Threat Intelligence

Forescout Research – Vedere Labs is the specialized threat and intelligence division of Forescout. For over 10 years, our globally recognized team has dived deep into areas often overlooked by mainstream intelligence, particularly in mixed IoT, OT and IoMT environments. Forescout Vedere Labs conducts threat intelligence research that is consumable via reports, dashboards and machine-readable threat feeds that are delivered to key community stakeholders – and ingested by the Forescout Platform, to help ensure customers have timely, state-of-the-art defenses.


Visit Dashboards


Forescout Adversary Engagement Environment (AEE)

Our Adversary Engagement Environment includes real and simulated devices, networks and organizations that are geographically dispersed to attract attackers and generate threat intel.

  • Our specialized lab contains dozens of OT/IoT/IoMT devices collected over the years. A selection of these devices is deliberately exposed in the AEE, allowing us to interact with and closely monitor threat actors’ activities.
  • Our in-depth research, combined with our expertise in unmanaged devices, operating systems and components, allows us to track the paths and patterns of threats.
  • We observe their movements, lateral transitions, and the specific assets and vulnerabilities they target, all of which contribute to our original home-brewed threat intelligence.

Global Cyber Intelligence Dashboard

Forescout Vedere Labs created the Global Cyber Intelligence Dashboard to communicate its data, research and analysis to the broader cybersecurity community. It leverages 39 billion data points collected from millions of deployed IT, IoT, IoMT and OT devices, as well as robust network data stored in our proprietary data lake. The dashboard is a unique source of information about vulnerabilities and the global state of cyber risk. It also provides a starting point for visitors to explore the timely research performed by Forescout Vedere Labs.

Attacks Dashboard

The Attacks Dashboard features regularly updated data about where most attacks originate, what attack techniques are used most frequently in enterprise and OT environments, what vulnerabilities are most exploited and other relevant information.

Threat Actors Dashboard

The Threat Actors Dashboard offers daily insights into the most active threat actors, detailing their origins and identifying what countries and industries they target the most.

Threat Feed Service

The Threat Feed Service allows our key partners and stakeholders to consume the threat intelligence generated by Forescout Vedere Labs in a machine-readable way. The feeds provide a list of daily updated indicators of compromise including bad IPs, bad DNS, bad file hashes and URLS. It also provides a list of known exploited vulnerabilities (VL-KEV) observed via our AEE.

Sign Up For Feeds

Threat Newsletter

The Forescout Vedere Labs newsletter offers a comprehensive monthly recap of critical vulnerabilities, malware trends and threat actor activities. It includes firsthand insights from our team, complemented by a roundup of external observations. Stay current with highlights from both tactical intelligence from our threat feeds and strategic intelligence from our reports.

Demo RequestForescout PlatformTop of Page