The Unseen Internet: Forescout’s Data Reveals How Unmanaged Devices Became the Weakest Link in Enterprise Security

In 2025, it’s no longer the laptops, servers, or even smartphones that worry CISOs the most—it’s everything else. According to new data from Forescout’s Device Cloud, 65% of the 10 million devices analyzed across 700 organizations were not traditional IT assets. Instead, they belonged to the fast-expanding universe of routers, cameras, badge readers, point-of-sale systems, and even smart fish tanks—all quietly connecting to corporate networks without the same scrutiny or protection as managed endpoints.

Forescout’s research exposes the sheer complexity of today’s enterprise networks: 5,653 vendors, 3,200 operating system versions, and 380 unique device functions. On average, an organization now manages 1,629 vendors and 876 OS variants—an unpatchable nightmare in the making.

The Expanding Attack Surface

Industries with the most at stake—financial services (54%), healthcare (45%), and oil and gas (40%)—also have the most non-IT devices. The “extended Internet of Things,” or xIoT, spans everything from industrial controllers to medical devices (IoMT). Forescout’s analysts found that in many environments, the top 25 device types made up 94% of assets, dominated by VoIP phones, printers, and IP cameras.

But the remaining 6%? That’s where things get weird. Among the millions of devices cataloged were gaming consoles, set-top boxes, 3D printers, even smart vacuums and aquarium controllers—each one a potential foothold for attackers. One real-world example Forescout cites: a CISO who discovered 323% more devices than expected on the executive floor network, including smart thermostats and a Bluetooth-enabled fish tank.

IP Cameras: The Perfect Example of Overlooked Risk

Forescout’s deep dive into 25,000 IP cameras revealed 125 different vendors—and over 1,400 unique vulnerabilities. Forty percent of these cameras had at least one known flaw, and 3% were directly exposed to the internet. Axis, the most common vendor, had 206 firmware versions in use, with nearly half approaching end-of-support status by year’s end.

This fragmentation makes patching nearly impossible. Forescout’s researchers have long warned that “device diversity” directly correlates with security fatigue. In prior analyses, they found 63% of DrayTek routers and 90% of exposed Sierra Wireless routers were already end-of-life or unpatched against five-year-old vulnerabilities.

From Vape Detectors to Ransomware

The report draws a clear throughline between today’s wild device landscape and some of the most novel attacks in recent memory:

• Hackers turning vape detectors in schools into covert audio bugs.

• A Raspberry Pi granting attackers entry into a financial institution’s ATM network.

• Akira ransomware operators exploiting IP cameras to bypass endpoint protection.

These are not theoretical risks. Forescout’s earlier “R4IoT” proof of concept—released three years ago—accurately predicted that ransomware would soon pivot from IT systems to IoT, OT, and medical devices. That prediction has now come true.

Launching eyeSentry: From Visibility to Action

In response to the ballooning risk, Forescout announced eyeSentry, a cloud-native exposure management solution designed to give security teams continuous visibility across every connected device—from IoT thermostats to MRI machines.

“Organizations can’t protect what they can’t see,” said a Forescout spokesperson. “eyeSentry delivers unified, cloud-managed visibility so teams can identify risky devices, prioritize critical vulnerabilities, and eliminate blind spots before attackers exploit them.”

The platform uses a blend of active and passive discovery to map what’s actually on a network—something traditional security agents often miss. By correlating behavior, firmware age, and vulnerability data, eyeSentry helps teams shift from reactive incident response to proactive risk mitigation.

Why It Matters

xIoT devices are now the connective tissue of modern enterprise operations—and the soft underbelly of digital defense. They control access, monitor safety, process payments, and record surveillance video, but rarely get patched or segmented.

Forescout’s data is a wake-up call: enterprises are no longer made up of just computers—they’re sprawling ecosystems of sensors, cameras, printers, and forgotten gadgets. Each one extends the attack surface. Each one introduces a new way in.

And as ransomware gangs, botnets, and zero-day exploit kits increasingly target these unmanaged devices, the question for security leaders is no longer if they have a visibility gap—but how big it really is.