Physical Air Gap
Ransomware Protection
Cloud Object Lock is software pretending to be a wall. A physical air gap is the wall. When ransomware protection matters, the gold copy belongs offline at Layer 1.
Physical Air Gap for Ransomware Protection
Short, declarative definitions to explain why Layer 1 disconnection is the most reliable ransomware defence.
Layer 1 physical disconnect
A physical air gap means there is no electrical path between the storage hardware and any network. At Layer 1 of the OSI model, the cable is simply not connected. No IP address can be assigned, no port can be scanned, and no credential can bridge a gap that exists in copper and fibre rather than in software policy.
Physical separation at rest
Firevault Offline Secure Storage keeps your ransomware protection copy on hardware that is physically separated from every production system. While your estate is online and operational, the gold copy is offline. When a connection window is required, it is scheduled, identity verified and audited.
Why Immutable Cloud Backup Is Not Ransomware Proof
The failure modes ransomware operators exploit on the way to your cloud backups.
Immutable does not mean unreachable
Cloud backup platforms advertise Object Lock, versioning and WORM as ransomware protection. These are logical controls on a network that remains connected. An attacker who reaches a privileged account can weaken, disable or wait out the policy. The data is still physically reachable.
Credential theft is the entry point
Modern ransomware operators do not brute force encryption. They phish, buy or steal credentials into cloud consoles. Once inside, backup APIs are the first target. Session tokens, service accounts and cross-account roles all provide a path to the immutable copy.
Backup console targeting
Incident reports from NCSC, CISA and major cyber insurers show a consistent pattern: attackers identify backup infrastructure early, then disable or encrypt it before touching production. A reachable backup console is a single point of failure disguised as protection.
Layer 1 Disconnection Removes The Attacker's Prerequisite
Remote ransomware needs a reachable target. Firevault Offline Secure Storage removes the path before the playbook starts.
No reachable surface
Every remote ransomware playbook begins by reaching the victim. A physically disconnected Firevault disk has no NIC, no IP and no service to authenticate to. The attacker cannot scan what is not on the network, and cannot authenticate to hardware that is not listening.
Privilege cannot reattach a cable
Logical immutability collapses when an attacker gains sufficient privilege. Physical disconnection does not depend on privilege at all. No domain admin, storage admin or cloud root account can connect hardware that is physically unplugged. The boundary is physics, not policy.
Survives the rest of your estate
Most organisations keep their existing cloud or immutable backup for fast operational recovery, and add Firevault as the always offline gold copy. When ransomware reaches the hot and warm tiers, the offline copy remains untouched, unchanged and verifiable.
Continue reading on the architecture, the standards and the compare set.
Physical Air Gap Ransomware Protection, Common Questions



Add an offline gold copy to your ransomware protection
Talk to the Firevault team about layering a physically disconnected gold copy alongside your existing cloud or immutable backup.
Takes about 2 minutes. No account needed.