Botnets, Edge Devices, and AI: Inside Forescout's Threat Findings with Daniel dos Santos

Описание: A new wave of cyberattacks is being routed through everyday devices—and defenders can't rely on old assumptions about geography or "known bad" infrastructure. Daniel dos Santos, VP at Vedere Labs (Forescout), walks through findings from their 2025 Threat Roundup, drawn from a global network of hundreds of honeypots and decoy systems. The conversation focuses on why web-facing systems and edge devices have become prime targets, how attackers hide inside cloud and ISP-managed networks, and what defenders can do earlier in the kill chain. Dos Santos also explains why many exploited vulnerabilities never appear on CISA's KEV list—and how security teams should think about patching and risk anyway.


Main Topics


• How honeypots reveal attacker intent across IT, IoT, and OT environments.

• Why attacks increasingly come from ISP-managed networks and consumer devices.

• Cloud and "benign" services used to blend in and evade traditional filters.

• Why distributed botnets weaken country-based blocking for defenders.

• The rise of web-facing exploitation and the shift away from stolen passwords.

• Edge devices, OT exposure, and why "discovery" dominates post-breach activity.


Key Quotes


"We have hundreds [of honeypots] throughout the world. Some of them are simulations… Some of them are real devices… we expose them with the intention of seeing them attacked." — Daniel dos Santos


"Home routers, but also home IP cameras or doorbells or solar inverters or…whatever it is that you have in your house that might be exposed to the internet and might be vulnerable can be these days recruited into a botnet." — Daniel dos Santos


"Attackers…have figured out that when you find a zero-day in a popular router or a popular firewall or a popular VPN appliance, you can really go against thousands and thousands of organizations." — Daniel dos Santos


"With one zero-day or one critical exploit, you can compromise thousands of organizations today." — Daniel dos Santos


"But what we do see in the signals that we see there and what we present in the report is that there is a whole world of vulnerabilities being exploited." — Daniel dos Santos


Relevant Links and Resources


https://www.forescout.com/research-la...


https://www.forescout.com/blog/anatom...


About the Guest:


Daniel dos Santos is the VP of Research at Forescout Research — Vedere Labs, where he leads a team of researchers that identifies new vulnerabilities and monitors active threats. He holds a PhD in computer science, has published over 35 peer-reviewed papers, has found or disclosed hundreds of CVEs — and is a frequent speaker at security conferences.