Forescout Research Labs
Vulnerability Alert – AMNESIA:33
AMNESIA:33 is a set of 33 new memory-corrupting vulnerabilities impacting millions of IoT, OT and IT devices that present an immediate risk for organizations worldwide. Read the report now and learn how to protect your organization.
Research Report
The goal of Forescout Research Labs is to foster innovation in the areas of device visibility, behavioral control and cybersecurity for any kind of networked device. Forescout takes a pioneering approach to experiments and applied work into the hyperconnected world.
What we do
“At Forescout Research Labs we analyze the security implications of hyper connectivity and IT-OT convergence.”
-Elisa Costante, Head of Forescout Research Labs
Pervasive connectivity is shaping our personal and working spaces. Our connected world comprises billions of devices that use a myriad of networks and protocols to exchange data across industries and boundaries that were unimaginable until a few years back.
- There are now dozens of connected medical devices for each patient in a hospital.
- Manufacturing production is being optimized in real time to respond to demand.
- Numerous companies have scaled from managing thousands to millions of connected devices in the span of a few years.
We live in a hyperconnected world where everything from cars, cameras and computers to robotics arms, medical devices and building automation systems speak to each other.
Within the enterprise space, this hyperconnectivity is characterized by an explosion of connected devices and the convergence of IT and OT networks. Enterprises rely on IT networks to run their businesses, and on OT systems to run their operations. Industry keeps pushing toward IT and OT convergence to optimize processes and enable informed strategic decisions. This convergence creates a new class of security risks and a larger attack surface for cybercriminals as they can now move laterally across these two environments.
At Forescout Research Labs, we analyze the security implications of hyperconnectivity and IT-OT convergence. Our focus is to enhance visibility and control of the connected ‘things’ (devices) that are joining networks as part of the IT-OT convergence phenomenon. We strive to examine the emerging challenges that face cybersecurity stakeholders around the world so that we may improve their ability to identify, understand and manage the threats and risks associated with an ever-expanding device ecosystem. Through research, we seek to protect the infrastructures and services we all depend on.
OUR APPROACH TO RESEARCH
Forescout Research Labs works closely with researchers in prominent universities and research institutes to inform and drive research and development efforts across IT, IoT, cyber-physical and OT/ICS cybersecurity. Our researchers also analyze deployment data from over 12 million devices in the Forescout Device Cloud* to better understand the cybersecurity risks facing organizations today.
Latest Research Reports
Forescout Research Labs Vulnerability Alert – AMNESIA:33 Report
Forescout Research Labs discovered 33 new memory-corrupting vulnerabilities; four scoring as critical. The report details how enterprises can identify these risks and take protective action to avoid breaches.
New Research Identifies Security Risks in Healthcare
Analysis of healthcare delivery organizations reveals insights on increased attack surface and security risks.
Enterprise of Things Security Report: The State of IoT Security in 2020
Forescout Research Labs identifies the top 10 riskiest devices and helps security teams determine the most effective next steps for securing them.
Rise of the Machines - Transforming Cybersecurity Strategy for the Age of IoT
This research paper dives into the Internet of Things (IoT) revolution, the risks and challenges it brings, and how to transform cybersecurity strategy to protect enterprise networks in the age of IoT.
BAS Research Report: The Current State of Smart Building Cybersecurity
Analysis of the Forescout OT Research Team's vulnerability and malware research for devices commonly used in building automation system (BAS) networks.
Banking on Security: Leveraging Device Data to Manage Risk in Financial Services
Forescout Research Labs analyzes devices connected to financial services networks to identify security risks and provide insights on how to mitigate them.
COORDINATED VULNERABILITY DISCLOSURE
We believe in coordinated disclosure practices. In cases where our dedicated research team discovers security vulnerabilities in third-party vendors’ software, hardware or products, we will make a good-faith effort to privately contact the third-party vendor with the details of the findings and give them a chance to fix the issues, before releasing the research to the public. Please refer to our Vulnerability Disclosure Policy, for both Research Labs and for reporting issues regarding any Forescout Products and Infrastructure.
Our leaders of Research

Elisa Costante
Elisa Costante holds a PhD in Computer Science from the Eindhoven University of Technology. As head of Forescout Research Labs, she drives the execution of pioneering theoretical and experimental work addressing the cybersecurity challenges posed by the convergence of IT and OT. Elisa is responsible for the generation of original research and the management of projects to boost innovation across Forescout products and services.

Oded Comay
Oded cofounded Forescout and has more than 25 years of high-tech experience. He leads the company’s technology strategy. Prior to founding Forescout in 2000, he managed the Tel Aviv University Systems group. In addition, Oded was a co-founder of TapGuard Technologies. Oded earned a bachelor’s degree in Computer Science and Mathematics from Tel Aviv University.
* As of September 30, 2020