FV-Fracture: Emergency Network Severance
When a breach is detected, every second of continued connectivity is a second the attacker uses to spread. Fracture physically disconnects network segments within seconds, stopping lateral movement by removing the paths it depends on.
Control Module
A firewall rule is a suggestion. Physical disconnection is a fact. When you need containment, you need certainty.
<90s
From authorised command to complete physical disconnection
Zero
Network paths remaining after Fracture activation
100%
Containment assurance — no logical bypass possible
Multi-zone
Simultaneous severance across all configured boundaries
Software-based containment fails when attackers control the software.
Firewall Rule Delays
Emergency firewall changes require rule creation, testing, and propagation across multiple devices. Attackers move faster than change management processes allow.
VLAN Hopping
Logical network segmentation can be bypassed through VLAN hopping, ARP spoofing, and misconfigured trunk ports. The separation exists only when every configuration is perfect.
Compromised Controls
If the attacker has reached the management plane, they can modify or disable the same firewall rules and network segmentation you are relying on for containment.
The Scenario
Scenario: Sub-Minute Ransomware Containment
A SOC analyst detects ransomware encryption beginning on a file server at 02:14. The malware is spreading across network segments through SMB shares and has already reached two of four sites. Traditional containment would require isolating VLANs, pushing firewall rules, and disabling switch ports — a process that takes 15-30 minutes while the encryption continues. With Fracture, the SOC analyst issues a single authorised command. Within 90 seconds, all inter-site connections and inter-segment paths are physically severed. The ransomware has no network path to reach the remaining two sites. Encrypted segments are physically isolated for forensic analysis while clean segments begin recovery from air-gapped copies.
"We practised our containment playbook quarterly. It took 22 minutes to execute under ideal conditions. Fracture did it in 87 seconds with no room for human error."
Emergency containment that attackers cannot bypass.
FV-Fracture is the emergency response module of Firevault Control. It provides physical network severance within seconds, absolute containment with no logical bypass, and controlled restoration through the Relay module. When every second counts, Fracture provides the certainty that software-based containment cannot.
- Physical disconnection that stops all lateral movement
- Multi-party authorisation preventing accidental activation
- Sub-minute severance across all configured zones
- Automated SIEM integration for machine-speed response
- Controlled, individual path restoration during recovery
- Tamper-proof logging of all containment actions
Fracture — How It Works
Module 1 of 4Fracture physically removes network connections between configured zones. When activated, the paths between segments cease to exist. There is no firewall to bypass, no VLAN to hop, no configuration to exploit. The physical connection is removed until authorised personnel re-establish it.
Featured In
'%3e%3cpath%20fill='%23E40784'%20d='M141.363%2026.6a5.905%205.905%200%200%201-5.899-5.9%205.905%205.905%200%200%201%205.899-5.895%205.901%205.901%200%200%201%205.895%205.895%205.9%205.9%200%200%201-5.895%205.9Zm0-8.347a2.448%202.448%200%200%200%200%204.895%202.449%202.449%200%200%200%202.447-2.448%202.449%202.449%200%200%200-2.447-2.447ZM141.363%200c-.821%200-1.638.052-2.447.144v3.731a16.897%2016.897%200%200%201%202.447-.177c9.373%200%2017.002%207.626%2017.002%2017.002%200%20.825-.063%201.642-.177%202.448h3.732c.095-.81.143-1.627.143-2.448%200-11.411-9.285-20.7-20.7-20.7Z'/%3e%3cpath%20fill='%23E40784'%20d='M141.363%207.268c-.825%200-1.645.077-2.447.228v3.787a9.733%209.733%200%200%201%202.447-.313c5.369%200%209.734%204.368%209.734%209.734%200%20.832-.107%201.652-.313%202.447h3.783c.151-.802.228-1.623.228-2.447.004-7.412-6.024-13.436-13.432-13.436Z'/%3e%3cpath%20fill='%23fff'%20d='M71.382%207.537h-2.84a5.82%205.82%200%200%200-5.815%205.818v9.785h4.037v-9.789a1.78%201.78%200%200%201%201.777-1.777h2.841V7.537ZM80.539%2019.1a3.787%203.787%200%200%201-3.783-3.784%203.787%203.787%200%200%201%203.783-3.783%203.787%203.787%200%200%201%203.783%203.784%203.787%203.787%200%200%201-3.783%203.783Zm0-11.6c-4.313%200-7.82%203.507-7.82%207.82%200%204.313%203.507%207.82%207.82%207.82%201.372%200%202.66-.357%203.78-.982v.982h4.036V15.32c.004-4.313-3.503-7.82-7.816-7.82ZM41.806%2018.71a5.512%205.512%200%200%201-4.34%202.1%205.55%205.55%200%200%201-5.541-5.541%205.55%205.55%200%200%201%205.542-5.543c1.696%200%203.279.766%204.339%202.102l.088.114%201.656-1.656-.077-.092a7.865%207.865%200%200%200-6.01-2.797c-4.339%200-7.871%203.533-7.871%207.872s3.532%207.871%207.871%207.871a7.865%207.865%200%200%200%206.01-2.797l.077-.091-1.656-1.656-.088.113ZM19.479%207.397c-4.34%200-7.872%203.53-7.872%207.872%200%204.342%203.533%207.871%207.872%207.871a7.883%207.883%200%200%200%207.205-4.71l.081-.18H24.15l-.037.058a5.543%205.543%200%200%201-10.05-1.873h13.2l.015-.11c.048-.357.073-.714.073-1.053%200-4.346-3.529-7.875-7.871-7.875Zm-5.417%206.705a5.54%205.54%200%200%201%205.417-4.376%205.54%205.54%200%200%201%205.417%204.376H14.06ZM46.192%2023.14h2.33v-8.847a4.599%204.599%200%200%201%204.593-4.592%204.599%204.599%200%200%201%204.592%204.592v8.844h2.33v-9.149h-.008a6.887%206.887%200%200%200-2.082-4.648%206.89%206.89%200%200%200-4.832-1.972%206.863%206.863%200%200%200-4.593%201.751V.545h-2.33V23.14ZM2.686%207.393H0v2.33h2.686v8.471a4.944%204.944%200%200%200%204.94%204.939h2.435v-2.33H7.625a2.613%202.613%200%200%201-2.609-2.612V9.726h3.772v-2.33H5.016V1.84h-2.33v5.553ZM101.968%208.457a7.721%207.721%200%200%200-2.547-.858c-.088-.014-.177-.03-.265-.04-.1-.011-.199-.022-.302-.03a9.993%209.993%200%200%200-.574-.029c-.022%200-.04-.004-.062-.004h-.037c-4.313%200-7.82%203.507-7.82%207.82%200%204.313%203.507%207.82%207.82%207.82h.037c.25%200%20.496-.014.743-.04l.037-.003a7.742%207.742%200%200%200%203.003-.939v.979h4.037L106.005.537h-4.037v7.92Zm0%206.863a3.788%203.788%200%200%201-3.769%203.78%203.786%203.786%200%200%201-3.76-3.78c0-2.08%201.688-3.772%203.764-3.78a3.787%203.787%200%200%201%203.765%203.78ZM119.75%2023.11h4.037V15.299c-.011-4.302-3.515-7.798-7.82-7.798-4.313%200-7.821%203.507-7.821%207.82%200%204.313%203.508%207.82%207.821%207.82%201.372%200%202.66-.357%203.783-.982v.953Zm-3.783-4.01a3.786%203.786%200%200%201-3.783-3.784%203.786%203.786%200%200%201%203.783-3.783%203.79%203.79%200%200%201%203.783%203.78v.003a3.787%203.787%200%200%201-3.783%203.784ZM132.273%207.5a5.824%205.824%200%200%200-5.818%205.818v9.822h4.037v-9.822a1.78%201.78%200%200%201%201.777-1.777h2.841V7.5h-2.837ZM173.736%2020.807a5.534%205.534%200%200%201-5.527-5.527%205.534%205.534%200%200%201%205.527-5.528%205.535%205.535%200%200%201%205.528%205.528%205.535%205.535%200%200%201-5.528%205.527Zm0-13.399a7.852%207.852%200%200%200-5.527%202.274V7.393h-2.344V30h2.344v-9.127a7.836%207.836%200%200%200%205.527%202.275c4.339%200%207.872-3.533%207.872-7.872s-3.533-7.868-7.872-7.868ZM186.735%2023.14h-2.385v-9.81a5.84%205.84%200%200%201%205.833-5.834h2.848v2.385h-2.848a3.45%203.45%200%200%200-3.448%203.448v9.811ZM202.813%209.774a5.535%205.535%200%200%200-5.528%205.528%205.535%205.535%200%200%200%205.528%205.527%205.534%205.534%200%200%200%205.527-5.527%205.534%205.534%200%200%200-5.527-5.528Zm0%2013.4c-4.339%200-7.872-3.533-7.872-7.872%200-4.34%203.533-7.872%207.872-7.872s7.872%203.53%207.872%207.872c0%204.339-3.533%207.871-7.872%207.871Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h210.68v30H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
Key Capabilities
Sub-Minute Severance
Physical disconnection of all configured network zones completes within 90 seconds of an authorised command, regardless of network size or complexity.
Absolute Containment
No logical bypass is possible. The physical connection between network segments is removed, making lateral movement impossible regardless of the attacker's privilege level.
Multi-Party Authorisation
Fracture activation requires authorisation from multiple designated parties, preventing accidental or malicious activation by a single compromised account.
Automated Trigger Integration
Fracture can be triggered automatically by SIEM alerts, SOC playbooks, or custom detection rules, reducing response time from human reaction speed to machine speed.
Full Event Logging
Every activation, the identity of authorising parties, and all subsequent path changes are recorded on tamper-proof, physically disconnected storage.
Controlled Restoration
After containment, paths are restored individually through the Relay module with multi-party authorisation, ensuring no cross-contamination during recovery.
Demo to Live
Adoption Guide
Zone Boundary Mapping
Identify every network boundary where emergency severance would be required during an incident, mapping inter-site, inter-segment, and external connections.
Authorisation Framework
Define the multi-party authorisation requirements, automated trigger conditions, and escalation procedures for Fracture activation.
Tabletop and Live Test
Conduct tabletop exercises followed by live severance tests on non-production segments to validate response times and restoration procedures.
Production Deployment
Deploy across all configured zones with SIEM integration, automated triggers for high-confidence detections, and quarterly live testing.
Zone Boundary Mapping
Identify every network boundary where emergency severance would be required during an incident, mapping inter-site, inter-segment, and external connections.
Authorisation Framework
Define the multi-party authorisation requirements, automated trigger conditions, and escalation procedures for Fracture activation.
Tabletop and Live Test
Conduct tabletop exercises followed by live severance tests on non-production segments to validate response times and restoration procedures.
Production Deployment
Deploy across all configured zones with SIEM integration, automated triggers for high-confidence detections, and quarterly live testing.
Questions
Frequently Asked
Ready to take the next step?
See how Control can govern your data paths with physical enforcement no software exploit can bypass.