Follow on Twitter using the following hashtags or usernames: #RSAC2026
Watch on YouTube
Watch on Vimeo
Object First was founded with the specific mission of creating a backup storage solution that is ransomware proof. The company focuses on addressing the primary vulnerability in data protection: the storage target. Since 96% of ransomware attacks target backup data to prevent recovery, Object First provides an intentionally hardened, immutable storage appliance designed specifically for Veeam Backup & Replication. As of January 2026 Object First has been officially acquired by Veeam, integrating their technology directly into the Veeam portfolio.
The presentation introduces the concept of Zero Trust Data Resilience (ZTDR), which applies zero-trust principles specifically to the backup ecosystem. This framework emphasizes three core pillars: segmenting backup software from storage to minimize the blast radius of an attack, creating multiple resilient zones for data copies, and utilizing absolute immutability. Unlike standard immutable storage that can often be bypassed by administrative overrides or governance modes, absolute immutability ensures that once data is written, it cannot be altered or deleted by anyone, including the customer or the vendor, until the set retention period expires. This is achieved through the strict enforcement of S3 Object Lock in compliance mode and a hardware-integrated security layer.
Object First offers a physical appliance that is designed to be secure, simple, and powerful. The device can be racked and configured in under 15 minutes because it limits user privileges by default, reducing the human attack surface and preventing accidental or malicious configuration changes. Security is further bolstered by eight-eyes validation for support and regular third-party penetration testing. On the performance side, the appliance leverages Veeam’s Smart Object Storage API to provide high-speed ingest and rapid recovery features like Instant VM Recovery. By focusing solely on being the best storage target for Veeam, Object First eliminates the trade-offs between security and performance found in DIY or general-purpose storage solutions.
Personnel: Anthony Cusimano, Geoff Burke
Watch on YouTube
Watch on Vimeo
Geoff Burke, a senior technology advisor at Object First, outlines the architecture of their “Out-of-the-Box Immutability” (OOTBI) solution. Built on Zero Trust principles, the system secures data by assuming breach at every level, from production data and backup software to the primary storage target. The Object First appliance is a hardened Linux-based on-premises storage target that uses the S3 protocol to ensure there is zero access to destructive actions. By eliminating access to the command line and BIOS and strictly enforcing S3 Object Lock in compliance mode, the system ensures that once data hits the disk, it becomes immediately immutable with zero time to immutability, leaving no window for ransomware to alter or delete backup files.
The core magic sauce of the performance and integration is the Smart Object Storage (SOS) API developed by Veeam. This API allows for deep integration between Veeam and the Object First cluster without the need for complex plugins, providing critical visibility into capacity and space that standard S3 protocols often lack. The SOS API enables smart entities, where Veeam breaks down backup jobs and intelligently allocates them to the best available node for load balancing and optimized throughput. This synergy allows the appliance to support a one-megabyte block size, specifically supercharging Veeam’s Instant Recovery feature, which allows businesses to run virtual machines directly from the backup storage at high speeds during a crisis.
Object First positions its appliance as a simple, powerful alternative to complex DIY or cloud-only storage. While cloud storage is a vital secondary resilience zone, Burke emphasizes that local, on-premises storage is essential for meeting recovery time objectives, as cloud egress and latency can extend recovery windows to unacceptable levels. The appliance is designed to be racked and stacked with minimal configuration, using only three IP addresses and multi-factor authentication to reduce the risk of human error or tech debt. To further support overstretched IT teams, Object First includes a proactive telemetry service that monitors hardware health and storage capacity, ensuring that the last line of defense is always ready when a disaster strikes.
Personnel: Geoff Burke
Watch on YouTube
Watch on Vimeo
Senior Technology Advisor Geoff Burke showcases the integrated honeypot functionality built into the Object First appliance. Designed as a digital tripwire, the honeypot is physically hosted on the appliance but logically segmented to ensure security. It serves as an early warning system to detect lateral movement and reconnaissance efforts by attackers who typically probe the network to identify high-value targets. By mimicking juicy targets like a Veeam Windows Repository or SQL Server, the honeypot lures hackers into interacting with it, allowing the system to trigger immediate alerts before the actual backup data is compromised.
The setup process is intentionally simple, requiring only two clicks within the security settings to enable the honeypot with either a static or DHCP IP address. Once active, the system monitors for unauthorized access attempts and can be configured to send notifications via email or Syslog to a Security Information and Event Management (SIEM) platform or tools like Grafana. In a live demonstration, Burke uses the Zenmap utility to perform an “intense scan” against the honeypot’s IP. The Object First dashboard immediately lights up with events, capturing the attacker’s attempts to probe protocols such as RDP and specialized Veeam services.
The honeypot provides both reactive and preventative benefits for organizations. Reactively, it ensures that IT admins are alerted to an intrusion at any hour–specifically targeting the “Friday night at 2:00 AM” window when many ransomware attacks begin. Preventatively, the visibility of these juicy but fake services can act as a deterrent. A sophisticated hacker who recognizes a cluster of high-value services on a single IP may realize they have hit a honeypot and retreat to avoid further detection. By integrating this feature for free, Object First adds a layer of proactive defense to their absolute immutability strategy, ensuring customers have the tools to stop an attack in its early stages.
Personnel: Geoff Burke
Watch on YouTube
Watch on Vimeo
Anthony Cusimano, Director of Solutions Marketing and one of the company’s earliest employees, provides a roadmap of the company’s rapid hardware and software evolution. Since its inception with OOTBI (Out-of-the-Box Immutability), Object First has expanded its portfolio to include the Ootbi 432, a 2U-node offering 432 terabytes of RAID 60 storage. A single four-node cluster can reach 1.7 petabytes, and through integration with Veeam’s Scale-Out Backup Repository (SOBR), users can scale beyond seven petabytes. On the opposite end of the spectrum, the company introduced the Ootbi Mini, a compact tower designed for edge locations and small businesses that delivers the same “absolute immutability” and honeypot features as the enterprise nodes but in a smaller, desk-friendly form factor.
A major shift in the company’s business model is the introduction of a consumption-based subscription service alongside the traditional perpetual ownership model. This model is supported by a specialized sizing calculator designed to navigate the complexities of immutable storage retention. To ensure a seamless experience, Object First requires telemetry for subscription customers; this allows the company to proactively monitor usage and ship a larger “Box B” before a customer hits their capacity threshold. The transition is designed to be a white glove migration where data is moved to the new appliance and the old hardware is returned, providing a predictable OpEx cycle that avoids the steep cost jumps typically associated with traditional hardware refreshes.
Looking toward the immediate future, Cusimano provided a sneak preview of the Fleet Manager platform, scheduled for official launch on May 6, 2026. Fleet Manager is a secure, cloud-based single pane of glass designed for managed service providers (MSPs) and large enterprises to monitor multiple Object First clusters across various global sites. Driven by telemetry, the tool provides unified visibility into system health, storage utilization, and honeypot alerts without ever touching or transferring actual backup data, maintaining strict zero-trust principles. Future updates to Fleet Manager aim to include centralized S3 bucket creation and remote firmware updates, further simplifying the management of large-scale immutable storage environments.
Personnel: Anthony Cusimano
Thank you for being part of the Tech Field Day community! Our mailing list is a great way to stay up to date on our events and technical content, and we appreciate your signup.
We promise that we’ll never spam you, send ads, or sell your information. This list will only be used to communicate with our community about our events and content. And we’ll limit it to no more than one message per week.
Although we only need your email address, it would be nice if you provided a little more information to help us get to know you better!
