BrickStor SP vs Superna — purpose-built Cyberstorage vs storage security overlay
Superna has been one of the loudest voices around the Cyberstorage category in recent years, and the company has a long history of helping Isilon and PowerScale customers automate disaster recovery. The question for buyers evaluating both is what kind of architecture each company is actually offering — and what that architecture can and cannot do at the data layer.
Two paths that could not be more different
Both vendors trace their roots to the early 2010s, but the paths could not be more different.
Superna built its early business as a Dell EMC technology partner. Their flagship product, Eyeglass Isilon Edition, was launched in 2015 as a DR orchestration solution for EMC Isilon SyncIQ — replication automation, configuration sync, and failover coordination across Isilon clusters. Ransomware Defender was announced as a follow-on capability in 2017 and was originally positioned in Superna's own documentation as “a last line of defense” for NAS data.
RackTop was founded in 2010 by veterans of the U.S. Intelligence Community to build a storage platform with security embedded in the data path from day one. RackTop coined the term CyberConverged™ Storage in 2018 and shipped what is now broadly recognized as the first NAS in the market with proactive data security built into the storage layer itself — inline threat detection, automated response, forensic audit, and surgical remediation as platform primitives. The four BrickStor patents — Active Defense, Intelligent Bulk Remediation, ImmutaVault, and Transparent Data Movement — are the architectural expression of that decade-long head start.
When Gartner formalized the Cyberstorage category in 2021, it described what RackTop had already been shipping for several years.
Why this matters for the comparison: Superna's center of gravity is adding security capabilities to someone else's storage. RackTop's center of gravity is the storage platform itself being the security control. Both approaches have a place. They are not the same thing.
Credit where it's due
Superna has been a long-term partner of Dell and is known for improving capabilities not native to Dell PowerScale.
Disaster recovery orchestration on Dell PowerScale is mature. Superna Eyeglass has been the de facto DR automation layer for Isilon and PowerScale customers for the better part of a decade. SyncIQ failover orchestration, configuration replication, cluster witness, and DR runbook automation are genuinely useful for organizations running multi-cluster PowerScale environments.
Multi-platform reach. Superna has expanded beyond PowerScale to add support for Dell ECS object storage, Qumulo, VAST Data, and AWS S3. For customers who have already invested in one of those storage platforms and want to add a layer of behavior-based ransomware detection without replacing the storage system, Superna is one of the available options.
Organizations who already have a large storage investment and don't want to replace it will look for overlay solutions like Superna so that, at the very least, it won't be said they didn't recognize the problem with the native data security of their storage.
The difference is not a feature checklist. It's where the security work happens in the data path.
Superna is a software overlay. Ransomware Defender runs in the Eyeglass Clustered Agent (ECA) — a separate virtual appliance that lives outside the storage system. It consumes audit events from PowerScale, runs user behavior analytics, and when it detects something suspicious, it responds by issuing API calls back to the storage array to lock out the offending user via share-level deny permissions. The detection is real-time relative to the audit stream, but the architecture is fundamentally log-driven: events have to be generated by the storage system, shipped to the ECA, processed, and only then can a response be initiated. The security control lives one layer removed from the data.
BrickStor SP is the storage system, and security is in the data path. Active Defense is patented behavioral detection that runs inline as I/O happens — not in a downstream log analytics layer. The decision to block, alert, or quarantine is made by the storage system itself before suspicious writes are allowed to spread. The forensic record is built natively as part of every operation, not assembled after the fact from audit events. Active Defense →
This architectural difference cascades into several others:
Recovery model
Superna depends on snapshots taken automatically when an attack is detected. Recovery means rolling shares back to a snapshot — coarse-grained, with the inherent risk of losing legitimate work that happened in between. BrickStor's patented Intelligent Bulk Remediation identifies only the files touched by the attack from BrickStor's forensic record and surgically remediates them, leaving everything else untouched.
Intelligent Bulk Remediation →Air gap
Superna offers AirGap Automation, which orchestrates replication into a separately licensed and managed isolated environment. BrickStor's patented ImmutaVault delivers air-gap-equivalent immutability as a feature of the same platform — no parallel environment to size, license, and operate.
ImmutaVault →Threat coverage
Superna's marketing centers on ransomware detection. BrickStor SP is designed to defend against both ransomware and data theft / exfiltration. The forensic record, the ABAC enforcement, and the Active Defense behavioral engine all work together to identify abnormal read patterns — the precursor to exfiltration — not just abnormal write patterns. The threat landscape long ago shifted from "encrypt and demand ransom" to double extortion that prioritizes data theft. The defense has to follow.
A platform, not a product stack
Superna requires Dell PowerScale (or Qumulo, VAST, ECS, S3) underneath, plus the Eyeglass DR license, plus the Ransomware Defender license, plus the Eyeglass Clustered Agent appliance, plus whatever vault target you're replicating into. BrickStor SP is one platform with one license model, where Cyberstorage is the system, not an add-on.
The "last line of defense" framing
Superna's own documentation describes Ransomware Defender as "a last line of defense" and notes that for the most privileged attackers, the recommended mitigation is disabling the SMB protocol cluster-wide. BrickStor is designed as a first line of defense at the storage layer — the system that prevents the attacker from getting to "last line of defense" territory in the first place.
The defense itself becomes an attack surface
This is the architectural consequence that deserves its own consideration.
A software overlay running in a separate VM is, by definition, a discoverable network resource — and that means it can be targeted before the main attack on data ever begins. This is not a theoretical concern. Modern adversaries routinely conduct reconnaissance, fingerprint the defensive tooling in an environment, and disable or isolate it before initiating the encryption or exfiltration phase. Disabling backup infrastructure, EDR agents, and storage security overlays is a standard step in current ransomware and data-theft playbooks.
If an attacker can compromise, isolate, or take offline the Eyeglass Clustered Agent VM — through a VM-level vulnerability, a hypervisor compromise, a network partition between the ECA and the storage array, an authentication compromise of the management plane, or a simple denial-of-service against the appliance — then the underlying PowerScale (or Qumulo, VAST, ECS) reverts to being storage without active defense. The data is then defended only by whatever protections the storage system has natively, which is precisely the gap Superna was created to fill. The overlay model trades one weakness for another: it adds detection, but the detection itself is now a target.
BrickStor SP does not have this attack surface.
Active Defense is not a separate VM, not an agent, not a sidecar — it is the storage operating environment. Detection, automated response, ABAC enforcement, ImmutaVault immutability, and the forensic audit record are all features of the same system that serves the data. There is no “turn off the defense and keep the storage” configuration. An attacker cannot disable Cyberstorage without disabling the storage itself — and disabling the storage prevents the data theft or destruction the attacker was attempting in the first place. The data is protected by virtue of being on a system where every read and write passes through the defense.
This is the practical difference between defense of the storage and defense built into the storage.
BrickStor SP vs. Superna — side by side
| Capability | RackTop BrickStor SP | Superna Eyeglass / Ransomware Defender |
|---|---|---|
| Architecture | Purpose-built Cyberstorage platform | Software overlay on third-party storage |
| Storage required | None — BrickStor is the storage | Dell PowerScale, ECS, Qumulo, VAST, or AWS S3 |
| Detection model | Patented Active Defense, inline in data path | Audit-event-driven UBA in a separate VM |
| Recovery | Patented Intelligent Bulk Remediation (surgical, file-level) | Snapshot rollback |
| Immutability / air gap | Patented ImmutaVault (in-platform) | AirGap Automation orchestrating an external vault |
| Threat focus | Ransomware and data theft / exfiltration | Ransomware-first |
| Audit and forensics | Native forensic record on every operation | Derived from the underlying array's audit stream |
| SIEM / SOAR integration | Yes — BrickStor APIs and event stream | Yes — multiple SIEM/SOAR connectors |
| Defense as an attack surface | None — the defense is the storage system | Defense runs in a separate VM (ECA); discoverable and attackable |
| Products / licenses for full Cyberstorage | One | Multiple — storage + Eyeglass DR + Ransomware Defender + ECA + vault target |
Pick the architecture that matches your threat model
Choose Superna if
You have a large, established Dell PowerScale (or Qumulo, or VAST) footprint that you're not in a position to replace, your operations team already runs Eyeglass for DR, and your priority is adding behavior-based ransomware detection as an overlay on the storage you already own. You don't have federal ABAC, classified, or coalition mission environment requirements. You're comfortable operating a multi-product security stack and managing the vault target separately.
Choose BrickStor SP if
You want one platform that is Cyberstorage, with Active Defense, ImmutaVault, IBR, ABAC, and a complete forensic audit trail built in. You need ABAC on unstructured data for federal, classified, or coalition workloads. You want defense against data theft and exfiltration, not just ransomware. You want a first line of defense at the storage layer rather than a last line. And if you're migrating from PowerScale or another legacy NAS, you want a gateway-based migration that gives you Cyberstorage protection on day one of the migration, not after the cutover. GHOST instant migration →
The historical record
Superna's recent marketing positions the company as having pioneered Cyberstorage. The historical record is a useful frame for that claim:
- 2012
RackTop ships BrickStor with a security-first architecture.
- 2014
RackTop adds FIPS AES-256 encryption support.
- 2015
Superna ships Eyeglass for Isilon SyncIQ — a DR orchestration product.
- 2017
Superna adds Ransomware Defender as a follow-on capability, positioned as a "last line of defense."
- 2018
RackTop coins CyberConverged™ Storage and ships the first NAS with security built into the storage layer.
- 2021
Gartner introduces the term "Cyberstorage."
- 2024
Active Defense patent issued — U.S. Patent No. 11,868,495 B2 (Jan 9, 2024).
- 2025
ImmutaVault patent issued — U.S. Patent No. 12,216,779 B2 (Feb 4, 2025). Transparent Data Movement patent issued — U.S. Patent No. 12,333,173 B2 (Jun 17, 2025).
- 2026
Intelligent Bulk Remediation patent issued as a Continuation-in-Part of Active Defense — U.S. Patent No. 12,561,437 B2 (Feb 24, 2026).
Both vendors have been doing real work in the storage security space. The architectural difference between security as an overlay on someone else's storage and security as the storage platform itself is the choice in front of the buyer.
BrickStor SP vs. Superna — answered
- No. Superna's Eyeglass and Ransomware Defender products are built specifically for Dell PowerScale, ECS, Qumulo, VAST, and AWS S3. They are not deployable on BrickStor — and they don't need to be. BrickStor's Active Defense, ImmutaVault, Intelligent Bulk Remediation, ABAC, and forensic audit deliver Cyberstorage natively.
- Superna's detection runs in real time relative to the PowerScale audit event stream. That means events must be generated by PowerScale, shipped to the Eyeglass Clustered Agent VM, processed, and only then can a response be issued back to the array. BrickStor's Active Defense runs inline in the data path on the storage system itself — the decision happens before the suspicious operation is allowed to propagate.
- Superna's own documentation acknowledges that the root user cannot be locked out via deny permissions and that for that class of threat the recommended mitigation is disabling the SMB protocol cluster-wide. BrickStor's ABAC, ImmutaVault, and Active Defense are designed to constrain privileged users continuously — including administrative actions — without taking the storage offline.
- BrickStor exposes its forensic audit and event stream to SIEM/SOAR tools just like Superna does. The difference is that the audit record is generated as a native part of every operation, not derived from a separate audit subsystem on someone else's storage. SOC teams get a higher-fidelity signal with less integration plumbing.
- Superna's documented product timeline shows Eyeglass for Isilon SyncIQ launching in 2015 as a DR orchestration product, with Ransomware Defender added in 2017 as a follow-on capability. RackTop began shipping NAS with security embedded in the storage layer — what is now called Cyberstorage — in the same timeframe, and the four BrickStor patents cover the inline architecture that distinguishes Cyberstorage from a detection overlay. The marketing claims are the marketing claims; the product timelines are public.
- This is a real concern with overlay architectures and one of the most important architectural questions a buyer should ask. Superna's Ransomware Defender runs in a separate virtual appliance — the Eyeglass Clustered Agent — that is discoverable on the network, depends on a continuous audit stream from PowerScale, and is itself subject to the standard set of VM-level, hypervisor, network, and management-plane vulnerabilities that any virtual appliance has. Sophisticated adversaries routinely identify and neutralize defensive tooling before launching the main attack — disabling backup infrastructure, EDR agents, and security overlays is a standard step in current ransomware and data-theft playbooks. If the Eyeglass Clustered Agent is compromised, isolated, or simply taken offline, the storage is defended only by whatever native protections the underlying array has. BrickStor SP doesn't have this exposure. Active Defense is built into the storage system itself — no separate VM, no agent, no sidecar to target. An attacker cannot disable the defense without disabling the storage, and disabling the storage prevents the data theft or destruction the attacker was after to begin with.
- Many of our customers run BrickStor alongside an existing PowerScale + Superna environment first, starting with the highest-risk shares — federal data, classified work, regulated PII, high-value IP — and migrate the rest using BrickStor's gateway-based migration over time. You don't have to choose all at once.
Go deeper
BrickStor SP →
The flagship Cyberstorage NAS — full architecture, capabilities, and use cases.
Built-In vs. Bolt-On Cyberstorage →
Why bolt-on tools like Superna and CryptoSpike can't stop APTs, insider threats, or data theft.
BrickStor SP vs. the field →
Twelve-capability grid covering NetApp, Dell PowerScale, VAST Data, and Pure FlashBlade.
See Cyberstorage Built Into the Storage, Not Bolted On
In a 30-minute demo, we'll show Active Defense, ImmutaVault, ABAC, and Intelligent Bulk Remediation working together — and run a competitive scenario against your current PowerScale + Superna environment.