San Jose, CA, USA
Jan 23, 2023   |  By Vedere Labs
In our new threat briefing report, Forescout’s Vedere Labs analyzes the Royal ransomware threat actor group and encryptor payload, presents threat hunt opportunities for network defenders and shares details of the group’s tactics, techniques, and procedures (TTPs).
Jan 17, 2023   |  By Christina Hoefer
With 70 international plants spanning 15 different countries, the AES Corporation is a next-generation energy company helping lead the way to a carbon-neutral future. Like many organizations, AES wanted to improve the security posture within their OT networks with technology spanning multiple vendors. Recently I sat down with Kyle Oetken, Director of Cyber Defense, and Andrew Plunket, Sr. Cybersecurity Engineer (OT), at AES to discuss the challenges and lessons learned for securing OT environments.
On December 9, 2021, Apache upended the cybersecurity industry by publishing a zero-day vulnerability (CVE-2021-44228) for its ubiquitous Log4j logging utility. Dubbed Log4Shell, the remote code execution flaw (CVSS score:10) allows an attacker to take control of a connected device and run malicious code, access sensitive data or alter its configuration. Because Logj4 is free and easy-to-use, it’s embedded (often deeply) in Java applications used by IT and OT platforms worldwide.
That’s an excerpt from the fact sheet accompanying the May 2021 Executive Order on Improving the Nation’s Cybersecurity (EO). It refers to one of seven ambitious measures in the EO: shoring up security of that notorious playground for hackers, the software supply chain. Knowing that organizations lack visibility into the components that comprise their connected assets, bad actors can have a field day exploiting vulnerabilities to penetrate networks and take control.
Dec 6, 2022   |  By Vedere Labs
Project Memoria was the largest study about the security of TCP/IP stacks, conducted by Vedere Labs and partners in the cybersecurity industry. It started from a collaboration with JSOF to understand the impact of Ripple20 and led to the discovery of almost 100 vulnerabilities in 14 TCP/IP stacks, divided into five phases: AMNESIA:33, NUMBER:JACK, NAME:WRECK, INFRA:HALT and NUCLEUS:13.
Dec 1, 2022   |  By Vedere Labs
This year has seen an enormous increase in the number and claimed impact of hacktivist attacks on critical infrastructure and enterprises operating in critical services. Many attacks target unmanaged devices such as Internet of Things (IoT) and operational technology (OT) equipment. Attacks are motivated by geopolitical or social developments across the globe, with the goal of spreading a message or causing physical disruption.
Nov 29, 2022   |  By Vedere Labs
Continuing our OT:ICEFALL research, Vedere Labs has disclosed three new vulnerabilities affecting OT products from two German vendors: Festo automation controllers and the CODESYS runtime, which is used by hundreds of device manufacturers in different industrial sectors, including Festo.
Nov 17, 2022   |  By Christina Hoefer
Some economic sectors may be hitting the brakes, but the cybersecurity talent shortage persists across all industries and shows no signs of abating – not while sophisticated cyberattacks continue to rise in number and complexity. The 2022 (ISC)2 Cybersecurity Workforce Study found that even as the global cybersecurity workforce is at an all-time high, it is still short by 3.4 million workers.
In cybersecurity, three key terms are vulnerability, threat and risk. Often they’re tossed around interchangeably, but they have a specific relationship to one another..
Nov 2, 2022   |  By Vedere Labs
On November 1, OpenSSL v3.0.7 was released, patching two new high-severity vulnerabilities: CVE-2022-3602 and CVE-2022-3786. The new vulnerabilities have been dubbed by the community as “Spooky SSL,” although the name is not recognized by the OpenSSL team. CVE-2022-3602 was originally discovered by a researcher known as Polar Bear, while CVE-2022-3786 was found during the analysis of the first vulnerability by Viktor Dukhovni.
Dec 22, 2022   |  By Forescout
Daniel dos Santos, Head of Security Research at Forescout's Vedere Labs, takes us through what came true from our 2022 cybersecurity predictions and looks ahead to what the cybersecurity landscape looks like for 2023.
Oct 18, 2022   |  By Forescout
Learn the difference between unmanaged and managed assets on your network.
Oct 12, 2022   |  By Forescout
Learn how Forescout provides a strong foundation for zero trust.
Oct 11, 2022   |  By Forescout
Government agencies rely on IoT and OT devices to carry out their missions. How can they protect vulnerable assets against attacks though? We share how in this video.
Oct 10, 2022   |  By Forescout
Forescout shares how automation can help organizations improve efficiencies.
Oct 5, 2022   |  By Forescout
Daniel Dos Santos, Head of Security Research, shares the value of the vulnerability research Vedere Labs conducts.
Oct 3, 2022   |  By Forescout
Learn how Forescout provides a strong foundation for zero trust.
Sep 21, 2022   |  By Forescout
This use case explores how hackers find a new way in to hospital networks via a connected IoT device when phishing doesn't work, and how you can manage this risk.
Sep 15, 2022   |  By Forescout
This use case explores internal access points; specifically, how Wi-Fi and remote work can create new threats to healthcare delivery – and steps you can take to safeguard your hospital.
Sep 7, 2022   |  By Forescout
This is a use case that looks at how nation state actors can create a “watering hole” to infiltrate a hospital’s network – and what to do about it.
Dec 22, 2021   |  By Forescout
The IT landscape is rapidly evolving to meet the demands of our digitally transforming world and a radically changed business environment that calls for always-on performance and agility at scale. As a result, client-server computing has given way to disruptive IT architectures that reshape business and ownership models. These include private and public cloud services, 'bring your own device' (BYOD), mobility and the Internet of Things (IoT).
Dec 22, 2021   |  By Forescout
They are designed to secure the assets of these essential services. There are 11 standards in total, covering everything from the protection of critical cyber assets to security management, personnel & training, incident reporting, and recovery planning. In this free eBook we explore how the continuous network monitoring capabilities of eyeInspect can streamline your compliance with these NERC CIP standards, saving you considerable time and money.
Dec 1, 2021   |  By Forescout
That's because perimeter-focused security architectures that default to high trust levels on the internal network are ill-suited for an edgeless enterprise that increasingly supports mobile and remote workers as well as vast numbers of IoT devices. This Forescout white paper explains why visibility is essential for effective Zero Trust architecture and how continuous visibility can help you identify, segment and enforce compliance using Zero Trust principles. It also addresses foundational capabilities Forrester Research requires to designate solutions as a Zero Trust platform.
Dec 1, 2021   |  By Forescout
With a staggering majority of devices - expected to reach more than 75 billion by 2025 - connected to vast networks and the internet, reducing cyber risk becomes a critical focal point for the age of IoT.
Nov 1, 2021   |  By Forescout
The drive to increase productivity and reduce costs in manufacturing environments has led to an exponential increase in the adoption of automation on plant floors, also known as Industry 4.0. If your organization has integrated its computation, networking and physical processes, this whitepaper will explain how deploying network monitoring technology will bring tremendous value to both your IT and OT teams.
Nov 1, 2021   |  By Forescout
The diverse and complex nature of IIoT and OT security use cases can make the technology selection difficult, and unfortunately, copying IT security practices and technology will not result in a secure OT environment. To achieve lasting success with OT cybersecurity investments, managers must ask prescriptive questions during the technology procurement process. In this eBook, we discuss the seven questions recommended by Gartner for SRM leaders to ask during their OT security technology selection and how Forescout answers them.

With so many agentless devices being deployed every day, it’s never been harder to protect your network from threats. Forescout delivers actionable information so you can see the devices on your network and take action to prevent them from compromising your enterprise.

Forescout Technologies, Inc. actively defends the Enterprise of Things by identifying, segmenting and enforcing compliance of every connected thing. Fortune 1000 companies trust Forescout as it provides the most widely deployed, enterprise-class platform at scale across IT, IoT, and OT managed and unmanaged devices.

Forescout arms customers with more device intelligence than any other company in the world, allowing organizations across every industry to accurately classify risk, detect anomalies and quickly remediate cyberthreats without disruption of critical business assets. Don’t just see it. Secure it.

See Every Device. Defend Your Entire Network.