RackTop Systems
Why RackTop / BrickStor SP vs VAST Data
Architectural Comparison

BrickStor SP vs VAST Data: inline Cyberstorage vs an AI platform with partner-delivered security

VAST Data built an impressive platform for AI and analytics throughput, and its immutability and encryption engineering deserve credit. The security question is architectural: VAST's behavioral threat detection and automated response are delivered by partners, Superna off-box and CrowdStrike in the SOC, after events leave the platform. BrickStor SP puts detection and response for both ransomware and data theft inline, in the data path itself.

Two Different Design Centers

An AI data platform that partners for security vs a storage platform that is the security control

VAST Data built its disaggregated shared-everything architecture to make all-flash economical at scale, and it has become a platform of choice for data-hungry AI, analytics, and HPC pipelines served from a single all-flash tier. Its native security engineering is real, with Indestructible Snapshots, per-tenant and per-path encryption, and Zero Trust access controls. But behavioral threat detection and automated response are not in the platform: VAST delivers them through partnerships, with Superna analyzing audit data off-box since May 2024 and CrowdStrike correlating shared telemetry in the SOC since February 2026.

BrickStor SP was engineered from the first line of code as storage that defends itself. Patented Active Defense evaluates every read, write, and delete inline in the data path and terminates hostile sessions in under a second. ABAC governs every SMB, NFS, S3, and Web Drive operation. ImmutaVault provides a virtual air gap inside the platform, and patented Intelligent Bulk Remediation rolls back exactly the files an attack touched. All of it runs on the controller, with no external dependency, which is why it deploys in air-gapped and classified environments.

Why this matters: when the attack is executing, the only defense that can act is the one standing in the I/O path. Everything else finds out afterward.

What VAST Does Well

Credit where it's due

Making flash economical. VAST started in 2016, well before the AI boom, with a genuinely new idea: the DASE architecture and similarity-based global data reduction let it deliver flash performance from lower-cost QLC media, making all-flash economical for workloads that actually require flash performance. When AI demand arrived, that engineering earned it a strong position in GPU and analytics pipelines.

Serious immutability and encryption engineering. Indestructible Snapshots resist deletion even by administrators, and the encryption stack offers per-tenant and per-path keys, cryptographic erase, and external key-manager support. These are real security features, not marketing.

A customer-friendly licensing structure. VAST licenses its software under a model it calls Gemini: the subscription is priced on consumed capacity after reduction, with hardware bought separately at partner cost, and reviewers credit the transparency.

The comparison below is not about whether VAST is a capable platform for AI throughput. It is about the specific architecture of threat detection and response at the storage layer, where the two designs differ fundamentally and the differences are documented.

Storage

Storage capabilities side by side

Capability

RackTop

BrickStor SP

VAST Data

VAST AI OS / Data Platform

Platform design centerPurpose-built primary Cyberstorage NAS. Serving and defending live unstructured data is the same system.Disaggregated shared-everything (DASE) all-flash platform built for AI, analytics, and HPC pipelines, marketed since 2025 as the VAST AI Operating System.
ProtocolsSMB, NFS, S3, and Web Drive from the same dataset, governed by one ABAC policy framework.NFS, SMB, and S3 in a single namespace, plus database and table services for AI pipelines. SMB arrived later than NFS (version 3.0, on a stack VAST built in-house). No browser-based file access.
Snapshots and replicationPolicy-driven immutable snapshots with sub-minute RPO and asynchronous replication, built into the platform.Snapshots with Indestructible Snapshots policy locking, plus snapshot-based asynchronous replication. Solid recovery-point engineering.
Data reductionInline compression and thin snapshots and clones, sized for primary data.Similarity-based global data reduction, a genuine strength that often beats conventional dedup plus compression on mixed data, and the reduction benefit flows into the license price.
TieringPatented Transparent Data Movement: policy tiering to S3, NFS, or another BrickStor while files stay accessible at the original path. Tiering to external storage or cloud S3 is licensed separately per GB.One all-QLC-flash tier by design. There is no hybrid or HDD option for the workloads that do not require flash performance, and flash remains more expensive than hybrid or disk, so cold-data economics rest entirely on QLC pricing and reduction rates.
Licensing modelOne platform license. Active Defense, ImmutaVault, Intelligent Bulk Remediation, ABAC, and audit are included. TDM to external storage or cloud S3 adds a per-GB license.Software subscription under VAST’s Gemini model, licensed on consumed capacity after reduction, with hardware bought separately from certified partners. Credited as transparent. The behavioral security layer (Superna, CrowdStrike Falcon) is separate partner software with its own licensing.
Migration onto the platformSeamless migration from any NAS or NFS/SMB file share. With GHOST, users cut over first, in hours, and data migrates in the background with Cyberstorage protections active from the cutover line.Traditional copy-based migration: copy the files with host-side or partner tooling, run incremental syncs to catch up with changes, then take a planned outage window to cut users over.
Deployment modelsPhysical appliance, SAN gateway (iSCSI / Fibre Channel), or virtual appliance on KVM, Hyper-V, ESXi, AWS, Azure, and Google Cloud.On-premises clusters on certified x86 hardware (integrated through distribution partners) and cloud editions. All-flash only.
Scale range and entry pointScales from a single terabyte at the edge to multiple petabytes in the data center, on the same platform, with the same protections.Built for large clusters: practical starting configurations are typically 500 TB and up. Small-footprint edge deployments are not the design point.
Security

Security capabilities side by side

The decisive differences: where the detection lives (inside the data path vs in partner overlays and the SOC), what the response does (terminate the session vs preserve a recovery point and alert), and what happens to data theft (stopped live vs analyzed after the fact).

Capability

RackTop

BrickStor SP

VAST Data

VAST + Superna / CrowdStrike

Detection modelPatented Active Defense: behavioral evaluation of every read, write, and delete, inline in the storage data path. No training or learning period is required, and because the analysis is behavioral rather than signature-based, it detects and stops zero-day attacks.No native behavioral threat detection documented in the platform. VAST’s documented model is partner-delivered: Superna (partnership announced May 2024) analyzing audit data off-box, and a CrowdStrike Falcon telemetry integration (February 2026) that routes detection into the SOC.
Response modelOffending session terminated in under a second, before mass encryption or exfiltration spreads. Protected snapshots are already being taken in the minutes before the attack, so any file restores with a maximum 1-minute RPO.Response is a function of the partner layer: external tooling processes events, then acts back on the platform. The platform’s own contribution is recovery-point preservation through Indestructible Snapshots.
Data theft and exfiltrationActive Defense analyzes read behavior live. Bulk copying, abnormal access patterns, and staged exfiltration are detected and stopped while the data is still yours.No native capability documented. Exfiltration-type analytics depend on the Superna overlay or SOC-side correlation of shared telemetry, out of band and after the events are generated.
Access controlFull Active Directory and LDAP integration with POSIX permissions and fine-grained ACLs. Native ABAC enforced across all protocols, including NFS 4.2 context security labels, with per-dataset integration with external ABAC policy engines.POSIX, NFSv4, and SMB ACLs with S3 policies and admin RBAC, plus row-level controls in the database layer. No attribute-based access control for file protocols appears in VAST documentation.
ImmutabilityPolicy-driven immutable snapshots, taken continuously with sub-minute granularity, that no credential can delete, including an administrator’s.Indestructible Snapshots: policy-locked until expiration with cluster-unique, time-limited deletion tokens. Genuinely strong immutability engineering, worth crediting.
Cyber vaultingPatented ImmutaVault: a virtual air gap inside the platform holding isolated, immutable, manifest-backed copies that survive administrative compromise. Included with BrickStor SP, with no second environment to license or operate.No equivalent product. Vault architectures are assembled from replication, snapshot locking, and partner tooling, typically with a second cluster to size, license, and operate.
Forensics and auditImmutable, tamper-evident record of every file operation with user, session, and client context, streamed to SIEM and SOAR.Protocol audit logs stream to external systems; the behavioral analysis happens in partner tools or the SOC that receives them.
Compliance and accreditationIntegrated compliance reporting mapped to NIST 800-53 and related frameworks makes it easier to achieve an ATO and demonstrate continuous compliance across regulatory regimes, from one console.Platform hardening and audit features exist; assembling accreditation evidence and demonstrating ongoing compliance is on the administrator and external tooling.
The defense as an attack surfaceNone separate. The defense is the storage system; it cannot be disabled without disabling the storage itself.The detection layer runs outside the platform, in Superna infrastructure or the CrowdStrike cloud, and depends on a continuous telemetry stream. Disabling it reverts VAST to storage without active defense.
External dependency of the security stackAll Cyberstorage functions run on the controller. Fully capable in air-gapped and disconnected environments.The platform itself operates disconnected, but the marketed detection-and-response workflow depends on partner software and, in the CrowdStrike model, SaaS connectivity.
Cyber recoveryPatented Intelligent Bulk Remediation: surgical, file-level rollback driven by the platform’s own forensic record. Sub-minute RPO.Snapshot restore. Identifying which files an attack touched, and when, depends on the external analytics layer.
Performance

Performance architecture side by side

VAST's throughput for AI pipelines is not in dispute. The performance question that matters here is fit: what each data path was engineered to optimize, and whether protection is part of it.

Capability

RackTop

BrickStor SP

VAST Data

VAST AI OS / Data Platform

Workload design pointPrimary, latency-sensitive mixed workloads with security evaluated inline: user shares, project data, engineering, media, and analytics pipelines. Deployed in HPC and AI Factory designs, with BrickStor for Lustre serving parallel-file-system workloads.Massive parallel throughput for AI training, GPU pipelines, HPC, and analytics. A genuine strength, and the workload the whole architecture is optimized for.
Caching architectureRAM is the primary caching layer. Serving reads and writes from memory is faster than flash-based caching, and the headroom lets the platform run its behavioral security functions on-box without impacting user experience or application performance.DASE deliberately avoids large coherent caches: stateless compute nodes, writes landing in storage-class memory, reads served from QLC flash. Excellent for parallel streaming; per-operation security evaluation was never part of the data path design.
Where the security work happensOn-controller, per-operation, with no external hop and no learning-period gaps.In partner overlays and the SOC, after audit events are generated and shipped. No inline cost, but no inline protection either.
Mixed enterprise file workloadsVariable record sizes and RAM-based caching tuned per dataset, sized for mixed read-write enterprise file activity.Read-optimized by design, and reviewers note write performance lags read performance. Home directories and mixed user shares are a different job than the AI pipelines the platform targets.
Protection across deploymentsThe same Active Defense on every deployment: all-flash, hybrid, SAN gateway, and virtual.One all-flash tier, with the level of protection depending on which partner add-ons are licensed and deployed alongside it.

Comparison based on publicly available product documentation, partnership announcements, and peer reviews as of mid-2026. Vendor capabilities evolve; contact us if you believe any entry is out of date and we will validate against the current release. For workload-specific performance, run a proof of concept.

What the public record says about VAST

VAST's reviews are strong and its momentum in AI infrastructure is real. The questions the public record raises are about capability boundaries, not viability, and each is documented.

The behavioral security is partner-delivered. The platform's own documentation covers immutability, encryption, access control, and audit, all real. For detection and response, VAST's announcements point outward: the May 2024 Superna partnership for “real-time suspicious behavior detection” and “automated cyber threat response,” and the February 2026 CrowdStrike partnership that shares data-layer telemetry with the Falcon platform for SOC-side detection. Both run outside the data path. No ABAC for file protocols appears in VAST's documentation. We publish a full deep dive on how the Superna overlay model works on our vs-Superna page.

The design center is AI throughput, not defended file serving. The platform is all-QLC-flash with no hybrid tier, reviewers note write performance lags read performance, and SMB arrived later than NFS on a stack VAST built in-house. None of that is a flaw for GPU pipelines; it is simply a different job than serving and defending mixed enterprise file workloads.

BrickStor SP's contrast is simple: detection and response live inside the data path, cover data theft as fully as ransomware, are included in the platform license, and run identically on all-flash, hybrid, SAN gateway, and virtual deployments, with no external dependency.

The Architectural Consequence

A partnership announcement is not a data path.

VAST's security model splits the job three ways: the platform preserves recovery points, Superna watches audit data from outside, and CrowdStrike correlates telemetry in the SOC. Each piece is legitimate. But the seams between them are where attacks live: events must be generated, shipped, processed, and acted on before anything stops, and the detection layer itself is separate infrastructure that can be targeted, misconfigured, or simply not purchased.

The gap is widest for data theft. Stealing data is a read operation, and reads leave no encryption signature for a snapshot to protect against. By the time off-box analytics flag a bulk read, the copy is done. Indestructible Snapshots, however good, restore nothing that has already left.

BrickStor SP treats the operation itself as the decision point.

Active Defense evaluates reads and writes inline and terminates the offending session in under a second, so a ransomware blast radius is a handful of files and a bulk exfiltration is cut off while the data is still yours. Patented Intelligent Bulk Remediation then rolls back exactly what was touched, using the platform's own forensic record. One architecture stitches three vendors around the attack; the other stands in front of it.

When to Choose Each

Pick the platform that matches the job

Choose VAST Data if

Your problem is feeding AI training, GPU clusters, and analytics pipelines at extreme scale: massive parallel read throughput, exabyte-class namespaces, strong data reduction on a single all-flash tier, and a database layer for pipeline metadata. You are comfortable assembling the security story from the platform's immutability plus Superna or CrowdStrike add-ons managed by your security team.

Choose BrickStor SP if

You have heterogeneous workloads: deployments at the edge in different sizes, a mix of flash and hybrid economics, and an archive with protection, all in one unified ecosystem that goes beyond HPC and AI workloads. You need to defend primary unstructured data in real time against ransomware and data theft equally, with detection and response inside the data path, included in the platform, and fully capable air-gapped. You need ABAC on SMB, NFS, S3, and Web Drive for federal, regulated, or coalition workloads, vaulting as a feature rather than an integration project, and surgical recovery measured in seconds. Deploy at the edge, the core, or the cloud, putting the data where it needs to be to meet the mission and business operations. And if you want fast HPC and AI workload storage with security, check out BrickStor for Lustre.

The Historical Record

Two companies, two missions

  1. 2010

    RackTop founded by veterans of the U.S. Intelligence Community.

  2. 2016

    VAST Data founded by alumni of XtremIO, Kaminario, and CTERA, focused on all-flash scale-out storage.

  3. 2018

    RackTop coins CyberConverged™ Storage and ships the first NAS with security built into the storage layer.

  4. 2019

    VAST exits stealth (February) with its disaggregated shared-everything (DASE) architecture.

  5. 2020

    RackTop ships Active Defense (October): the first inline threat detection and response in a NAS data path.

  6. 2021

    Gartner introduces the term “Cyberstorage.” VAST exits the hardware business (April), moving to Gemini software subscriptions.

  7. 2024

    Active Defense patent issued: U.S. Patent No. 11,868,495 B2 (Jan 9, 2024). VAST partners with Superna for detection and response (May).

  8. 2025

    ImmutaVault patent issued (Feb 4) and Transparent Data Movement patent issued (Jun 17). VAST repositions its platform as the VAST AI Operating System.

  9. 2026

    Intelligent Bulk Remediation patent issued (Feb 24). VAST announces a CrowdStrike Falcon telemetry partnership (February) for SOC-side detection and response.

FAQ

BrickStor SP vs. VAST Data, answered

VAST has strong ransomware recovery: Indestructible Snapshots are policy-locked until expiration, with cluster-unique, time-limited deletion tokens that resist even a rogue administrator. What the platform does not document is native behavioral detection or inline response. VAST’s answer to detection is partnerships: Superna (announced May 2024) analyzes audit data off-box and orchestrates response back to the platform, and the CrowdStrike integration (February 2026) shares data-layer telemetry with the Falcon platform so the SOC can detect and respond. BrickStor SP’s patented Active Defense does the detecting and the stopping inside the data path itself, terminating a hostile session in under a second, with protected snapshots already taken in the minutes before the attack.
Not natively. No read-behavior threat analytics appear in VAST’s platform documentation; exfiltration-type detection depends on the Superna overlay or on SOC-side correlation of telemetry shared with CrowdStrike, both out of band. BrickStor SP analyzes read behavior inline and terminates a bulk-copy or staged-exfiltration session while the data is still in your possession. That matters because double extortion now leads with theft, and no snapshot, however indestructible, restores stolen data.
They solve different layers of the problem. Indestructible Snapshots are excellent snapshot immutability: locked until expiration, resistant to administrative deletion. ImmutaVault is a patented cyber vault inside BrickStor SP: isolated, immutable, manifest-backed copies behind a virtual air gap, with the manifest providing chain-of-custody for forensics and retention, included in the platform with no second environment to license or operate. BrickStor SP also layers continuous immutable snapshots beneath it, so the recovery-point story and the vaulting story are both native.
It is close on the software layer, and worth crediting: VAST supports AES-256 encryption with per-tenant and per-path keys, cryptographic erase aligned to NIST SP 800-88, external key managers over KMIP, and FIPS-validated cryptographic modules. BrickStor SP’s differentiators are the second independent layer, a FIPS 140-3 validated hardware module beneath the per-dataset software keys, and the integration of key management with the rest of the security stack, so a spillage response can combine cryptoshred with the forensic record of exactly what touched the affected dataset.
No. The platforms are optimized for different jobs, and the most common pattern is coexistence: VAST serves the GPU training and analytics pipelines it was built for, while BrickStor SP defends the primary unstructured data attackers actually target, such as user shares, regulated PII, high-value IP, and CUI, with inline defense, ABAC, and ImmutaVault. That pairing also protects the data feeding your AI: models are only as trustworthy as the files they train on, and BrickStor SP guarantees the integrity and provenance of that source data. GHOST migration cuts users over in hours with data following in the background.
VAST licenses its software under a model it calls Gemini, and the structure is genuinely customer-friendly: a software subscription priced on consumed capacity after data reduction, hardware purchased separately from certified partners, and reviewers credit the transparency. Two things to price alongside it: the platform is all-flash only, so every terabyte of cold data sits on QLC flash rather than a cheaper tier, and the behavioral security layer is separate partner software (Superna, CrowdStrike Falcon) with its own licensing. BrickStor SP is one platform license with the security capabilities included, deployable on all-flash or hybrid economics, with multi-year fixed-price subscriptions. We are glad to run the comparison against your actual quote.
Neither vendor publishes audited head-to-head benchmarks against the other. VAST’s parallel throughput for AI and analytics pipelines is impressive and well documented, and we do not argue with it. The honest comparison is what each platform is doing per operation: BrickStor SP evaluates security policy inline on every read and write while serving primary workloads; VAST optimizes for streaming scale and leaves deep security analysis to external partners. For your workload profile, run a proof of concept.

See Inline Defense Next to Your AI Pipeline

In a 30-minute demo, we'll show Active Defense stopping ransomware and a bulk exfiltration inline, then map where BrickStor SP defends the data your pipelines and people depend on.

BrickStor SP vs VAST Data | RackTop Systems