What is offline secure storage?

Offline secure storage (OSS) is a data protection method where data is physically disconnected from the internet when not in use. Unlike cloud storage, data stored offline has zero remote attack surface — it cannot be hacked, ransomed or accessed remotely because it is not connected to any network. Firevault provides this through hardware-encrypted vaults that are physically isolated.

How does Firevault protect against ransomware?

Firevault protects against ransomware by physically disconnecting your data from the internet. Ransomware can only encrypt data it can reach over a network. When your data is stored offline in a Firevault, ransomware attacks cannot reach it. Even if your entire network is compromised, your offline vault remains untouched and intact.

How much does Firevault cost?

Firevault Vault starts from £75 per month (inc VAT) for individuals. Business Storage starts from £360 per month (inc VAT). Enterprise Platform pricing is available on request. All plans include hardware encryption, identity verification, and physical disconnection by default.

Who is Firevault designed for?

Firevault is designed for individuals protecting passports, wills and crypto keys; professionals such as solicitors, accountants and consultants protecting client data; SMEs and businesses protecting crown jewel data; and regulated industries including healthcare, financial services and legal sectors requiring offline backup for compliance with GDPR, NIS2, DORA and FCA regulations.

Is Firevault GDPR compliant?

Yes. Firevault is designed to support GDPR compliance by keeping sensitive personal data physically isolated and offline. Physical disconnection ensures data is not exposed to network-based attacks, supports data minimisation principles, and provides an audit trail of access. Firevault is also designed to support NIS2, DORA, FCA and SRA compliance requirements.

What is a physical air gap?

A physical air gap is a security measure where a computer or storage device is completely isolated from the internet and all unsecured networks. Unlike a logical or software air gap, a physical air gap cannot be bridged remotely. Firevault uses a Layer 1 physical air gap — your data is stored on hardware that is physically disconnected from any network when not in active use.

Back to Knowledge Vault

Explainer10 July 20254 min read

The MITRE ATT&CK Framework: Everything You Need to Know

MITRE ATT&CK Framework: Everything You Need to Know Updated July 2025 | Estimated read time: 8 minutes | Published by Firevault Contents What Is MITRE ATT&CK?…

Mark Fermor

Director & Co-Founder, Firevault

A threat intelligence operations room with tactical display boards and indicator lights at blue hour

MITRE ATT&CK Framework: Everything You Need to Know

Updated July 2025 | Estimated read time: 8 minutes | Published by Firevault

What Is MITRE ATT&CK?
How the Framework Is Structured
Core Tactics & Techniques
Practical Use Cases for Security Teams
Where Firevault Fits into ATT&CK
Integration, Compliance & Mapping
Frequently Asked Questions
Firevault’s Verdict

What Is MITRE ATT&CK?

The MITRE ATT&CK Framework (Adversarial Tactics, Techniques & Common Knowledge) is a globally recognised matrix of real-world adversary behaviours, based not on hypothetical risks, but on observed attack patterns in enterprise, mobile, and industrial environments. Rather than relying on indicators or signatures, ATT&CK focuses on how attackers operate, from initial access all the way to exfiltration and impact. Security teams use it to improve visibility, plug control gaps, and model threats using real-world context.

How the Framework Is Structured

ATT&CK is structured around two key layers:

Tactics: The adversary’s goals (e.g. Initial Access, Persistence, Exfiltration)
Techniques: The methods used to achieve those goals (e.g. Phishing, Credential Dumping)

Each technique may also include sub-techniques and detection/mitigation guidance. ATT&CK is available in multiple matrices, Enterprise, Mobile, and ICS (for industrial control systems).

Core Tactics & Techniques

Tactic Purpose Example Technique Initial Access Gain entry to the environment Phishing (T1566) Execution Run malicious code Command & Script Interpreter (T1059) Persistence Maintain access over time Modify Registry (T1112) Privilege Escalation Gain higher-level permissions Exploiting Vulnerable Service (T1068) Defence Evasion Avoid being detected Obfuscated Scripts (T1027) Credential Access Steal secrets Brute Force (T1110) Discovery Learn about the environment Network Service Discovery (T1046) Lateral Movement Move through the network Remote Services (T1021) Collection Gather sensitive data Screen Capture (T1113) Exfiltration Steal and remove data Exfiltration Over Web Services (T1567) Impact Disrupt, destroy or encrypt Data Encrypted for Impact (T1486)

Practical Use Cases for Security Teams

Detection Engineering: Map SIEM/SOC alerts to known techniques to close visibility gaps
Threat Hunting: Proactively search for high-risk behaviour like Lateral Movement or Privilege Escalation
Purple Teaming: Emulate attacker techniques to test controls and validate defences
Risk Prioritisation: Align controls with techniques that target high-value systems or data

Where Firevault Fits into ATT&CK

Firevault doesn’t just help detect ATT&CK techniques, it removes the opportunity for many of them to work in the first place.

No Exfiltration: Offline vaults eliminate paths for T1567 (Exfiltration Over Web Services) and similar techniques.
Files in Firevault cannot be encrypted (T1486) because they are not reachable.
Reduced Discovery Yield: Network reconnaissance yields no access to vaulted assets.
Interrupts Collection: Data for Collection (T1113, T1056, T1005) is not exposed or network-accessible.

Firevault shifts the organisation’s exposure surface by physically removing its most valuable data from the attack lifecycle.

Integration, Compliance & Mapping

MITRE ATT&CK is widely integrated into tools and frameworks like:

NIST Cybersecurity Framework (CSF)
ISO/IEC 27001 and 27002
CISA’s Shields Up and Critical Infrastructure Guidance

Firevault supports these by providing technical control evidence that mitigates risks tied to ATT&CK techniques, especially in areas of offline data protection, ransomware recovery, and breach impact reduction.

Frequently Asked Questions

Is ATT&CK a threat-intelligence feed? No, it’s a static framework of known adversary behaviours, not a live indicator list. Do I need to address every technique? No, focus on those relevant to your architecture, systems, and data exposure. How does Firevault map to ATT&CK? It removes opportunities for techniques like exfiltration, encryption, and data theft by taking critical files fully offline.

Firevault’s Verdict

MITRE ATT&CK tells you what the enemy will try. Firevault ensures the most valuable targets are unreachable. Detection and defence matter, but elimination is stronger. Firevault allows security teams to reduce exposure to entire tactic categories by removing data from network access, attacker reach, and ransomware blast zones. Combine ATT&CK-informed response with Firevault’s offline strategy, and you’re not just reacting, you’re rewriting the threat model entirely. ↑ Back to top

About the author

Mark Fermor

Director & Co-Founder

The driving force behind Firevault's market presence, combining commercial vision with deep tech insight.

Back to Knowledge Vault

The MITRE ATT&CK Framework: Everything You Need to Know

MITRE ATT&CK Framework: Everything You Need to Know

Contents

What Is MITRE ATT&CK?

How the Framework Is Structured

Core Tactics & Techniques

Practical Use Cases for Security Teams

Where Firevault Fits into ATT&CK

Integration, Compliance & Mapping

Frequently Asked Questions

Firevault’s Verdict

Mark Fermor

The MITRE ATT&CK Framework: Everything You Need to Know

You may also find these useful

Physical Air Gap: Everything You Need to Know

NIST Cybersecurity Framework (CSF): Everything You Need to Know

Zero Trust Architecture: Everything You Need to Know

Your privacy matters