RackTop Systems
Why RackTop / BrickStor SP vs Cohesity SmartFiles
Architectural Comparison

BrickStor SP vs Cohesity SmartFiles — primary Cyberstorage vs file services on a backup platform

Cohesity built one of the industry's strongest data protection platforms, and SmartFiles brings file and object services to it. The question for buyers is not whether Cohesity is good at what it does — it is whether a platform engineered to consolidate and protect copies of data is the right place to serve and defend the live data itself. This page compares the two across storage, security, and performance.

Two Different Design Centers

A backup platform serving files vs a file platform built to defend

Cohesity SmartFiles is the file and object face of the Cohesity Data Cloud. The underlying platform — SpanFS — was engineered to consolidate secondary data: backup targets, archives, digital libraries, rich media, and video surveillance, with global deduplication, compression, and erasure coding delivering excellent capacity efficiency for exactly those workloads. Its security stack follows the same center of gravity: DataLock WORM retention on the cluster, machine-learning anomaly detection in the Helios cloud control plane, and DataHawk and FortKnox delivered as SaaS subscriptions for threat scanning, classification, and cyber vaulting.

BrickStor SP was engineered from the first line of code as primary storage that defends itself. Patented Active Defense evaluates every read, write, and delete inline in the data path. ABAC governs every SMB, NFS, S3, and Web Drive operation. ImmutaVault provides a virtual air gap inside the platform, and Intelligent Bulk Remediation rolls back only the files an attack touched — all on the controller, with no cloud dependency and no separate analytics tier.

Why this matters: Cohesity protects copies of your data. BrickStor SP protects the data itself, live, where attacks actually land. Those are different jobs — and the architecture each vendor built reflects the job it was built for.

What Cohesity Does Well

Credit where it's due

Data protection at scale. Cohesity is one of the largest data backup vendors in the industry — especially after completing its merger with Veritas' enterprise data protection business in December 2024. Backup, replication, and recovery orchestration across large, heterogeneous estates is the company's home turf.

Capacity efficiency on secondary data. Global variable-length deduplication, compression, and erasure coding make the Cohesity Data Cloud a very cost-effective consolidation point for backup data, archives, and other redundant data sets.

A broad resilience portfolio. DataLock WORM retention, quorum controls for critical actions, FortKnox cloud vaulting, and Helios anomaly detection give backup estates meaningful protection against tampering — because destructive data attackers routinely target backups.

If the problem you are solving is “consolidate and protect copies of everything,” Cohesity belongs on your shortlist. The comparison below is about a different problem: serving and defending the live unstructured data your users and missions touch every day.

Storage

Storage capabilities side by side

Capability

RackTop

BrickStor SP

Cohesity

SmartFiles

Platform design centerPurpose-built secure NAS for primary and secondary data — Cyberstorage for live unstructured dataFile and object services (SpanFS) on the Cohesity Data Cloud, a platform built around backup and secondary-data consolidation
ProtocolsSMB, NFS, S3, and Web Drive from the same dataset, governed by one ABAC policy frameworkSMB, NFS, and S3; no native browser-based file access
Snapshots and replicationPolicy-driven immutable snapshots with sub-minute RPO; asynchronous replication to one or more BrickStor targetsSnapshots and replication with DataLock WORM retention for compliance holds
Capacity efficiencyInline compression, thin snapshots and clones — sized for primary dataGlobal variable-length deduplication, compression, and erasure coding — a genuine strength, tuned for highly redundant backup data
TieringPatented Transparent Data Movement — policy tiering to on premises or cloud storage while files stay accessible at the original pathCloud tiering and archive services; can also tier cold data off third-party Tier 1 NAS into the Cohesity cluster
Migration onto the platformGHOST — users cut over first, in hours, and data migrates in the background with Cyberstorage protections active from the cutover lineHost-side copy or third-party migration tooling; planned cutover windows
Deployment modelsPhysical appliance, SAN gateway (iSCSI / Fibre Channel), or virtual appliance on KVM, Hyper-V, ESXi, AWS, Azure, and Google CloudScale-out cluster nodes on certified hardware plus cloud editions
Fault isolation from data protectionA dedicated primary file platform — the backup and archive estate lives on separate systems, so a fault in one cannot take down the otherFile services and DataProtect backup workloads can share the same cluster; public peer reviews caution that a platform issue can affect live shares and backup data together
Security

Security capabilities side by side

The decisive difference is where detection happens — inline in the data path as the attack executes, or in a cloud control plane after the data has changed — and therefore what it can see. Change-based detection cannot see data theft, because stealing data changes nothing.

Capability

RackTop

BrickStor SP

Cohesity

SmartFiles + Helios / DataHawk / FortKnox

Detection modelPatented Active Defense — behavioral evaluation of every read, write, and delete, inline in the storage data path. UEBA-based anomaly detection tuned to each individual and role, on-controller with no external or cloud connectivity requiredMachine-learning anomaly detection in the Helios / DataHawk control plane — change-rate and entropy signals evaluated during protection runs and audit analytics
Response modelOffending session terminated in under a second, before mass encryption or exfiltration spreadsAlerts and a recovery workflow; response centers on restoring from immutable snapshots after the fact
Data theft and exfiltrationActive Defense analyzes read behavior, not just writes — bulk copying, abnormal access patterns, and staged exfiltration are detected and stopped liveAnomaly detection is keyed to data change (change rates, entropy across protection runs) — but exfiltration changes nothing. Files read and copied out leave no change for the model to see. DataHawk adds user activity reporting after the fact, not prevention
Access controlAD/LDAP POSIX permissions with the ability to add native ABAC, enforced on every SMB, NFS, S3, and Web Drive operationAD / POSIX permissions with RBAC, MFA, and quorum for administrative actions; no attribute-based policy in the data path
Immutability and cyber vaultingPatented ImmutaVault — a virtual air gap inside the platform, no second environment to license or operateDataLock WORM on-cluster; FortKnox cyber vaulting is a separate SaaS subscription vaulting to a Cohesity-managed cloud
EncryptionUp to two independent layers of FIPS 140-3 AES-256 with integrated key managementAES-256 at rest and in flight; single layer
Forensics and auditImmutable, tamper-evident record of every file operation, streamed to SIEM / SOARAudit logs and Helios reporting with SIEM integrations
Air-gapped and disconnected operationAll Cyberstorage functions run on the controller — classified and disconnected-site friendlyHelios, DataHawk, and FortKnox are SaaS services; security capability is reduced without cloud connectivity
Cyber recoveryPatented Intelligent Bulk Remediation — surgical, file-level rollback driven by the platform’s own forensic recordSnapshot and backup restore workflows; the recovery point is the last clean protection run
Performance

Performance architecture side by side

Neither vendor publishes audited head-to-head benchmarks, so honest performance comparison starts with what each data path was engineered to optimize.

Capability

RackTop

BrickStor SP

Cohesity

SmartFiles

Workload design pointPrimary, latency-sensitive mixed workloads — user shares, project data, media, engineering, and analytics pipelinesThroughput-oriented consolidation — backup ingest, archives, digital libraries, rich media, and video surveillance
Latency-sensitive and high-I/O workloadsBuilt for hot primary shares — home directories, project and engineering data, media, and metadata-heavy workloads — served from all-flash or hybrid storagePublic peer reviews caution that SmartFiles is not suited to applications needing high I/O or low latency; Cisco’s validated design describes the target as “non-latency-sensitive use cases”
Data pathDirect file serving with security policy evaluated inline on the controller — no external hop in the I/O pathI/O flows through a global deduplication and erasure-coding pipeline engineered for capacity efficiency rather than latency
Where the security work happensOn-controller, per-operation — protection without a separate analytics tierIn the Helios control plane, out of band — no inline cost, but no inline protection either

Comparison based on publicly available product documentation and analyst material. Vendor capabilities evolve — contact us if you believe any entry is out of date and we will validate against the current release. For workload-specific performance, run a proof of concept against your real data profile.

What the public record says about SmartFiles as primary NAS

To be clear about what the record shows: SmartFiles reviews on Gartner Peer Insights and PeerSpot are strong for the workloads it is deployed for. The public critique is not “SmartFiles is bad” — it is specific, and it is about workload class.

Workload fit. Cisco's validated design for SmartFiles describes its audience as deploying for “non-latency-sensitive use cases” — backup target storage, replication, archiving, and file services. Peer reviewers echo the same boundary, cautioning that the platform is not suited to applications needing high I/O or low latency. Cohesity's own file-and-object positioning leads with backup, archive, content management, multimedia, analytics, and video surveillance. None of that is criticism; it is the platform's design center, stated by the vendor, its hardware partners, and its users consistently.

Shared fate with the backup estate. Peer reviews also caution that running file services and DataProtect on the same cluster means a platform failure can threaten both at once. For secondary storage that is an inconvenience; for primary NAS — where users and applications depend on live share availability — it collapses two fault domains that most architectures deliberately keep separate, including the very recovery layer you would lean on during an incident.

Operational fit for Tier 1. Public deployment guidance and reviews also flag the operational texture of running SmartFiles at the front of the client path: DNS round-robin and virtual-IP client distribution that Cisco's design recommends validating from multiple clients, plus reviewer comments on patching friction and reporting gaps for quota, chargeback, and capacity planning. Every platform has operational texture — but for primary NAS, client pathing, maintenance windows, and file-growth visibility are the daily job, not an edge case.

BrickStor SP is the other side of that boundary. It is a purpose-built primary file platform: engineered for hot, latency-sensitive shares, with Active Defense, ABAC, ImmutaVault, and the forensic audit record running inline on the same controller that serves the I/O — and with the backup estate kept on separate systems, where a fault in one can never take down the other.

The Architectural Consequence

Detection tied to the backup window is detection after the damage

Cohesity's anomaly detection is real and useful — for the problem it was built for. Machine learning in the Helios control plane watches change rates and compressibility across protection runs and flags backups that look encrypted. That tells you, with good confidence, that ransomware ran since the last clean backup.

But on the primary tier, everything between those two points in time is the incident: the files encrypted, the data staged and exfiltrated, the intellectual property read by an account that should never have touched it. A control plane that learns about the attack from the next protection run cannot interrupt any of it — its remedy is restore, and its recovery point is the last clean backup.

And that is the best case, because change-based detection only fires when data changes. Data theft changes nothing. An attacker or insider who reads and copies out terabytes of files leaves the data byte-for-byte identical — identical change rate, identical entropy, an identical next backup. There is no anomaly for the model to find, and no snapshot to restore your stolen data back out of the attacker's hands. With double extortion now leading with theft rather than encryption, a defense that only sees writes is blind to the half of the attack that restore can never fix.

BrickStor SP moves the decision into the I/O itself.

Active Defense evaluates the operation while it is happening — reads as well as writes — and terminates the offending session in under a second. For ransomware, that means the blast radius is a handful of files, not a backup window, and Intelligent Bulk Remediation uses the platform's own forensic record to roll back exactly the files that were touched. For data theft, it means the bulk read pattern is detected and the session is cut off while the data is still yours — the one moment when exfiltration can actually be stopped. The disclosure conversation starts from “we stopped it” rather than “we restored most of it.”

When to Choose Each

Pick the platform that matches the job

Choose Cohesity SmartFiles if

Your problem is secondary-data consolidation: you want backup targets, archives, digital libraries, rich media, or surveillance footage on one capacity-efficient, scale-out platform — especially if you already run the Cohesity Data Cloud for data protection and want fewer silos around it. You are comfortable with security analytics, threat scanning, and vaulting delivered as cloud SaaS subscriptions, and your latency-sensitive primary workloads live somewhere else.

Choose BrickStor SP if

Your problem is the live data itself: primary unstructured data that has to be served fast and defended in real time against ransomware, insider misuse, and exfiltration. You need ABAC on SMB, NFS, S3, and Web Drive for federal, regulated, or coalition workloads; sub-minute recovery points; vaulting without a SaaS dependency; and a platform that keeps every security function on the controller — including in air-gapped and disconnected environments. Many organizations run both: Cohesity protecting the backup estate, BrickStor SP defending the primary tier it backs up.

The Historical Record

Two companies, two missions

  1. 2010

    RackTop founded by veterans of the U.S. Intelligence Community to build storage with security embedded in the data path.

  2. 2013

    Cohesity founded, pioneering hyperconverged secondary storage for backup and data protection.

  3. 2018

    RackTop coins CyberConverged™ Storage and ships the first NAS with security built into the storage layer.

  4. 2019

    Cohesity announces SmartFiles — file and object services running on its backup-optimized platform.

  5. 2021

    Gartner introduces the term “Cyberstorage.”

  6. 2022

    Cohesity launches FortKnox (SaaS cyber vaulting) and DataHawk (SaaS data security).

  7. 2024

    Active Defense patent issued — U.S. Patent No. 11,868,495 B2 (Jan 9, 2024). Cohesity completes its merger with Veritas’ data protection business (December 2024).

  8. 2025

    ImmutaVault patent issued — U.S. Patent No. 12,216,779 B2 (Feb 4, 2025). Transparent Data Movement patent issued — U.S. Patent No. 12,333,173 B2 (Jun 17, 2025).

  9. 2026

    Intelligent Bulk Remediation patent issued — U.S. Patent No. 12,561,437 B2 (Feb 24, 2026).

FAQ

BrickStor SP vs. Cohesity SmartFiles — answered

SmartFiles is positioned by Cohesity for consolidating unstructured data on the Cohesity Data Cloud — backup targets, archives, digital libraries, rich media, video surveillance, and tiered-off cold data from Tier 1 NAS. It can serve general-purpose shares, but the platform’s design center is capacity-efficient consolidation of secondary data. The public record draws the same boundary: Cisco’s validated design for SmartFiles targets “non-latency-sensitive use cases,” and peer reviewers caution that it is not suited to applications needing high I/O or low latency. That is why most organizations keep latency-sensitive primary workloads on a dedicated NAS platform. BrickStor SP is that dedicated primary platform, with Cyberstorage defense built into the data path.
Cohesity’s anomaly detection runs in the Helios control plane using machine learning on metrics like data change rate and compressibility (entropy), evaluated during protection runs, plus file-level audit analytics. That means detection is tied to when data is backed up or when analytics jobs process the audit stream — and the response is an alert plus a recovery workflow. BrickStor SP’s Active Defense evaluates every file operation inline at the storage layer and terminates an offending session in under a second, before mass encryption or bulk exfiltration spreads. One model tells you an attack happened; the other stops it while it is happening.
Cohesity’s flagship anomaly detection watches for changes in data — change rates and compressibility evaluated across protection runs. Exfiltration is a read operation: an attacker who copies out terabytes of files leaves the data unchanged, so there is no change-rate or entropy anomaly to detect, and the next backup looks identical to the last one. DataHawk adds user activity tracking and data classification, which help scope an incident after the fact, but nothing in the platform sits in the file data path to stop a bulk read while it is happening. BrickStor SP’s Active Defense analyzes read behavior live — bulk copying, abnormal access patterns, and staged exfiltration trigger inline response, terminating the session while the data is still in your possession. That distinction matters because double-extortion attacks now lead with theft: recovery-centric defenses can restore encrypted files, but no restore returns stolen data.
Helios, DataHawk, and FortKnox are SaaS offerings that depend on cloud connectivity. In disconnected, classified, or intentionally isolated environments, those capabilities are reduced or unavailable. BrickStor SP runs all Cyberstorage functions — Active Defense, ABAC, ImmutaVault, Intelligent Bulk Remediation, and the forensic audit record — locally on the controller, which is why it is deployed in air-gapped federal and defense environments.
The two platforms solve different problems and are frequently deployed together. Cohesity protects copies of your data after the fact; BrickStor SP protects the live data itself — detecting and stopping ransomware, insider misuse, and exfiltration as it happens, on the primary tier where the attack actually lands. Keeping Cohesity for backup while putting the highest-risk live file data on BrickStor SP also improves the backup estate: the data flowing into your protection jobs is already defended, audited, and policy-controlled at the source. And it preserves fault isolation — peer reviews caution that consolidating file services onto the same cluster as DataProtect means a platform issue can threaten live shares and backups together. Keeping the primary tier on a separate, purpose-built platform avoids collapsing those two fault domains.
No, and it is not trying to. Cohesity’s global variable-length deduplication is genuinely strong on backup data, where dozens of copies of the same blocks make very high reduction ratios possible. Live primary unstructured data has far less redundancy, so dedup yields much less on any platform. BrickStor SP uses inline compression and thin snapshots and clones — the efficiency techniques that pay off on primary data — and patented Transparent Data Movement to tier cold data to cheaper storage without moving it out of the namespace.
Cohesity completed its merger with Veritas’ enterprise data protection business in December 2024, making it one of the largest data protection vendors in the industry. That is the point: the company’s center of gravity — engineering, roadmap, and go-to-market — is protecting and recovering copies of data. SmartFiles rides on that platform. RackTop’s entire platform is engineered around defending live unstructured data in real time. Both are legitimate missions; they are different missions.
Neither vendor publishes audited, head-to-head benchmarks against the other, so any specific numbers you see in a comparison should be treated with suspicion. What can be compared honestly is architecture: BrickStor SP serves files directly with policy evaluated inline on the controller, while SmartFiles I/O flows through a deduplication and erasure-coding pipeline designed for capacity efficiency on secondary data. For your workloads, the right answer is a proof of concept — we will run one against your real data profile.

See Live Data Defense Next to Your Backup Estate

In a 30-minute demo, we'll show Active Defense stopping an attack inline, ImmutaVault's virtual air gap, and Intelligent Bulk Remediation — and map where BrickStor SP fits alongside an existing Cohesity deployment.

BrickStor SP vs Cohesity SmartFiles | RackTop | RackTop Systems