Forescout Research –
Vedere Labs

“Vedere” is the Italian word meaning “to see,” which epitomizes the mission of Forescout Vedere Labs, the cybersecurity research arm of Forescout. Our team of global experts focuses on increasing visibility of cybersecurity threats and vulnerabilities for all connected asset types and providing mitigation steps organizations can use to protect themselves.

Our research is fed into the Forescout Platform and shared with the cybersecurity community, including CISA and other cybersecurity agencies, CERTs, ISACs, open-source projects, device manufacturers, universities and other researchers.


Watch Latest Research Webinar


What We Do

Vulnerability Research

Vulnerability Research

  • Focus on vulnerabilities against managed and unmanaged devices (IT/IoT/IoMT/OT)
  • 200+ vulnerabilities discovered in last 5 years
  • 89 unique known exploited vulnerabilities on unmanaged devices
Threat Reports

Threat Reports

  • Manual and automatic analysis of malware samples collected via customer telemetry and other sources
Cyber Threat Intelligence

Threat Intelligence & Detection

  • Daily context-rich, machine-consumable threat feeds
  • Detection rules to keep our Threat Detection & Response solution on top of emerging threats
  • Live dashboards

How We Do It

Forescout Vedere Labs studies what attackers are working towards by observing actual attacks in our sandboxes, on the Darknet and in our Adversary Engagement Environment. We analyze significant attacks and generate vulnerability and threat intelligence that is consumed by the Forescout Platform. We also create corresponding detection rules that are added to Forescout Threat Detection & Response to help ensure customers can protect their IT, OT, IoT and IoMT environments.

Firsthand Observations in Our Research Laboratory

Located in Eindhoven, Netherlands, our research laboratory is where we observe firsthand the vulnerabilities being exploited and attacks in progress. The information we collect is analyzed to generate threat intelligence, calculate multifactor risk scores and create detection rules.

Research Diagram

2024 Riskiest Devices

Our research takes a fresh look at this year’s riskiest devices. Read the full report to see other findings, such as:
  • Nine brand new device types that make our list including five in the Internet of Medical Things category.
  • A highly detailed breakdown of the riskiest devices across all categories in: IT, IoT, OT and IoMT.
  • Why specific device solutions cannot effectively reduce risk because they are blind to other parts of the network being used in attacks.

Data. Lots of Data.

The threat intelligence data we analyze comes from millions of connected devices that we monitor that give us billions of data points about device configuration and network behavior. It also comes from attacks we observe and dissect and other sources that we monitor.


  • 19 million monitored devices
  • 39 billion unique data points
  • 1,500 global sites
  • 6,500+ unique vendors
  • 2,300+ unique OS versions


  • 450+ threat actors
  • 100+ ransomware group leak sites
  • 20+ C2 types monitored on the Internet
  • Third-party intel

Forescout Research - Vedere Labs Featured In...

Researchers uncover software flaws leaving medical devices vulnerable to hackers

Researchers say they have found more than a dozen vulnerabilities in software used in medical devices and machinery used in other industries that, if exploited by a hacker, could cause critical equipment such as patient monitors to crash…

Read More
Critical Bugs Expose Hundreds of Thousands of Medical Devices and ATMs

“You can imagine the type of impact an attacker could have when they can either exfiltrate data from medical equipment or other sensitive devices, potentially tamper with lab results, make critical devices unavailable, or take them over entirely…”

Read More
Government cyber workers increasingly concerned hackers will strike during shutdown

The government’s cybersecurity professionals are increasingly concerned that hackers will take advantage of the partial shutdown to tamper with sensitive government data or steal citizens’ information — and that the bare-bones staff won’t be able to fend them off…

Learn More

Forescout Vedere Labs is wrapping up its yearlong project looking at design vulnerabilities in operational technology with a closing report today that blames many of the issues they’ve encountered on vendors of the technology not implementing designs that would build security into the systems…

Read More

Sierra:21 - Supply Chain Vulnerabilities in IoT/OT routers

Forescout’s Vedere Labs has identified 21 new vulnerabilities that affect OT/IoT routers and increase the risk exposure to critical infrastructure. The affected products are prevalent in multiple industries, particularly healthcare and manufacturing, but also technology, financial services, government, and power generation. The research details specific attack scenarios as well as potential mitigation techniques.

Meet Our Leaders

Elisa Costante

As Vice President of Threat Research at Forescout, Elisa Costante leads the activities of Forescout Vedere Labs. She has 10+ years of experience researching the security challenges posed by IT/OT/IoT convergence. Previously, she was CTO at SecurityMatters, where she led product innovation activities in the field of network intrusion detection. Elisa holds a PhD in cybersecurity from the Eindhoven University of Technology, where she specialized in machine learning techniques for data leakage detection.

Rik Ferguson

Rik Ferguson is the Vice President of Security Intelligence at Forescout. He is also a founding Special Advisor to Europol’s European Cyber Crime Centre (EC3), a multi-award-winning producer and writer, a Fellow of the Royal Society of the Arts and board advisor to startups. With 30 years of professional experience, Rik is a world-renowned speaker, and in April 2011 he was inducted into the Infosecurity Hall of Fame.

Daniel dos Santos

Daniel dos Santos is the Head of Security Research at Forescout Vedere Labs, where he leads a team of researchers that identifies new vulnerabilities and monitors active threats. He holds a PhD in computer science, has published over 35 peer-reviewed papers, has found or disclosed hundreds of CVEs and is a frequent speaker at security conferences.

Vedere Labs Blog

Demo RequestForescout PlatformTop of Page