RackTop Systems
The History of Cyberstorage
Category Origin Story

The History of Cyberstorage

How a company founded by U.S. Intelligence Community veterans built the first storage system that could stop a cyberattack — and created a category the storage industry didn't know it needed.

Request a DemoExplore BrickStor SP

The short version

  1. 2010 — RackTop founded by U.S. Intelligence Community veterans on the premise that storage should defend its data.
  2. 2018 — RackTop coins CyberConverged™ Storage; federal customers adopt BrickStor for embedded security.
  3. September 2020 — The Active Defense patent is filed, ten months before the category has a name.
  4. October 2020 — Active Defense ships: the first NAS that detects and stops attacks inline.
  5. July 2021 — Gartner names the category “Cyberstorage” and cites RackTop as a sample vendor.
  6. 2024–2026 — Four U.S. patents issue on the architecture: Active Defense, IBR, ImmutaVault, TDM.
The Gap Nobody Was Talking About

Before Cyberstorage: storage was a passive participant in security

For the first three decades of enterprise storage, the industry operated under a simple and seemingly reasonable assumption: the storage system's job is to store data. Protecting it is someone else's job.

That assumption shaped everything. NAS systems were optimized for capacity, performance, reliability, and cost. Security was handled elsewhere in the stack — at the endpoint, on the network, at the identity provider, in the SIEM. The storage layer was a passive participant. It accepted reads and writes. It served files. It did not ask questions about whether those reads and writes were legitimate, and it had no ability to stop them if they were not.

By the late 2000s, that calculus had changed. Ransomware emerged as a business model, not a nuisance. Insider threats — credentialed users exfiltrating data they were authorized to access — became a primary concern. Nation-state actors began targeting unstructured data specifically: intellectual property, research, intelligence products, legal documents, financial models. The attacks weren't trying to get in anymore. They were already in. They were going directly for the data.

And the storage systems holding that data had no idea it was happening.

The gap was structural. The data was the target. The storage held the data. And the storage was the one layer in the entire security architecture that was not participating in defense.

2010 — The Founding Premise

RackTop is founded on a different premise

Eric Bednash and Jonathan Halstuch founded RackTop Systems in 2010 in the DC Metro area, after roughly two decades inside the U.S. Intelligence Community. They had spent their careers working on data and security problems where the cost of being wrong was operational — not measured in quarterly earnings, but in missions.

What they had seen from the inside was the gap above, at its most consequential. The most sensitive data in the U.S. government sat on storage systems that had no ability to detect or respond to threats against that data. The security stack around the storage was sophisticated and expensive, but the storage itself was blind.

The founding premise of RackTop was that this had to change. The storage system itself should be an active participant in defense — not a passive target, not a log source for somebody else's tool, but an active defender that watches every read and write, recognizes attacks as they happen, and stops them before the damage is done.

This was not a popular idea in 2010. The storage industry was focused on flash, cloud tiering, and hyperconverged infrastructure. Nobody was asking "what if the NAS could stop a ransomware attack?"

RackTop built it anyway.

2018 — CyberConverged™ Storage

The first federal customers — and the first name for the category

By 2018, RackTop had built what it called CyberConverged™ Storage — a term that first appeared in the company's datasheets that year to describe the convergence of cybersecurity capabilities and enterprise storage into a single platform.

BrickStor in 2018 was already a fundamentally different kind of NAS:

  • Encryption and key management — FIPS AES-256 encryption with integrated KMIP-compliant key management, built into the storage system itself rather than bolted on.
  • Multi-Level Security (MLS) — the ability to enforce classification-level separation at the storage layer for classified environments.
  • A security-first architecture designed by founders who had spent two decades inside the Intelligence Community.

Federal customers were purchasing BrickStor specifically because of these capabilities. But the most consequential capability — the one that would define an entirely new category — was still being developed.

October 2020 — The Cyberstorage Moment

Active Defense ships

In October 2020, RackTop launched the first version of Active Defense at a virtual Racktoberfest event. It was the leap from "a NAS with strong security features" to "a NAS that actively detects and stops cyberattacks in real time."

What shipped was the first NAS platform with proactive data security embedded directly into the storage data path — not bolted on, not integrated via API, not analyzed in a downstream pipeline. Built into the data path itself, inspecting file operations in real time, analyzing behavior against threat models, and taking automated action when an attack was recognized.

The capabilities that made this a new category:

  • Inline threat detection — every SMB and NFS operation inspected in real time against behavioral analytics and anomaly detection models.
  • Automated response — when an attack pattern was recognized, the storage stopped the offending session and isolated the user in under a second.
  • Proactive defense against all data threat types — ransomware, insider exfiltration, mass deletion, credentialed account misuse, and quiet long-running data theft.
  • Forensic audit trail — an immutable record of every file operation, with full context.
  • Remediation built into the storage — surgical recovery using the forensic record, rolling back only affected files.

No other storage vendor had shipped this combination. RackTop had built something genuinely new. The question was what to call it.

2021 — Gartner Names the Category

"Cyberstorage" enters the analyst vocabulary

In July 2021 — nine months after RackTop shipped Active Defense — Gartner published the Hype Cycle for Storage and Data Protection Technologies, 2021, authored by Julia Palmer and dated July 22, 2021. In that report, Gartner introduced the term Cyberstorage to describe a category of storage solutions that embed security capabilities — detection, protection, and recovery from cyber threats — directly into the storage platform. RackTop was named as a sample vendor.

On August 17, 2021, RackTop announced its recognition. On October 8, 2021, Gartner published Innovation Insight for Cyberstorage Solutions to Protect Unstructured Data Against Ransomware by Jerry Bozeman and Julia Palmer — the first dedicated Cyberstorage research note.

The timing was not coincidental. The Colonial Pipeline attack, JBS Foods, and a wave of healthcare attacks during COVID-19 had made ransomware a boardroom and national-security conversation. The question "what is the storage system doing about this?" was being asked for the first time.

Gartner's contribution was to formalize what RackTop had been building since 2018 — and, in truth, since 2010 — into a named category. RackTop, which had coined "CyberConverged Storage" in 2018, shipped Active Defense in October 2020, and was named by Gartner as a sample vendor in the category's debut report, was the clear originator.

Proof of Invention

Four U.S. patents on the core Cyberstorage architecture

The patents are the U.S. Patent and Trademark Office's verification that the architecture is original and non-obvious — verification most storage vendors' security features don't have.

U.S. Patent No. 11,868,495 B2 (issued January 9, 2024)

Active Defense in Cyberstorage

The architecture and methods by which BrickStor inspects file operations inline, recognizes attacks through behavioral analytics and AI-driven anomaly detection, and stops them in real time at the storage layer. The foundational patent — what makes Cyberstorage a new category rather than a feature checklist on an existing NAS. Filed September 8, 2020 and shipped in production the following month — ten months before Gartner named the category the patent describes.

U.S. Patent No. 12,561,437 B2 (issued February 24, 2026, CIP of 11,868,495)

Intelligent Bulk Remediation

The ability to use the forensic record of every file operation to surgically recover from a cyber event — rolling back only the files affected by a specific attack session in minutes, instead of restoring an entire share over days.

U.S. Patent No. 12,333,173 B2 (issued June 17, 2025)

Transparent Data Movement (TDM)

The gateway and tiering technology that lets BrickStor present a unified namespace while data physically lives across heterogeneous tiers, sites, and clouds — with security policy and audit continuity preserved across the move.

U.S. Patent No. 12,216,779 B2 (issued February 4, 2025)

ImmutaVault

The virtual air gap technology that delivers immutable, indelible, isolated copies of critical data inside the storage system itself, without the cost and complexity of a separate vault appliance.

Read the full abstracts, filing dates, and patent numbers →
2021–2024 — The Industry Catches Up (Partially)

Recovery primitives are not Cyberstorage

After Gartner named the category, the major storage vendors began adding security features at an accelerated pace:

  • NetApp introduced Autonomous Ransomware Protection (ARP) for ONTAP.
  • Dell expanded PowerProtect Cyber Recovery and Superna integrations with PowerScale (Isilon).
  • Pure Storage enhanced SafeMode immutable snapshots on FlashBlade.
  • VAST Data, Qumulo, and others began incorporating security-adjacent features.

Each is meaningful, and RackTop gives each vendor credit for taking the threat seriously. But there is a structural difference between adding security features to a storage system that was designed before the threat existed, and building a storage system around the security architecture from day one.

The major vendors added recovery primitives — immutable snapshots, isolated vaults, anomaly detection on backed-up data. Important and complementary. But not Cyberstorage. They do not inspect file operations inline in the data path. They do not stop attacks in real time. They do not perform surgical recovery from a forensic record of every file operation. They do not enforce Attribute-Based Access Control on unstructured data.

The patented capabilities that define the Cyberstorage category — Active Defense, Intelligent Bulk Remediation, ImmutaVault, TDM — remain unique to RackTop's BrickStor SP.

The Timeline

From founding to category — in brief

  1. 2010

    RackTop Systems founded in the DC Metro area by Eric Bednash and Jonathan Halstuch, veterans of the U.S. Intelligence Community.

  2. 2010–2017

    Early BrickStor development. The core architectural premise — storage should be an active defender — is established. Security-first design with encryption, key management, and data protection capabilities built in from the start.

  3. 2018

    RackTop coins CyberConverged™ Storage — the term first appears in company datasheets. Federal customers begin purchasing BrickStor for its data security features, including encryption, key management, and Multi-Level Security for classified environments.

  4. 2018–2020

    BrickStor's first ABAC/MLS deployments for classified and security-sensitive environments. Active Defense concept developed internally.

  5. September 8, 2020

    RackTop files the Active Defense patent — ten months before the category has a name. "Cyberstorage" appears nowhere in the filing, because the term did not exist yet; the category was later named to describe what the patent claims.

  6. October 2020

    RackTop ships Active Defense — the first NAS with inline threat detection, automated response, and surgical remediation in the storage data path. Launched at virtual Racktoberfest. This is the Cyberstorage moment.

  7. July 22, 2021

    Gartner introduces "Cyberstorage" in Hype Cycle for Storage and Data Protection Technologies, 2021 by Julia Palmer. RackTop named as a sample vendor — nine months after Active Defense shipped.

  8. August 17, 2021

    RackTop announces Gartner recognition, describing Cyberstorage as a "newly identified category."

  9. October 8, 2021

    Gartner publishes Innovation Insight for Cyberstorage Solutions to Protect Unstructured Data Against Ransomware by Jerry Bozeman and Julia Palmer — the first dedicated Cyberstorage research note.

  10. 2021–2023

    Major storage vendors begin adding security features. NetApp ARP, Dell PowerProtect + Superna, Pure SafeMode. Recovery primitives, not inline active defense.

  11. 2023

    CAMI Cybersecurity Innovation of the Year.

  12. January 9, 2024

    RackTop's Active Defense patent issued — U.S. Patent No. 11,868,495 B2.

  13. 2024–2025

    CRN 5-Star Partner Program. ESG Technical Validation. BrickStor SP available on HPE hardware as an HPE Technology Partner.

  14. February 4, 2025

    ImmutaVault patent issued — U.S. Patent No. 12,216,779 B2.

  15. June 17, 2025

    Transparent Data Movement patent issued — U.S. Patent No. 12,333,173 B2.

  16. 2025–2026

    BrickStor CSfC Data at Rest aligned to NSA CSfC program. Hub Central unifying the product line. ABAC across every product. The Cyberstorage category RackTop invented is becoming a baseline requirement for enterprise and federal storage.

  17. February 24, 2026

    Intelligent Bulk Remediation patent issued as a Continuation-in-Part of Active Defense — U.S. Patent No. 12,561,437 B2.

The Definition

What Cyberstorage is

Cyberstorage is a category of storage systems that embed cybersecurity capabilities — real-time threat detection, automated response, forensic audit, and recovery — directly into the storage platform, rather than relying on external security tools to protect the data after the fact.

A true Cyberstorage platform:

  • Inspects file operations inline in the storage data path, not in a downstream log-analysis pipeline
  • Detects threats in real time using behavioral analytics, AI-driven anomaly detection, and zero-trust policy enforcement
  • Stops attacks automatically at the storage layer, in seconds, without waiting for a human or an external SIEM/SOAR
  • Recovers surgically from the storage system's own forensic record, rolling back only the affected files
  • Maintains immutable, indelible copies of critical data that survive even administrative compromise
  • Produces continuous compliance evidence mapped to regulatory frameworks

RackTop's BrickStor SP is the platform that defined these criteria — years before the category had a name.

2025 and Beyond

Cyberstorage as a requirement, not a category

The most interesting thing happening now is that "Cyberstorage" is shifting from a category name to a requirement. Buyers are no longer asking what is Cyberstorage? — they are asking why doesn't my NAS have it?

  • Regulatory pressure. CMMC / NIST 800-171, HIPAA, and financial frameworks are increasingly explicit about controls on unstructured data.
  • Insurance pressure. Cyber insurance underwriters are asking specifically about storage-layer defenses, immutability, and recovery capabilities.
  • Board-level attention. "What are we doing about ransomware at the data layer?" is being asked in board meetings.
  • Federal mandates. Zero Trust Architecture (NIST 800-207, OMB M-22-09, DoW Zero Trust Strategy — formerly the DoD Zero Trust Strategy) explicitly extends zero trust to the data layer.
  • The AI data problem. Training data is the new intellectual property — and the storage holding it has become a high-value exfiltration target.

RackTop's position is the position of the company that built the category before it had a name. The four patents, the ABAC capability that no competitor offers on unstructured data, the federal pedigree of a company built by IC veterans, and the operational track record across DoW (formerly DoD) and enterprise deployments are the proof points.

CRN 5-Star Partner Program Guide 2026Globee Awards for Cybersecurity 2026 — Silver, Unstructured Data SecurityTITAN Business Awards 2024 — Excellence in Cyber-Secure StorageGlobal Infosec Awards 2023 — four awards for Active DefenseGovies Awards — two Platinum awards for Cyber Defense Solutions and Storage
Where to Go From Here

Evaluating Cyberstorage for your organization?

BrickStor SP →

The flagship Cyberstorage NAS with all four patented technologies.

Compare BrickStor Products →

Find the BrickStor that fits your mission.

Active Defense →

The patented technology at the heart of Cyberstorage.

Why RackTop →

Patents, recognition, and the founding story.

FAQ

The questions buyers and analysts ask

RackTop Systems invented the Cyberstorage architecture, originally calling it CyberConverged™ Storage when the term first appeared in company datasheets in 2018. RackTop shipped the first Active Defense capability — inline threat detection and automated response in the NAS data path — in October 2020. Gartner formalized the category name "Cyberstorage" in July 2021, naming RackTop as a sample vendor. RackTop holds four U.S. patents on the core Cyberstorage capabilities.
They describe the same concept — storage with embedded cybersecurity. "CyberConverged" was RackTop's original term, first used in datasheets in 2018. "Cyberstorage" was the name Gartner applied to the category in July 2021. RackTop adopted "Cyberstorage" as the category name after Gartner's formalization.
No. Ransomware protection features on legacy NAS platforms (like immutable snapshots or basic behavioral detection) are recovery primitives. Cyberstorage is a complete architecture: inline detection, real-time response, forensic audit, surgical recovery, and immutable vaulting — all built into the storage data path. RackTop holds patents on the architecture.
Several vendors have added security features to their storage platforms since Gartner named the category. Most have added recovery primitives (immutable snapshots, isolated vaults). None have shipped the patented inline Active Defense, Intelligent Bulk Remediation, ImmutaVault, and TDM architecture that defines RackTop's Cyberstorage platform.
If your unstructured data is a target — if ransomware, insider threats, or data exfiltration are in your threat model — then the question is whether your storage system is participating in defense or sitting passively while the attack happens. Cyberstorage is the answer for organizations that have decided storage should participate.
Yes. Gartner introduced the category in 2021. TechTarget Enterprise Strategy Group published a technical validation of RackTop's BrickStor SP. DCIG ranked RackTop in their Top 5 for Cyberstorage.

See the Cyberstorage Category in Action

BrickStor SP is the platform RackTop built before Cyberstorage had a name. Schedule a demo and see Active Defense, ImmutaVault, TDM, and Intelligent Bulk Remediation working together.

Request a DemoTry BrickStorTalk to an Engineer
History of Cyberstorage: Gartner Category Timeline | RackTop | RackTop Systems