Skip to main content

First Watch Offering

First Watch® is a purpose-built cybersecurity platform for industrial control systems.

Its primary objective is not to observe what is happening, but to control what is allowed to happen.

Primary Objectives

Active Protection — Detection and Prevention of Unauthorised Changes

The platform continuously monitors system behaviour, control logic, and communication patterns to establish an approved operational baseline.

Based on this baseline, First Watch:

  • Detects deviations from expected behaviour
  • Identifies unauthorised or abnormal actions
  • Prevents unauthorised changes before they impact control systems

Protection is applied at the point of action:

  • On workstations → controlling application execution
  • On networks → controlling protocol-level communication
  • On controllers → governing logic and configuration changes

This ensures that:

only approved actions are allowed within the system

Enforced Change Management — Controlled and Auditable System Modifications

In industrial environments, change is unavoidable — but it must be controlled.

First Watch enforces a structured change control model where:

  • All changes must be explicitly authorised
  • A designated Asset Owner is responsible for approval
  • Changes are executed within defined time windows and policies
  • All actions are fully traceable and auditable

This ensures that:

  • operational intent is preserved
  • unauthorised or accidental changes are prevented
  • accountability is maintained

Change is not blocked — it is controlled

Secondary Outcomes

Downtime Reduction — Early Detection of Misconfigurations and Failures

While not the primary objective, the platform significantly reduces operational risk by identifying issues early.

Through continuous validation of:

  • process variables
  • device states
  • communication integrity

First Watch enables detection of:

  • misconfigurations
  • abnormal conditions
  • emerging faults

before they escalate into:

  • production downtime
  • equipment damage
  • process instability

What First Watch Does

The platform enforces policy at the point of action.

It prevents:

  • unauthorised software execution on workstations
  • unauthorised PLC commands and configuration changes
  • deviations from approved communication patterns

Unlike monitoring systems that only generate alerts, First Watch:

actively enforces what is allowed within the system

Who It Is For

First Watch is built for:

  • Operators
  • Engineers
  • System integrators
  • Security and compliance personnel

responsible for protecting critical infrastructure, including:

  • energy
  • water and wastewater
  • manufacturing

How It Differs

Traditional security solutions focus on visibility.

First Watch is built for control.

It is designed specifically for industrial environments and provides:

  • deterministic, policy-driven enforcement
  • understanding of industrial protocols and behaviour
  • phased deployment from monitoring to enforcement
  • operation without disrupting critical systems

Visibility shows the problem. Control prevents it.

Platform Components

First Watch consists of three core components:

  • ControlGuard — Application control and change detection for SCADA and engineering workstations
  • PLC Guard — Deep packet inspection and enforcement across industrial control protocols
  • Controller — Centralised governance, policy management, and reporting

See Platform Architecture for how these components work together.