StrongestLayer Launches Next Iteration of Its Platform That Moves Email Triage Upstream, Cutting SOC Alert Volume by More Than 80%

New Evidence Engine autonomously investigates every email threat and delivers decision-ready cases to security teams, eliminating the manual triage workflow that consumes up to 25% of analyst time

CHICAGO, March 18, 2026 /PRNewswire/ -- StrongestLayer, an AI-native email security company, today announced the next generation of its industry-leading platform. The release introduces the Evidence Engine, which autonomously investigates every inbound email threat and delivers a complete case file, a dollar-quantified risk score, and a recommended action to security teams.

StrongestLayer now deploys alongside existing email security gateways like Proofpoint, Mimecast, and Microsoft Defender with no MX record changes, adding an autonomous triage layer that legacy platforms were never designed to provide. Instead of investigating alerts from scratch, security teams validate pre-built cases and act. Now organizations can reduce alerts requiring manual investigation by more than 80 percent, while the alerts that reach security teams arrive with the investigative work already done.

The Gap Between Detection and Decision

Attackers now use AI to automate reconnaissance, craft targeted phishing, and orchestrate multi-stage campaigns at machine speed. Dwell time (the window between when a threat arrives and when it is contained) has become the variable that separates a near-miss from a breach. Every minute an alert waits in a queue is a minute the attacker keeps moving.

Yet today's email security platforms create an unintended bottleneck. They detect threats, but escalate raw alerts without investigation, shifting the full burden of triage to SOC analysts working inside the SIEM. Case in point: 

• Ponemon Institute research shows nearly half of security teams battle false positive rates above 50%, with analysts spending 25% of their working hours chasing alerts that turn out to be benign.
• The 2024 Devo SOC Performance Report found that 70% of SOCs cannot keep pace with alert volume.

Meanwhile, phishing initiates 36% of breaches according to the Verizon 2024 Data Breach Investigations Report. The problem is not detection. It is that everything detected lands on the SOC's desk with no investigation, no severity scoring, and no recommended action.

"StrongestLayer fundamentally changed how our security team operates," said Eric Sanchez, CISO at Orrick, an international law firm with more than 1,100 lawyers across four continents. "Instead of drowning in alerts, our analysts now focus on the threats that actually matter. The investigation is almost done before they even open the case."

How StrongestLayer Works

The Evidence Engine works like an emergency room triage system. When a patient arrives at an ER, clinicians do not send them directly to a specialist and hope for the best. They assess, gather evidence, and make a disposition call: discharge, observe, or admit. StrongestLayer applies the same logic to email threats. Whether an organization has a 20-person SOC or a single IT director handling security alongside 11 other responsibilities, the Evidence Engine performs the investigation work that would otherwise require dedicated analyst time. The system learns continuously from each organization's email environment, adapting its detection models and disposition thresholds without manual tuning.

The engine operates in three stages.

• First, agentic collectors gather forensic evidence, including domain registration, authentication status, link behavior, sender history, and blast radius.
• Second, context engines enrich each case with business signals: the target's role, access privileges, and organizational risk profile.
• Third, LLM-based reasoning synthesizes evidence and context into a triage decision, a confidence score, a dollar-quantified risk assessment, and a recommended action. The entire process completes in under two minutes per threat.

What This Means in Practice

• Catch What Your Gateway Missed. StrongestLayer V3 runs every inbound email through its AI-native detection engine and displays the result alongside the organization's existing gateway verdict, giving security teams a continuous audit of detection gaps. Every detection includes natural-language reasoning: threat type, attacker intent, MITRE ATT&CK mapping, and confidence level.
• Investigate Automatically. The Evidence Engine's agentic collectors perform the manual research analysts currently do by hand: domain age checks, link detonation, sender reputation, behavioral context, blast radius assessment. They deliver confidence-rated findings in under two minutes, replacing investigation workflows that typically consume 15 to 20 minutes per alert. By the time a threat is escalated, the investigation is complete.
• Score Every Threat in Dollars. RATE Breach Impact Scores replace High/Medium/Low severity labels with dollar-quantified financial exposure for every threat, grounded in FBI IC3 and Verizon DBIR loss data. Two phishing alerts arrive simultaneously: one targets the CFO with wire transfer authority, the other targets an intern with no system access. Legacy tools label both "High." StrongestLayer V3 calculates actual dollar risk by synthesizing threat evidence with business context, so analysts work the highest-cost threats first.
• Dispose Intelligently. Based on detection, investigation, and risk scoring, the Evidence Engine makes three-tier disposition calls. False positives are identified and auto-released with no analyst involvement. Confirmed low-risk threats are auto-quarantined. Only high-risk attacks on critical targets escalate to the SOC, and they arrive with a complete evidence package, financial risk score, and recommended response. In practice, a team that currently triages 150 alerts per day sees that number drop to fewer than 30 decision-ready cases, each with the investigation already complete.
• Report to the Board. StrongestLayer V3 generates executive reports aligned to the FAIR risk model, translating operational metrics into the language boards understand: dollar-quantified risk reduction, time saved, false positives eliminated, and breaches prevented. Security leaders get board-ready proof without building slides from scratch.

"The security industry has normalized a broken workflow: detect a threat, generate an alert, and hand the SOC a blank investigation," said Alan LeFort, CEO of StrongestLayer. "V3 changes where the work happens. Every threat gets a full investigation, a dollar-quantified risk score, and a disposition recommendation before it reaches the SIEM. We are not asking security teams to work faster. We are making sure the work is already done before they see it."

Deployment

StrongestLayer V3 connects via API to Microsoft 365 and Google Workspace with no MX record changes and no infrastructure rework. Initial deployment completes in hours, with production validation typically finished within weeks as the Evidence Engine calibrates to the organization's email environment. Detections push to Splunk, Microsoft Sentinel, and XSOAR in under five seconds. StrongestLayer offers a structured proof-of-value engagement for qualified organizations to validate the 80% alert reduction claim against their own email traffic before purchase.

About StrongestLayer

StrongestLayer is an AI-native cybersecurity company founded by veterans of Proofpoint, FireEye, and Mandiant, and built for the threats that define this era. The platform protects organizations ranging from mid-market firms to global enterprises across financial services, legal, healthcare, and technology, processing millions of emails daily across its customer base. StrongestLayer combines LLM-powered threat detection with personalized human risk training to defend against both traditional and AI-generated email attacks. The company is SOC 2 Type II certified, undergoes regular third-party penetration testing, and is headquartered in San Francisco. StrongestLayer is backed by Sorenson Capital, Recall Capital, and leading cybersecurity industry veterans. Learn more at www.strongestlayer.com.

SOURCE StrongestLayer