Controller — Datasheet
Active Protection for OT Networks and Assets | Version 1.0
📄 Download PDFOverview
The First Watch Controller serves as the central server, responsible for collecting data and enforcing security policies across the OT environment. Together with ControlGuard and PLC Guard, it enforces security rules directly on SCADA systems and PLCs — blocking unauthorised access to project files, preventing malicious firmware changes, and ensuring that only validated setpoints are sent to controllers.
Key Features
Asset Management — Hardware and Software Inventory
First Watch core modules automatically discover OT network devices and software, maintaining continuously updated inventories. This ensures asset integrity and enhances overall security.
Policies
Granular rule-based system for security and change management. Provides real-time alerts for unauthorised activities and actively blocks malicious actions.
Real-Time Monitoring and Protection
- Application control and software whitelisting
- Protection against ransomware
- Micro segmentation to secure SCADA/HMIs and PLCs
- Network access control to prevent unauthorised connections
- Blocks all unauthorised actions
Change Management and Monitoring
- SCADA/HMI: controls patch management and software updates
- PLC/RTU: monitors and restricts PLC software changes (firmware, project, setpoints)
Cyber Event, Alarm Management, Alerts and Reporting
- Detection and Response — detects and responds to cyber events
- Alarm Management — manages alarms using predefined playbooks
- Alert Notifications — sends real-time notifications via email and mobile
- Reporting — provides detailed reports for in-depth analysis
- API Integration — supports seamless connectivity with external systems
Deployment
Virtual deployments are supported for the Controller.
Deployment options include on-premises and cloud-based deployment.
Deployment flexibility — each deployment instance can run ControlGuard, PLC Guard, and the Controller in any combination.
Hardware Example — Dell PowerEdge R250 Server
The Controller can be deployed on various hardware platforms depending on site requirements. One example is the Dell PowerEdge R250 Server:
- Built on a secure hardware foundation (silicon root of trust)
- Uses signed firmware and secure boot
- Logs and alerts help strengthen security
iDRAC — Server Management Controller
- The server can be remotely managed by First Watch engineers through iDRAC
- Works with any operating system and provides full features accessible through APIs
- Includes 3 years of on-site support with globally available ProSupport and ProSupport Plus
- Additional service options are also available
The Controller can equally run as a virtual machine on existing infrastructure (VMware, Hyper-V, KVM) or on alternative server hardware suited to the deployment environment.