Skip to main content

Use Cases

PLC Guard™ can be deployed as a physical or virtual appliance positioned within the industrial network to monitor and control traffic to and from PLCs and other critical control devices.

PLC Guard supports two connectivity modes:

  • SPAN port (mirror) — connected to a network switch mirror port for passive monitoring and visibility without affecting traffic flow
  • Inline — positioned directly in the communication path for active protection and policy enforcement

This section describes the key operational use cases that demonstrate how PLC Guard supports visibility, segmentation, and deterministic protection.

Selective Protection of Communication Flows

Where operationally approved, PLC Guard™ supports selective protection of communication paths, based on engineering decisions and defined policies.

Operationally:

  • Approved communication flows are explicitly allowed
  • Unauthorised or unexpected flows can be restricted or blocked
  • Enforcement is scoped to specific assets, zones, or communication paths

All enforcement is intentional and controlled, avoiding broad or implicit blocking.

Example: A PLC is protected so that only designated SCADA and authorised engineering systems can issue control commands, preventing unauthorised devices from interacting with the controller.

Passive and Active Deployment Modes

PLC Guard™ supports both passive and active operational modes to align with different stages of deployment and confidence.

  • Passive mode — focuses on monitoring and detection only
  • Active mode — enables controlled enforcement of approved policies

This allows organisations to move from visibility to protection at a pace defined by operational readiness.

Example: During initial deployment, passive monitoring reveals undocumented dependencies. After validation by engineers, active protection is introduced without disrupting normal operations.

PLC Guard as a Logical Control Point

PLC Guard™ can operate as a logical network control point, supporting segmentation and communication control without modifying PLC logic.

This enables:

  • Enforcement of communication boundaries
  • Controlled segmentation between zones
  • Protection of PLCs using network-level controls

Example: Lateral movement from an infected workstation toward PLC networks is constrained, even though the workstation still has general network access.

Latency Awareness and Deep Packet Inspection

PLC Guard™ incorporates capabilities designed for real-time industrial environments, including:

  • Latency awareness — ensuring monitoring and enforcement remain compatible with control timing requirements
  • Deep Packet Inspection (DPI) — for supported industrial protocols, understanding command intent rather than just packet structure

These capabilities provide insight without compromising deterministic behaviour.

Example: A sequence of valid protocol messages is analysed at the command level, revealing unsafe or unexpected operations that would not be visible through traditional packet inspection.

Policy-Based Control

PLC Guard™ operates under policy governance, where automation engineers define what communication behaviour is acceptable.

Policies may describe:

  • Allowed protocols and command types
  • Asset-to-asset communication relationships
  • Pattern-based detection logic (including regex-based rules)
  • Compatibility with industry-standard detection rule formats

The design and tuning of PLC Guard policies requires detailed process and operational knowledge and is therefore addressed separately through implementation activities and training.

VPN Support for Secure Connectivity

PLC Guard™ supports secure VPN-based connectivity as part of its network protection model, including:

  • Mesh VPN — for controlled communication between distributed industrial sites
  • Remote VPN — for authorised remote access to industrial environments

VPN connectivity is integrated with asset visibility and policy control to ensure that remote access remains authorised, limited, and observable.

Example: Remote engineering access is enabled securely, while ensuring that only authorised users and systems can reach PLCs and only under approved conditions.