Skip to main content

Frequently Asked Questions

How can I use the First Watch platform if my environment uses an industrial protocol that is not currently supported?

Every system deployment is incremental. Initially, we deploy the platform to protect SCADA machines with ControlGuard and filter all connections to PLCs using PLC Guard at the network level — regardless of the specific industrial protocol in use.

In parallel, our engineering team develops a dedicated parser for your industrial protocol to detect and monitor critical actions, including:

  • Setpoint and variable write/read operations
  • Firmware updates
  • Software download and upload
  • Connections with elevated privileges
  • Changes to PLC operating mode
  • And many others specific to your protocol and environment

We are backed by years of deep engineering experience in industrial protocol analysis. The work will be delivered on time and to an excellent standard.

What if my network traffic is encrypted?

We are actively developing a TLS Inspector capability to handle encrypted industrial traffic. A working prototype has been successfully tested with different types of PLCs, and this feature is planned for the next platform release.

At the moment, TLS inspection is not provided out of the box. If encrypted traffic is a concern in your environment, please contact us to discuss your specific requirements and timeline.

Can the First Watch platform be installed in the cloud?

Yes. The First Watch® platform can be deployed in the cloud as a robust, scalable architecture.

However, the majority of manufacturing plants are not connected to the Internet and prefer to keep their security infrastructure on-premises. The First Watch platform supports all deployment scenarios — on-premises, cloud, or hybrid — ensuring that the architecture aligns with your operational requirements, network topology, and security policies.