Forescout Research –
Vedere Labs

“Vedere” is the Italian word meaning “to see,” which epitomizes the mission of Forescout Vedere Labs, the cybersecurity research arm of Forescout. Our team of global experts focuses on increasing visibility of cybersecurity threats and vulnerabilities for all connected asset types and providing mitigation steps organizations can use to protect themselves.

Our research is fed into the Forescout Platform and shared with the cybersecurity community, including CISA and other cybersecurity agencies, CERTs, ISACs, open-source projects, device manufacturers, universities and other researchers.


What We Do

Vulnerability Research

Vulnerability Research

  • Focus on vulnerabilities against managed and unmanaged devices (IT/IoT/IoMT/OT)
  • 200+ vulnerabilities discovered in last 5 years
  • 89 unique known exploited vulnerabilities on unmanaged devices

Threat Reports

Threat Reports

  • Manual and automatic analysis of malware samples collected via customer telemetry and other sources

Cyber Threat Intelligence

Threat Intelligence & Detection

  • Daily context-rich, machine-consumable threat feeds
  • Detection rules to keep our XDR solution on top pf emerging threats
  • Live dashboards

How We Do It

Forescout Vedere Labs studies what attackers are working towards by observing actual attacks in our sandboxes, on the Darknet and in our Adversary Engagement Environment. We analyze significant attacks and generate vulnerability and threat intelligence that is consumed by the Forescout Platform. We also create corresponding detection rules that are added to Forescout XDR to help ensure customers can protect their IT, OT, IoT and IoMT environments.

Firsthand Observations in Our Research Laboratory

Located in Eindhoven, Netherlands, our research laboratory is where we observe firsthand the vulnerabilities being exploited and attacks in progress. The information we collect is analyzed to generate threat intelligence, calculate multifactor risk scores and create detection rules.

Research Diagram

Our Adversary Engagement Environment

Our Adversary Engagement Environment includes real and simulated devices, networks and organizations that are geographically dispersed to attract attackers and generate threat intel.

R4IoT: When Ransomware Meets IoT and OT

Forescout’s Vedere Labs has released a demonstration, report and detailed playbook describing how organizations can protect themselves against R4IoT: a novel, proof-of-concept ransomware that exploits an IoT device to gain access and move laterally in an IT network and impact the OT network.

OT: Icefall Webinar

OT:ICEFALL - A Decade of Insecure-by-Design Practices in OT

Forescout Vedere Labs has discovered a set of 61 vulnerabilities affecting devices from 13 OT vendors caused by insecure-by-design practices in OT. The affected products are known to be prevalent in industries such as oil and gas, chemical, nuclear, power generation and distribution, manufacturing, water treatment and distribution, mining, and building automation. Many of these products are sold as “secure by design” or have been certified with OT security standards.

Data. Lots of Data.

The threat intelligence data we analyze comes from millions of connected devices that we monitor that give us billions of data points about device configuration and network behavior. It also comes from attacks we observe and dissect and other sources that we monitor.


  • 19 million monitored devices
  • 39 billion unique data points
  • 1,500 global sites
  • 6,500+ unique vendors
  • 2,300+ unique OS versions


  • 450+ threat actors
  • 100+ ransomware group leak sites
  • 20+ C2 types monitored on the Internet
  • Third-party intel

Meet Our Leaders

Elisa Costante

As Vice President of Threat Research at Forescout, Elisa Costante leads the activities of Forescout Vedere Labs. She has 10+ years of experience researching the security challenges posed by IT/OT/IoT convergence. Previously, she was CTO at SecurityMatters, where she led product innovation activities in the field of network intrusion detection. Elisa holds a PhD in cybersecurity from the Eindhoven University of Technology, where she specialized in machine learning techniques for data leakage detection.

Rik Ferguson

Rik Ferguson is the Vice President of Security Intelligence at Forescout. He is also a founding Special Advisor to Europol’s European Cyber Crime Centre (EC3), a multi-award-winning producer and writer, a Fellow of the Royal Society of the Arts and board advisor to startups. With 30 years of professional experience, Rik is a world-renowned speaker, and in April 2011 he was inducted into the Infosecurity Hall of Fame.

Daniel dos Santos

Daniel dos Santos is the Head of Security Research at Forescout Vedere Labs, where he leads a team of researchers that identifies new vulnerabilities and monitors active threats. He holds a PhD in computer science, has published over 35 peer-reviewed papers, has found or disclosed hundreds of CVEs and is a frequent speaker at security conferences.

The Global Cyber Intelligence Dashboard

Forescout Vedere Labs created the Global Cyber Intelligence Dashboard to communicate its data, research and analysis to the broader cybersecurity community. It leverages 30 billion datapoints collected from millions of deployed IT, IoT, IoMT and OT devices, as well as robust network data stored in our proprietary data lake. The dashboard is a unique source of information about vulnerabilities and the global state of cyber risk. It also provides a starting point for visitors to explore the timely research performed by Forescout Vedere Labs.

Demo Request Forescout Platform Top of Page