Goldilock has revolutionized the way data, devices and infrastructure are protected on networks by allowing you to physically connect and disconnect anything from anywhere, in seconds without using the internet to do so. Our unique, patented platform utilizes secure non-internet communications to keep your sensitive digital assets physically segregated from any network, while still having them accessible at a moment’s notice from anywhere on earth.


Goldilock's secure non-internet communications allow for immediate access to your assets whenever needed, combining the security of cold storage with the speed and flexibility of hot storage.


By enabling physical disconnection of your digital assets from the internet when not in use, Goldilock significantly reduces the attack surface and provides a higher level of protection for sensitive data and systems.


Goldilock's remote connectivity control and compatibility with any network outlet offer versatile options to protect a wide range of devices and networks, giving you the power to tailor your security solution to your specific needs.

“An exciting new approach to protecting high value assets…an essential tool for security architects.”
Greg Akers, Ex-Head of Advanced
Security Research, CISCO

Goldilock is a major advance in cyber security protection. Most cyber products on the market provide just an illusion of protection. They are, after all, connected to the same physical layer, but Goldilock offers a completely new approach to reducing the cyber-attack surface through complete physical isolation.

Any device with an IP address is visible and vulnerable to accidents and attackers, but Goldilock’s unique and patented technology physically segregates data, networks, and people from harm.Goldilock is a 12-port network appliance that is controlled remotely and offers complete network isolation functionality via out-of-band and non-IP based SMS commands.

Benefits at a glance

Remotely connect or disconnect assets in seconds down to port level

Control via Non-IP

Protect anything from a single device to entire networks, SCADA and PLCs

Intuitive, flexible, and powerful User and Administration Interface with reporting

Easy deployment and zero training required to get started – no forklift upgrades

Plugs into any network outlet

Tech Specs

  • Form Factor: 1U Rackmount (19")
  • Interface: 12 x RJ45 port pairs at OSI Layer 1
  • Throughput: Up to 10Gbps per port pair
  • Management: Out-of-Band Management Interface via Web Browser (Built-in)
  • Remote Trigger: Via SMS with number filtering, 2FA/OTP authentication, granular port access
  • Interfaces: 1 x SIM slot, 2 x SMA Antenna connectors
  • Power: 110V to 240V AC @50/60Hz, ~11W average consumption
  • Operating Temperature: 0C to +60C
  • Compliance: CE, UKCA, CISPR 22/32, FCC Part 15B Class A

General use case

Ransomware Response & Recovery

  • Immediately and remotely disconnect networks under attack to stop spread.
  • Isolate back-ups from being compromised to aid faster recovery.

Internal Network/Data Segregation

Physically separate networks or servers (or users) from being visible to each other until required. Shield high risk networks or data that contain IP, PII, industrial control systems, create secure digital vaults, or protect cryptographic keys and wallets

Network Circuit-Breaker

  • Control any type of network in an emergency. React dynamically to network stresses and overloading.
  • Proactively isolate LAN / WAN segments to protect when no needed e.g, out of work hours

Control Untrusted Third-Party Networks

Avoid ‘always-on’ access to the core networks and mitigate risks of indirect cyber-attacks. Time limit access by third party suppliers that are required to carry out work.

DevOps Segregation

Control the business risk of having customer facing systems disrupted. Create a secure procedure between development, testing and production.

Timed 3rd Party Remote Access

Permit authorised contractors and other 3rd parties’ access to agreed network services / segments for scheduled periods after which, assets can be automatically disconnected

Specific use case


What commands are available via Goldilock's messaging stack?

A range of intuitive commands are available to users when sending commands to the appliance, these include examples such as;

Input: Enable port [1-12]

  • Example: Enable port 4
  • Outcome: Specific port will be enabled after the appropriate challenge/response.

Input: Disable port [1-12]

  • Example: Disable port 6
  • Outcome: Port 6 will be disabled after the appropriate challenge/response.

Input: Status port [1-12]

  • Example: Status port 8
  • Outcome: Returns status of the port after the appropriate challenge/response.

All commands and challenge response words are case sensitive.

What roles are defined when using the appliance?

There are two roles, defined as follows;

  • Administrator
    This role exclusively logs in via the Management Port located at the rear of the appliance to provide total physical separation of duties. Administrators can add/remove Administrators, add/edit/configure/remove Users, and general configuration and maintenance duties
  • User
    This role is defined as an approved User who has been authorised to remotely control the TruAirgap™ using SMS. This role has no access to the Management Port, neither physically nor by proxy.
What happens in the event of a power failure to the device?

The appliance will automatically power up once power is restored.

There are three configurable states each port defaults to upon power up:
1. Default to connected state: The airgap will physically connect networks


2. Default to disconnected state: The airgap will physically disconnect networks


3. Default to previously set state: Whichever was the last known state.

Does the appliance function as a hub or a network switch?

It is neither a Layer 1hub nor a Layer 2 switch, from a networking perspective it is the equivalent of a patch cable

  • Think of it as a Layer 1 ‘cable’ that can be remotely plugged in or removed from a physical network port. Devices and networks can be electronically (and physically) connected or disconnected as and when required
  • Imagine a simple RJ45 patch lead with a connection to your LAN at one end and a server or network at the other. The airgap switch sits in the middle of the patch lead in a similar way as if you were joining two patch leads

If you're still in search of answers, we encourage you to explore our informative FAQ section.

5..4..3..2..1 - we're disconnected. Are you?

Get in touch with our experts today and experience the power of physical disconnection for ultimate protection. Request a demo or contact us now!