layer-8.com

What It Is

Layer8 is a training and simulation platform focused on “human-centric cybersecurity.” Its name refers to the “eighth layer” beyond the OSI seven-layer model: the user. The idea is that many security incidents are not caused solely by technical flaws, but are also tied to social engineering, human error, and poor security habits. The site says its training is designed, validated, and continuously evolved with input from cybersecurity offensive and defensive expert Sheila Berta. Its positioning leans toward changing employee security behavior, rather than simply delivering traditional security awareness presentations.

Core Capabilities and Protection Areas

In terms of protection coverage, Layer8 includes security awareness training, social engineering defense, phishing testing, and corrective training. Its content is based on neuroscience and adaptive learning, and includes formats such as simulations and interactive dilemma-based scenarios. It also claims to adjust content based on users’ available time and work context, reducing disruption to daily operations. The platform can recommend personalized content based on user performance, with the goal of building long-term security habits. For phishing tests, Layer8 emphasizes designs that resemble real attacks and can be customized according to an organization’s context and channels. It also offers SecurityBot, an AI chatbot trained on its cybersecurity knowledge base.

Deployment, Management, and Integrations

The site states that Layer8 can be accessed from any device and provides automation, real-time reporting, and “fully integrated” platform management capabilities. However, the public materials do not clarify whether it is purely SaaS, privately deployed, or hybrid, nor do they list specific integration targets such as SSO, HR systems, email gateways, SIEM, or APIs. From a procurement evaluation perspective, a demo would still be needed to confirm data flows, permission management, log retention, and organizational structure synchronization.

Pricing and Compliance

Pricing is not publicly disclosed. The site only provides a demo request form, with the team contacting prospects afterward. There is no visible information about plans, per-seat pricing, annual subscriptions, or trials. On the compliance side, the main content does not disclose details such as ISO 27001, SOC 2, or GDPR data processing information. For a platform that involves employee behavior data, training records, and phishing simulation results, this is a key area that enterprises should review before procurement.

Pros, Cons, and Who It’s For

Its strengths are clear positioning and a focus on continuous training around human risk rather than one-off courses. The combination of adaptive content, corrective training, realistic phishing tests, and real-time reporting is fairly comprehensive. Its weaknesses are the limited disclosure of commercial and technical details, especially pricing, compliance, integration lists, and customer case studies. It is suitable for mid-sized and large organizations that want to systematically reduce employees’ exposure to phishing, social engineering, and operational errors. It is also a fit for companies that already have technical security systems in place but need to strengthen the human behavior layer of their defenses.

Access from China and Alternatives

The country list in the site’s form includes China, but it does not specify mainland China nodes, Chinese-language support, RMB payment, or local data compliance arrangements. Actual accessibility and payment options are unknown. If local deployment, MLPS compliance, or onshore delivery is required, Chinese vendors such as QiAnXin, DBAPP Security, and NSFOCUS can also be evaluated for security awareness training and phishing simulation solutions. International alternatives include KnowBe4, Hoxhunt, Cofense, and Proofpoint Security Awareness.