Cyber Security Software Platform
Our software supports your opitmised network structure and management and works with the workflows of your plant operations team.
What can we do for you?
- The platform monitors and logs in real-time all changes to files and data on monitored devices
- Logs are sent to an aggregation server where all files’ “provenance” over time are also stored
- Logs are monitored with rulesets for identifying malicious and anomalous activity
- The system also monitors data flows in the network and will identify and log network devices and any change to their status
- All actions are allowed via policies (eg user, time, source HMI, source application, destination HMI, action)
- The platform generates alarms if an event doesn’t comply with a policy or policies
Alarms are sent to the asset owner, enabling them to act in accordance with the incident management procedure to reduce harm.
What is this all about?
First Watch Endpoint Аgent
Malicious activities and unauthorised access can originate from any computer on the internal OT network bringing the need to monitor all possible blind spots. The FWED Agent solution provides continuous and comprehensive real-time visibility into what is happening on your endpoints (e.g HMI machines, engineering stations, historians, Active Directory servers, etc.) and detect actions like launching of unauthorised processes, USB device connection, installation of the new software, change of IP address, etc. All actions are attributed to the user.
The Microsoft authorised kernel-driver is the core component of the FWEDA. Operating at the kernel level FWEDA protects the industrial computer from cyber hack and makes the system overall considerably more secure from hackers who prefer to operate in the “user space” a level up from the OS (Operating System).
Features of the agent include: Software status monitoring, patch status and automated vulnerability alerts, whitelisting, data vault and monitoring of: user activity, files, drivers, memory usage, exceptions, network traffic in and out of the end point (and point of origin or target for the traffic).
First Watch Network Аgent
First Watch®’s Network Agent (FWNA) is a passive deep-packet inspection and network flow monitoring engine that observes industrial control network activity. This technology was purposely built for the unique characteristics of industrial control systems. The FWNA is specifically designed to detect control layer events in SCADA application communications Ethernet/IP analysing protocols like CIP.
First Watch Security Center
Data from the end point agent(s) and network agent(s) across a plant (or multiple plants) are aggregated by the servers in the security centre where critical real-time analysis and configurations can be made. This provides an all-of-network view to understand the relationship between network and end point activity – linking these reduces the alerts to only those that impact operations and warrant attention. Other features include: