Everpure’s Cyber Focus Pulls the Storage Layer Into the Centre of Enterprise Defence
Storage vendors don't typically get invited into CISO conversations. Nobody treated the storage layer as a security problem until the attackers did.
Everpure, the company formerly known as Pure Storage, this week signalled where its strategic focus is heading: the storage layer as an active participant in cyber defence rather than a passive recipient of data. It is a reclassification of what storage infrastructure is supposed to do, one that carries significant implications for how enterprises structure their security architecture and, critically, which vendors get a seat at the CISO's table.
Speaking to The Source Code, Fred Lherault, Field CTO for EMEA and Emerging Markets at Everpure, pointed to the distinction between ransomware and wiperware as evidence that the threat landscape has fundamentally changed. Ransomware denies access and extracts money. Wiperware has no interest in negotiation; it exists to destroy data as rapidly as possible. Incidents tied to geopolitical crises in the Middle East earlier this year demonstrated that category of attack in its most aggressive form. "The data foundation can't just be that passive target," Lherault said. "It now needs to be part of that fight, actively defending by adding speed, visibility and control."
Fred Lherault, Field CTO EMEA/Emerging at Everpure
The perimeter assumption has already collapsed
The architecture of Everpure reflects that most enterprise security strategies are still treated as a worst-case scenario rather than a baseline. "You have to assume that the perimeter is breached," Lherault said. "The network has been breached, the administrator credentials have been breached, and the attackers are within your network." Working backwards from that assumption changes what the storage layer needs to be capable of, and what safe mode, immutability and access controls mean in practice.
Breakout time, the interval between initial network entry and the moment an attacker elevates privileges to become effectively invisible within system processes, has fallen to under 30 minutes, driven by AI-assisted attack tooling. "It used to be that it would take hours between the two," Lherault pointed out. "They'll be visible for 30 minutes, and then they are pretty much invisible." At that speed, a detection-first model is structurally inadequate. The agentic AI threat, he noted, is no longer theoretical. "There have been very well-documented cases of attackers using AI tools, either specialised or generic agents, to actually reach customers. The breakout time is getting to a point where it's extremely difficult to intercept attackers before they become undetectable."
Ransomware costs sit at $74 billion globally, with a 30% increase projected through 2026. The average cost of a single breach reached $4.44 million, according to IBM Security's 2025 report. Veeam's 2026 Data Trust and Resilience Report found that 72% of ransomware-affected organisations never fully recover their data. The recovery failure rate is where EverPure's strategic focus is most critical: if most organisations cannot recover their data, the storage layer that guarantees they can is no longer just infrastructure but insurance.
Safe mode and the human authorisation gate
Everpure's architecture builds on three layers: built-in security, connected detection and dynamic response and recovery. The built-in security component centres on safe mode, a zero-trust immutability layer that prevents data from being changed or deleted. Post-quantum cryptography-ready encryption runs beneath it. Even an attacker holding global administrator credentials cannot modify data protection policies without multi-factor authentication and verified human authorisation. "We're automating recovery as much as possible," Lherault said, "but keeping the human in the loop to ensure that all of those data protection mechanisms are not used by the attackers themselves to impact the data."
The Fusion control plane applies security presets automatically to every application deployed across the environment, closing the configuration drift problem that leaves organisations vulnerable to inconsistent standards. EverPure Protect shares anomaly signals with security operations partners, making the storage layer a contributor to the broader threat intelligence picture. Failover orchestration restores systems within minutes, and we provide SLA-backed hardware replacement within 24 to 48 hours if a system is declared a crime scene.
The internal security posture has shifted as well. "We don't do DevOps anymore," Lherault said. "We do DevSecOps. Every step of everything we're testing and developing, there's a security assessment. We've got a security team that has become an AI security team, researching and testing all of those new tools and methods against our own systems, because that's the only way we can build defence, if we understand what attack vectors exist."
Half of enterprise data is unknown, and that is the real vulnerability
The closing of the 1touch acquisition adds what Lherault described as data and application intelligence, and his explanation reveals a structural problem most enterprises have not publicly confronted. "There's probably only 10 to 15% of data that is really important," he told The Source Code. "Maybe 30 to 40% is redundant or obsolete. But most of them have maybe half of their data that is unknown. It's dark." The practical consequence is that protection tiers and presets cannot be enforced against data that is not understood. "If you rely on humans to tell you that this is critical data, things change," Lherault said. "You're bound to not protect things as they should."
1touch maps data relationships across Everpure systems, cloud environments and SaaS platforms continuously, giving recovery teams the context to restore critical operations first. "The interesting thing with 1touch," Lherault told The Source Code, "Is that it gives us that understanding of the data not just on our systems, but all of the organisation's data, whether it's in the cloud, in SaaS, and how data sets are connected to each other." The renaming from Pure Storage to EverPure, he indicated, reflects that exact widening of scope. "You just can't do storage anymore. You have to really understand the data itself."
What this forces the rest of the industry to confront
Prakash Darji, General Manager of Digital Experience at Everpure, stated the stakes plainly. "The modern enterprise is defined by its data, yet most organisations are flying blind, treating their most valuable asset as a commodity to be warehoused. By architecting our platform to be both data-aware and inherently resilient, we aren't just managing data. We are delivering an insurance policy to help navigate the chaos of the AI era. We are giving our customers the certainty that no matter what happens at the perimeter, the heartbeat of their business stays strong."
The move puts pressure on every other enterprise storage vendor to answer the same question EverPure has now staked a position on: when the perimeter falls, and the endpoint is compromised, what does your layer do? For organisations that have treated storage procurement as an infrastructure decision rather than a security one, that question is about to become considerably more consequential. "It's an arms race," Lherault said. "We need to raise our bar as well."
More announcements are expected at Everpure's Accelerate conference in June. What this week's announcement establishes is the logic that will sit within those announcements.
