Forescout Research –
Vedere Labs

“Vedere” is the Italian word meaning “to see,” which epitomizes the mission of Forescout Vedere Labs, the cybersecurity research arm of Forescout. Our team of global experts focuses on increasing visibility of cybersecurity threats and vulnerabilities for all connected asset types and providing mitigation steps organizations can use to protect themselves.

Our research is fed into the Forescout Platform and shared with the cybersecurity community, including CISA and other cybersecurity agencies, CERTs, ISACs, open-source projects, device manufacturers, universities and other researchers.


Watch Latest Research Webinar


What We Do

Vulnerability Research

Vulnerability Research

  • Focus on vulnerabilities against managed and unmanaged devices (IT/IoT/IoMT/OT)
  • 200+ vulnerabilities discovered in last 5 years
  • 89 unique known exploited vulnerabilities on unmanaged devices

Threat Reports

Threat Reports

  • Manual and automatic analysis of malware samples collected via customer telemetry and other sources

Cyber Threat Intelligence

Threat Intelligence & Detection

  • Daily context-rich, machine-consumable threat feeds
  • Detection rules to keep our XDR solution on top pf emerging threats
  • Live dashboards

How We Do It

Forescout Vedere Labs studies what attackers are working towards by observing actual attacks in our sandboxes, on the Darknet and in our Adversary Engagement Environment. We analyze significant attacks and generate vulnerability and threat intelligence that is consumed by the Forescout Platform. We also create corresponding detection rules that are added to Forescout XDR to help ensure customers can protect their IT, OT, IoT and IoMT environments.

Firsthand Observations in Our Research Laboratory

Located in Eindhoven, Netherlands, our research laboratory is where we observe firsthand the vulnerabilities being exploited and attacks in progress. The information we collect is analyzed to generate threat intelligence, calculate multifactor risk scores and create detection rules.

Research Diagram

R4IoT: When Ransomware Meets IoT and OT

Forescout’s Vedere Labs has released a demonstration, report and detailed playbook describing how organizations can protect themselves against R4IoT: a novel, proof-of-concept ransomware that exploits an IoT device to gain access and move laterally in an IT network and impact the OT network.

Data. Lots of Data.

The threat intelligence data we analyze comes from millions of connected devices that we monitor that give us billions of data points about device configuration and network behavior. It also comes from attacks we observe and dissect and other sources that we monitor.


  • 19 million monitored devices
  • 39 billion unique data points
  • 1,500 global sites
  • 6,500+ unique vendors
  • 2,300+ unique OS versions


  • 450+ threat actors
  • 100+ ransomware group leak sites
  • 20+ C2 types monitored on the Internet
  • Third-party intel

OT: Icefall Webinar

OT:ICEFALL - A Decade of Insecure-by-Design Practices in OT

Forescout Vedere Labs has discovered a set of 61 vulnerabilities affecting devices from 13 OT vendors caused by insecure-by-design practices in OT. The affected products are known to be prevalent in industries such as oil and gas, chemical, nuclear, power generation and distribution, manufacturing, water treatment and distribution, mining, and building automation. Many of these products are sold as “secure by design” or have been certified with OT security standards.

Forescout Research - Vedere Labs Featured In...

Researchers uncover software flaws leaving medical devices vulnerable to hackers

Researchers say they have found more than a dozen vulnerabilities in software used in medical devices and machinery used in other industries that, if exploited by a hacker, could cause critical equipment such as patient monitors to crash…

Read More

Critical Bugs Expose Hundreds of Thousands of Medical Devices and ATMs

“You can imagine the type of impact an attacker could have when they can either exfiltrate data from medical equipment or other sensitive devices, potentially tamper with lab results, make critical devices unavailable, or take them over entirely…”

Read More

Government cyber workers increasingly concerned hackers will strike during shutdown

The government’s cybersecurity professionals are increasingly concerned that hackers will take advantage of the partial shutdown to tamper with sensitive government data or steal citizens’ information — and that the bare-bones staff won’t be able to fend them off…

Learn More


Forescout Vedere Labs is wrapping up its yearlong project looking at design vulnerabilities in operational technology with a closing report today that blames many of the issues they’ve encountered on vendors of the technology not implementing designs that would build security into the systems…

Read More

Meet Our Leaders

Elisa Costante

As Vice President of Threat Research at Forescout, Elisa Costante leads the activities of Forescout Vedere Labs. She has 10+ years of experience researching the security challenges posed by IT/OT/IoT convergence. Previously, she was CTO at SecurityMatters, where she led product innovation activities in the field of network intrusion detection. Elisa holds a PhD in cybersecurity from the Eindhoven University of Technology, where she specialized in machine learning techniques for data leakage detection.

Rik Ferguson

Rik Ferguson is the Vice President of Security Intelligence at Forescout. He is also a founding Special Advisor to Europol’s European Cyber Crime Centre (EC3), a multi-award-winning producer and writer, a Fellow of the Royal Society of the Arts and board advisor to startups. With 30 years of professional experience, Rik is a world-renowned speaker, and in April 2011 he was inducted into the Infosecurity Hall of Fame.

Daniel dos Santos

Daniel dos Santos is the Head of Security Research at Forescout Vedere Labs, where he leads a team of researchers that identifies new vulnerabilities and monitors active threats. He holds a PhD in computer science, has published over 35 peer-reviewed papers, has found or disclosed hundreds of CVEs and is a frequent speaker at security conferences.

Demo Request Forescout Platform Top of Page