Recent Breaches
Breaches
View All →
Why OSS

Physical vs Logical
Air Gap

Logical immutability is software pretending to be a wall. Layer 1 disconnection is the wall. Understand the difference before ransomware decides for you.

L1
Side by Side

Two Architectures, Two Outcomes

Both promise to keep your data safe. Only one removes the network as an attack surface entirely.

01
Hardware air gap, no network interface

Firevault: Layer 1 Physical Disconnect

Firevault Offline Secure Storage operates at the physical layer of the OSI model. When disconnected, the storage has no network interface card, no IP address, and no software path that an attacker can follow. It is unreachable in the strictest sense.

No NIC when offlineNo IP address to scanOut of band switching
02
Logical immutability, network attached

Veeam, Rubrik, Cohesity, Dell PowerProtect

Hardened repositories, immutable buckets and WORM volumes are powerful, but they remain physically connected. Their protection lives in software policies, identity systems and storage APIs, all of which sit on the network and can be reached, abused or exploited.

Always on the networkDefended by software policyVulnerable to API and identity attacks
Why Logical Fails

Where Software Defined Immutability Breaks

The recurring failure modes seen in modern ransomware incidents involving backup platforms.

01
What ransomware groups target first

Backup API Exploits

Modern ransomware crews specifically hunt for backup consoles. Once they have credentials or a vulnerability, immutability flags can be cleared, retention windows rewritten and backup catalogues poisoned. The data is technically still there, but no longer trustworthy.

Console takeoverRetention rewriteCatalogue corruption
02
Admin rights defeat policy

Privilege Escalation

Logical air gaps depend on a privilege boundary. If an attacker reaches a sufficiently privileged account, the boundary collapses. Physical disconnection does not depend on privilege at all, because no privilege can connect a cable that is not there.

Domain admin compromiseStorage admin abuseInsider risk
03
Software cannot defend against itself

Firmware and Supply Chain

Software defined immutability assumes the underlying firmware, hypervisor and storage controller are honest. Supply chain attacks and firmware level malware bypass the policy entirely. Layer 1 disconnection removes the platform from the equation while data is at rest.

Firmware persistenceHypervisor escapeTrusted supply chain breaks

Read the full architectural argument for non IP control at the physical layer.

Layer 1 vs Logical, Common Questions

Mark Fermor
David Bailey
Kenny Phipps
Online Now
Concierge

See a true Layer 1 air gap in action

Talk to the Firevault team about adding a physically disconnected gold copy alongside your existing immutable backup.

Takes about 2 minutes. No account needed.

Free2 minsNo sign-up

    Firevault

    Firevault is Offline Secure Storage. Hardware you own, physically disconnected by default, with KYC-verified access. Ransomware-proof by design, not by patch.

    © 2026 Firevault Limited. Disconnect to Protect®