PCR Tech and IT retail, distribution and vendor news
In today’s threat landscape, ransomware attacks are no longer isolated incidents; they’re systemic risks. As attackers grow more sophisticated, the traditional backup model is proving insufficient. François Esnol-Feugeas, CEO and co-founder of Oxibox, argues that backup must evolve from a passive recovery tool into an active cybersecurity layer. “Backups are no longer a fallback,” he says, “they’re the first target.”
Founded in 2014 and headquartered in Saint-Quentin-en-Yvelines, France, Oxibox has emerged as a critical player in secure backup software. With over 8,000 contracted customers, 5.5 petabytes of data protected daily, and deployments across 20 countries, the company is redefining what cyber-resilience looks like, especially for mid-sized businesses.
Oxibox’s core philosophy is ‘secure-by-design and secure-by-default’, which means encryption at the source, air-gapped repositories, and disconnected backups that are inaccessible to attackers, even if they breach the production environment. “What the attacker cannot see, cannot access, is by definition secure,” Esnol-Feugeas says.
Oxibox’s value proposition rests on three foundational pillars: security, sovereignty, and simplicity, each designed not just to differentiate the brand but to address the operational realities of mid-market IT environments.
Security isn’t treated as a feature; it’s the architecture. Oxibox delivers automated, disconnected backups with end-to-end encryption, ensuring that data remains inaccessible to attackers even if the production environment is compromised.
Sovereignty reflects the company’s commitment to open formats and operational independence. There’s no vendor lock-in, no opaque licensing, and no reliance on proprietary protocols. MSPs and customers retain complete control over their infrastructure, deployment model, and data lifecycle.
Simplicity is where Oxibox breaks from the legacy mould. Universal coverage across endpoints, virtual machines, NAS devices, and cloud services is delivered through a single agent-based solution that deploys in under 30 minutes. No technical prerequisites, no complex integrations, just plug, protect, and move on.
The company’s technology stack includes:
- At-source encryption: Ensures data is encrypted before transmission, with no decryption possible by Oxibox or third parties.
- Air-gapping and disconnection: Isolates backups from production systems, preventing lateral movement and ransomware propagation.
- R2V (Restore to Virtual): Enables instant restoration of systems as virtual machines across hypervisors.
- Automated restoration testing: Validates backup integrity and service functionality.
- Secure enclaves: Allows restoration in segmented environments for forensic analysis or safe recovery.
Its technology supports Windows, Linux, macOS, Synology, QNAP, VMware, Proxmox, Nutanix, Microsoft 365, and Google Workspace. Deduplication occurs at the source, even on encrypted blocks, and is repository-wide, enabling efficient storage across endpoints.
These capabilities are not bolt-ons; they’re foundational. “You can’t tack security onto an existing product and call it cyber-secure,” Esnol-Feugeas says. “It has to be built in from the start.”
At the heart of Oxibox’s architecture is its Universal Data Protection (UDP) filesystem. Acting as a proxy between backup software and the underlying file system, UDP performs real-time behavioural analysis at the POSIX level. It doesn’t inspect data content; instead, it monitors write sequences to detect anomalies. This zero-trust model is designed to be compatible with leading backup vendors, such as Veeam, Commvault, and Acronis.
The company uses a whitelist approach: only known-good behaviours are allowed. “We only need to know what’s good,” Esnol-Feugeas says. “Everything else is blocked.” The AI-enhanced filesystem is pre-trained on thousands of backup sequences per vendor and protocol, but not on the customer side, avoiding the risk of adversarial retraining. “We also don’t want to analyse or decrypt customer data,” Esnol-Feugeas says, “our job is to protect it.”
Plug-and-Protect: built for the mid-market
Oxibox’s flagship offering, Plug-and-Protect, is designed for organisations with 100 to 1,500 employees, a market often underserved by major vendors but heavily targeted by attackers. The solution is agent-based, source-encrypted, takes less than 30 minutes to deploy and supports deduplication across endpoints, virtual machines, NAS devices, and cloud services like Microsoft 365 and Google Workspace.
One standout case involved a customer hit by Dharma ransomware. Their existing NAS-based backups were rendered unusable. Only the Oxibox-protected backups remained intact, enabling complete restoration within hours. “The paint wasn’t even dry,” Esnol-Feugeas recalls, “they had deployed Oxibox just days before.”
This scenario is increasingly common. In France alone, Oxibox claims to have supported thousands of public entities and private firms through similar incidents. Its partnership with Docaposte, a €1 billion MSSP, highlights its role in national cyber resilience.
The company’s approach to disconnected backups goes beyond traditional methods like immutable S3 buckets or LTO tape libraries. While those options offer protection, they come with trade-offs. “We’ve seen ransomware load tapes back into libraries,” Esnol-Feugeas says. “Physical disconnection isn’t enough if the control plane is compromised.”
Oxibox’s UDP ensures backups are not only disconnected but also encrypted and monitored for anomalous behaviour. Restoration can occur in secure enclaves or cloud environments, preserving forensic evidence and preventing reinfection. The UDP is also backup-aware, recognising legitimate write patterns from supported backup engines and blocking anything else. For example, while Veeam may append data to existing files during incremental backups, UDP knows which sequences are valid and which are suspicious.
This intelligence is built through extensive training, with over 10,000 runs per vendor and protocol. “We don’t simulate attacks,” Esnol-Feugeas explains, “we train on normal behaviour. That’s the whitelist advantage.” The filesystem operates at the lowest level, just above the underlying file system. It’s POSIX-compatible and supports S3, CIFS, NFS, and REST protocols, claiming latency under 1 ms and throughput exceeding 40 Gbps.
The company positions itself as a cybersecurity-first solution, contrasting with infrastructure-centric vendors. Esnol-Feugeas critiques legacy vendors for offering insecure protocols like CIFS and FTP. “You can’t be a cybersecurity product if you offer insecure options,” he argues. “You have to choose: infrastructure or security.”
There are no license limits, and customers can exceed quotas without penalty. The appliance model is subscription-based, with Oxibox responsible for hardware replacement and support.
Oxibox isn’t just securing data, it’s securing trust. Where backups are exploited for extortion, propagation, and supply-chain compromise, the company offers a resilient foundation. “We’re lifesaving when cybersecurity maturity is zero,” Esnol-Feugeas says, “and we stay essential no matter how mature you become.”
