Abstract: A method of and system for virtual air-gapping of data in a network storage system. The method comprises creating a staging zone around a set of data within a global zone. The global zone is accessible over a network utilizing a network file system. The set of data is indexed generating a manifest containing metadata and a hash for each file within the set of data. The set of data and manifest is reallocated creating vaulted data. Access to the vaulted data is provided through an Application Programing Interface (API) configured to limit access to specified users and permissions which can exclude superusers. The API can be used to verify the vaulted data through recomputing the index manifest and hashes.

Abstract: Cybersecurity active defense in data storage systems are disclosed herein. An example system includes a file system, and an architecture installed on the file system, the architecture being configured to protect the file system in a zero trust manner from a malicious attack by a source system, the architecture including a controller that is configured to determine file-level operations of files in the file system that are indicative of a malicious event, block a user account or machine address interacting with the files, prevent data exfiltration or data corruption of the files, and provide an alert to an administrator regarding the files.