Goldilock

Goldilock

Goldilock has revolutionized the way data, devices and infrastructure are protected on any network by allowing you to physically connect and disconnect anything from anywhere, in seconds without using the internet to do so. Our unique, patented platform utilizes secure non-internet communications to keep your sensitive digital assets physically segregated from any network, while still having them accessible at a moment’s notice from anywhere on earth.

Secure Your Assets TodaySchedule a Demo Now

Instant
Accessibility

Goldilock's secure non-internet communications allow for immediate access to your assets whenever needed, combining the security of cold storage with the speed and flexibility of hot storage.

Enhanced
Security

By enabling physical disconnection of your digital assets from the internet when not in use, Goldilock significantly reduces the attack surface and provides a higher level of protection for sensitive data and systems.

Customizable
Control

Goldilock's remote connectivity control and compatibility with any network outlet offer versatile options to protect a wide range of devices and networks, giving you the power to tailor your security solution to your specific needs.

Benefits at a glance

Goldilock is a major advance in cyber security protection. Most cyber products on the market provide just an illusion of protection. They are, after all, connected to the same physical layer, but Goldilock offers a completely new approach to reducing the cyber-attack surface through complete physical isolation.

Any device with an IP address is visible and vulnerable to accidents and attackers, but Goldilock’s unique and patented technology physically segregates data, networks, and people from harm.Goldilock is a 12-port network appliance that is controlled remotely and offers complete network isolation functionality via out-of-band network and various non-IP based commands.

Remotely connect or disconnect assets in seconds down to port level

Control via Non-IP
(network)

Protect anything from a single device to entire networks, SCADA and PLCs

Intuitive, flexible, and powerful User and Administration Interface with reporting

Easy deployment and zero training required to get started – no forklift upgrades

Plugs into any network outlet (including FIBRE)

Tech Specs | 12 Port Ethernet RJ45 Variant

  • Form Factor: 1U Rackmount (19")
  • Interface: 12 x RJ45 port pairs at OSI Layer 1
  • Throughput: Up to 10Gbps per port pair
  • Management: Out-of-Band Management Interface via Web Browser (Built-in)
  • Remote Trigger: Via SMS with number filtering, 2FA/OTP authentication, granular port access
  • Interfaces: 1 x SIM slot, 2 x SMA Antenna connectors
  • Power: 110V to 240V AC @50/60Hz, ~11W average consumption
  • Operating Temperature: 0C to +60C
  • Compliance: CE, UKCA, CISPR 22/32, FCC Part 15B Class A

General use cases

Ransomware Response & Recovery

  • Immediately and remotely disconnect networks under attack to stop spread.
  • Isolate back-ups from being compromised to aid faster recovery.

Internal Network/Data Segregation

Physically separate networks or servers (or users) from being visible to each other until required. Shield high risk networks or data that contain IP, PII, industrial control systems, create secure digital vaults, or protect cryptographic keys and wallets

Network Circuit-Breaker

  • Control any type of network in an emergency. React dynamically to network stresses and overloading.
  • Proactively isolate LAN / WAN segments to protect when no needed e.g, out of work hours

Control Untrusted Third-Party Networks

Avoid ‘always-on’ access to the core networks and mitigate risks of indirect cyber-attacks. Time limit access by third party suppliers that are required to carry out work.

DevOps Segregation

Control the business risk of having customer facing systems disrupted. Create a secure procedure between development, testing and production.

Timed 3rd Party Remote Access

Permit authorised contractors and other 3rd parties’ access to agreed network services / segments for scheduled periods after which, assets can be automatically disconnected

Specific use cases

FAQ

Can port connections be scheduled automatically?

Yes. Time-based port scheduling is a supported operational mode and is useful for DevOps segregation, timed third-party access windows, or out-of-hours isolation of non-critical systems.

Do ports time out after inactivity?

No. By design. Disconnection and reconnection require explicit authorized commands. This prevents accidental reconnection but also means operational procedures must be defined for returning to a connected state after an isolation event.

How do organizations typically decide when to disconnect?

Two primary operational models exist:

  1. Normally connected — the FireBreak™ sits inline and is triggered to disconnect in response to a threat, alert, schedule, or procedural event
  2. Normally disconnected — assets are isolated by default and only connected when service is actively required, such as during scheduled maintenance windows or authorized third-party access

Many deployments use a combination of both models across different segments.

Will installing a FireBreak™ risk accidental downtime?

This is a common concern and, in practice, a manageable one. FireBreak™ is designed to be operated by the same staff who already control critical systems — network, security, and processing teams. Standard operating procedures define when and how ports are opened or closed. Accidental disconnection carries a similar risk profile to accidentally removing a patch cable, which trained operations staff already manage routinely.

How do administrators access the management GUI?

Via the rear Management Console Port. Connect it to a dedicated management network and access the device’s IP address through a browser. Security aligns with NIST 800-63 requirements, including two-factor authentication, brute-force protection, and full audit logging.

How is out-of-band access secured?

The SMS interface rejects all messages by default. To authorize a user:

  1. Whitelist their mobile number
  2. Assign specific port permissions
  3. Generate a unique OTP seed key compatible with Google Authenticator, Microsoft Authenticator, or Cisco Duo

Every command must include a valid OTP. Failure to meet any of the three criteria results in rejection.

What commands are available?

Enable port [1–12], Disable port [1–12], and Status port [1–12]. All commands require challenge/response authentication and are case-sensitive. The full command set is documented in the Administration Guide.

How are users and administrators defined?

There are two roles. Administrators configure the appliance, provision users, set port permissions, and manage OTP seed keys — exclusively via the rear Management Port (ensuring physical separation of duties). Users are authorized to send connect/disconnect commands to assigned ports via the secure messaging stack. Users have no access to the Management Port.

If you're still in search of answers, we encourage you to explore our informative FAQ section.

5..4..3..2..1 - we're disconnected. Could you?

Get in touch with our experts today and experience the power of physical disconnection for ultimate protection. Request a demo or contact us now!

Request a demoContact us