Skip to main content

ControlGuard — Datasheet

Endpoint Protection for OT Environments | Version 1.0

📄 Download PDF

Overview

First Watch ControlGuard delivers real-time visibility and control over OT network endpoints. Once installed, it immediately begins tracking operator activities and reporting endpoint configurations to the First Watch Controller. The system proactively detects and blocks unauthorised actions and IP changes by enforcing a strict whitelist policy.

Powered by a Microsoft-verified kernel driver, ControlGuard operates at the OS kernel level, protecting against advanced threats including ransomware. In Protected Mode, it remains tamper-proof even if administrator credentials are compromised.

Key Features

Strict Whitelisting — only pre-approved actions, processes, and binaries are allowed to execute.

Ransomware Defence — blocks unknown or unauthorised software. Ransomware is typically bespoke and thus blocked by default.

Tamper Resistance — in Protected Mode, even users with compromised Administrator credentials cannot disable ControlGuard.

Real-Time Monitoring — provides continuous monitoring of endpoint activity across your OT network, including SCADA and HMI stations, engineering workstations, historians, and Active Directory servers.

Detection and Reporting

ControlGuard detects and reports:

  • Unauthorised process execution
  • USB device connections
  • Software installations
  • IP address changes
  • Traffic destination and payload inspection

Deployment

Virtual deployments are supported for ControlGuard.

Deployment options include on-premises and cloud-based deployment.

Deployment flexibility — the First Watch platform is built as a modular, containerised system. Each deployment instance can run ControlGuard, PLC Guard, and the Controller in any combination, with flexible configurations that support either or both core technologies alongside the Controller.

Legacy OS support — including Windows 7.

Architecture

ControlGuard agents are installed on Windows-based OT endpoints (engineering workstations, historians, I/O servers, SCADA systems) and report to the First Watch Controller. Combined with PLC Guard for network-level protection, the platform provides defence-in-depth across the entire OT environment.