Cyber Security Software Platform
Protect your business and digital assets by minimizing cyber risk with First Watch. No matter the size or complexity of your organization, we have the solution for you.
First Watch® is a leading cyber security asset management platform – designed to protect operational technology (OT) networks from harmful cyber-attacks by securing the SCADA (Supervisory Control and Data Acquisition) and PLC (programmable logic controller) layers.
With real-time monitoring of the network, we provide clear visibility and insights – giving asset owners the opportunity to make effective and timely responses to any attacks or unauthorized network changes.
Our unique software supports your business, optimizing the network structure and drastically reducing the risk of cyber-attacks. With First Watch you can have the confidence that your network is secure.
What can we do for you?
- Feel secure knowing all changes to files and data within your network are monitored and logged in real-time.
- With real-time monitoring of logs and data flow across the network and our Zero-Trust architecture, the platform will immediately identify any malicious or unusual activity.
- All actions are allowed via policies (for example – user, time, source HMI, source application, destination HMI, and action).
- Any policy or policies that don’t comply will generate an alarm, warning you of a potential cybers security breach.
All alarms are sent directly to the asset owner – this enables you to respond rapidly, reducing risk or damage from a cyber-attack.
What is this all about?
First Watch Endpoint Аgent
Malicious activities and unauthorised access can originate from any computer on the internal OT network bringing the need to monitor all possible blind spots. The FWED Agent solution provides continuous and comprehensive real-time visibility into what is happening on your endpoints (e.g HMI machines, engineering stations, historians, Active Directory servers, etc.) and detect actions like launching of unauthorised processes, USB device connection, installation of the new software, change of IP address, etc. All actions are attributed to the user.
The Microsoft authorised kernel-driver is the core component of the FWEDA. Operating at the kernel level FWEDA protects the industrial computer from cyber hack and makes the system overall considerably more secure from hackers who prefer to operate in the “user space” a level up from the OS (Operating System).
Features of the agent include: Software status monitoring, patch status and automated vulnerability alerts, whitelisting, data vault and monitoring of: user activity, files, drivers, memory usage, exceptions, network traffic in and out of the end point (and point of origin or target for the traffic).
First Watch Network Аgent
First Watch®’s Network Agent (FWNA) is a passive deep-packet inspection and network flow monitoring engine that observes industrial control network activity. This technology was purposely built for the unique characteristics of industrial control systems. The FWNA is specifically designed to detect control layer events in SCADA application communications Ethernet/IP analysing protocols like CIP.
First Watch Security Center
Data from the end point agent(s) and network agent(s) across a plant (or multiple plants) are aggregated by the servers in the security centre where critical real-time analysis and configurations can be made. This provides an all-of-network view to understand the relationship between network and end point activity – linking these reduces the alerts to only those that impact operations and warrant attention.
First Watch has several patents pending on our software – the first covering the unique way of handling the flows of real-time data from devices in the OT network.