence Engine, which autonomously investigates every inbound email threat and delivers a complete case file, a dollar-quantified risk score, and a recommended action to security teams.
StrongestLayer now deploys alongside existing email security gateways like Proofpoint, Mimecast, and Microsoft Defender with no MX record changes, adding an autonomous triage layer that legacy platforms were never designed to provide. Instead of investigating alerts from scratch, security teams validate pre-built cases and act. Now organizations can reduce alerts requiring manual investigation by more than 80 percent, while the alerts that reach security teams arrive with the investigative work already done.
The Gap Between Detection and Decision
Attackers now use AI to automate reconnaissance, craft targeted phishing, and orchestrate multi-stage campaigns at machine speed. Dwell time (the window between when a threat arrives and when it is contained) has become the variable that separates a near-miss from a breach. Every minute an alert waits in a queue is a minute the attacker keeps moving.
Yet today's email security platforms create an unintended bottleneck. They detect threats, but escalate raw alerts without investigation, shifting the full burden of triage to SOC analysts working inside the SIEM. Case in point:
Meanwhile, phishing initiates 36% of breaches according to the Verizon 2024 Data Breach Investigations Report. The problem is not detection. It is that everything detected lands on the SOC's desk with no investigation, no severity scoring, and no recommended action.
"StrongestLayer fundamentally changed how our security team operates," said Eric Sanchez, CISO at Orrick, an international law firm with more than 1,100 lawyers across four continents. "Instead of drowning in alerts, our analysts now focus on the threats that actually matter. The investigation is almost done before they even open the case."
How StrongestLayer Works
The Evidence Engine works like an emergency room triage system. When a patient arrives at an ER, clinicians do not send them directly to a specialist and hope for the best. They assess, gather evidence, and make a disposition call: discharge, observe, or admit. StrongestLayer applies the same logic to email threats. Whether an organization has a 20-person SOC or a single IT director handling security alongside 11 other responsibilities, the Evidence Engine performs the investigation work that would otherwise require dedicated analyst time. The system learns continuously from each organization's email environment, adapting its detection models and disposition thresholds without manual tuning.
The engine operates in three stages.
What This Means in Practice
"The security industry has normalized a broken workflow: detect a threat, generate an alert, and hand the SOC a blank investigation," said Alan LeFort, CEO of StrongestLayer. "V3 changes where the work happens. Every threat gets a full investigation, a dollar-quantified risk score, and a disposition recommendation before it reaches the SIEM. We are not asking security teams to work faster. We are making sure the work is already done before they see it."
Deployment
StrongestLayer V3 connects via API to Microsoft 365 and Google Workspace with no MX record changes and no infrastructure rework. Initial deployment completes in hours, with production validation typically finished within weeks as the Evidence Engine calibrates to the organization's email environment. Detections push to Splunk, Microsoft Sentinel, and XSOAR in under five seconds. StrongestLayer offers a structured proof-of-value engagement for qualified organizations to validate the 80% alert reduction claim against their own email traffic before purchase.
About StrongestLayer
StrongestLayer is an AI-native cybersecurity company founded by veterans of Proofpoint, FireEye, and Mandiant, and built for the threats that define this era. The platform protects organizations ranging from mid-market firms to global enterprises across financial services, legal, healthcare, and technology, processing millions of emails daily across its customer base. StrongestLayer combines LLM-powered threat detection with personalized human risk training to defend against both traditional and AI-generated email attacks. The company is SOC 2 Type II certified, undergoes regular third-party penetration testing, and is headquartered in San Francisco. StrongestLayer is backed by Sorenson Capital, Recall Capital, and leading cybersecurity industry veterans. Learn more at www.strongestlayer.com.
SOURCE StrongestLayer