As security operations centers struggle with growing alert volumes and increasingly sophisticated phishing attacks, a new approach is emerging to reduce analyst workload and improve response times. StrongestLayer’s latest platform update introduces automation designed to transform email security triage by shifting investigation processes earlier in the threat lifecycle.

StrongestLayer, an AI native email security company, has launched the next iteration of its platform, featuring a new component called the Evidence Engine. The system autonomously investigates inbound email threats and delivers a complete case file, including a quantified risk score and recommended action, before alerts reach security teams.

The platform integrates with existing email security gateways such as Proofpoint, Mimecast, and Microsoft Defender without requiring changes to MX records. By adding an upstream triage layer, the solution addresses a long standing gap between threat detection and decision making. According to the company, organizations using the platform can reduce alerts requiring manual investigation by more than 80 percent.

The challenge stems from how traditional email security systems operate. While they are effective at detecting potential threats, they typically generate raw alerts that require manual investigation by analysts. This creates a bottleneck in security operations, especially as attackers increasingly use AI to automate phishing campaigns and reconnaissance.

Industry data highlights the scale of the issue. Research from the Ponemon Institute indicates that nearly half of security teams deal with false positive rates above 50 percent, with analysts spending a quarter of their time investigating benign alerts. Meanwhile, the 2024 Devo SOC Performance Report found that 70 percent of security operations centers struggle to keep up with alert volumes. Phishing remains a leading attack vector, initiating 36 percent of breaches according to Verizon’s Data Breach Investigations Report.

Eric Sanchez, Chief Information Security Officer at Orrick, described the operational impact of the platform. “StrongestLayer fundamentally changed how our security team operates,” said Eric Sanchez, CISO at Orrick, an international law firm with more than 1,100 lawyers across four continents. “Instead of drowning in alerts, our analysts now focus on the threats that actually matter. The investigation is almost done before they even open the case.”

The Evidence Engine operates through a multi stage process. It gathers forensic data such as domain registration details, authentication status, and link behavior, then enriches this information with business context including user roles and access privileges. Using large language model based reasoning, the system produces a triage decision, confidence score, financial risk estimate, and recommended action, typically within two minutes.

Alan LeFort, CEO of StrongestLayer, emphasized the shift in workflow. “The security industry has normalized a broken workflow: detect a threat, generate an alert, and hand the SOC a blank investigation,” said Alan LeFort, CEO of StrongestLayer. “V3 changes where the work happens. Every threat gets a full investigation, a dollar-quantified risk score, and a disposition recommendation before it reaches the SIEM. We are not asking security teams to work faster. We are making sure the work is already done before they see it.”

The platform also introduces dollar based risk scoring, replacing traditional severity labels with financial impact estimates, helping teams prioritize high risk threats more effectively. Automated disposition further reduces workload by filtering false positives and handling low risk threats without analyst intervention.

The launch reflects a broader shift toward automation in email security triage. As threat volumes continue to rise, solutions that combine AI driven investigation with contextual risk analysis are becoming essential for improving efficiency and reducing response times in modern security operations.

Recommended Cyber Technology News:

To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com