PLC Guard — Datasheet
Deep Packet Inspection and Network Monitoring for Industrial Control Systems | Version 1.0
📄 Download PDFOverview
First Watch PLC Guard is a specialised deep-packet inspection and network monitoring engine built for industrial control systems. It analyses SCADA protocols such as CIP, DNP3, Modbus, and S7CommPlus to detect and filter control-layer events based on predefined policies, enhancing protection for PLCs.
The First Watch cybersecurity platform is powered by patented technology developed at the University of Waikato. Each core component addresses specific OT security challenges, providing deep visibility into control-layer operations and actively defending critical control logic from unauthorised access or tampering.
Key Features
Real-Time Visibility
Provides in-depth, real-time monitoring of all operational network activities, including:
- Code uploads/downloads
- Firmware changes
- PLC setting and hardware configuration modifications
- Tag read/write commands
Quick Detection and Response
Notifies the user of a security incident before damage occurs.
Detailed Event Logging
Maintains a comprehensive event log to support forensic investigations.
Advanced Traffic Monitoring
Monitors and filters network traffic, recognising modern protocols (e.g., DNS, SSH, HTTP/S). Detects unauthorised communications and use of disallowed protocols (e.g., Internet-connected hosts accessing industrial devices).
Selective Control over PLC Operations
- Block unauthorised firmware upgrades and download project files
- Ensures that both the PLC's firmware and user-defined logic remain secure from unauthorised access or modification
Automated Device Discovery
Automatically identifies all OT network devices, including PLCs, and provides key attributes such as vendor and controller model, firmware version, and serial number and product codes.
Industrial Firewall Functionality
Functions as a DPI-capable firewall to block unauthorised actions like:
- Code and firmware changes
- PLC setting adjustments
- Tag access or configuration changes
- Sends real-time alerts to enable proactive incident mitigation
Secure Mesh VPN Support
Serves as a foundational component for a distributed, secure mesh VPN — adding an extra layer of OT network security.
Technical Specifications — Standard Appliance
| Category | Specification |
|---|---|
| Supported PLC Platforms | Siemens S7, Allen-Bradley, Schneider Electric and others |
| Power Supply | 9–24V DC |
| Installation | Direct or adjacent mounting |
Technical Specifications — Rugged Appliance
The rugged variant is designed for harsh and outdoor environments:
- IP67-rating for outdoor use
- Intel Atom E3845 processor onboard
- 4 N-jack antenna openings with waterproof design
- -30°C to +60°C operating temperature range
- Features M12 lockable I/Os
- Trusted Platform Module 1.2 (TPM 1.2)
| Category | Specification |
|---|---|
| Supported PLC Platforms | Siemens S7, Allen-Bradley, Schneider Electric and others |
| Ethernet/PoE | 2 x 10/100/1000 Mbps Ethernet (Intel i210-IT, M12) |
| USB | 2 x USB 2.0 (M12) |
| Power Supply | 9 to 36 VDC |
| Operating Temperature | -30°C to +60°C (-22°F to +140°F) (with E3845, W.T. SSD/DRAM) |
| Dimensions (W x D x H) | 210 x 166.83 x 83 mm (8.27" x 14.44" x 3.27") |
| Mounting | Wall mount/VESA mount |
| Installation | Direct or adjacent mounting |
Deployment
Deployment flexibility — the First Watch platform is built as a modular, containerised system. Designed to support diverse network architectures across industrial environments. Each deployment instance can run ControlGuard, PLC Guard, and the Controller in any combination.