Enterprises are losing track of the devices inside their networks

Security teams are often surprised when they discover the range and number of devices connected to their networks. The total goes far beyond what appears in agent-based telemetry or old manual asset inventories.

Enterprise networks face broader exposure from xIoT expansion

Forescout analyzed 10 million devices across more than 700 organizations active in October 2025. About two-thirds of those devices weren’t traditional IT like workstations, laptops, servers, or hypervisors. Instead, they included network gear such as routers and firewalls, along with extended Internet of Things (xIoT) devices like operational technology, IoT, and medical equipment.

Most common device functions (Source: Forescout)

Looking closer at the xIoT category, the data showed which device functions appeared most often. Four of the most common types also ranked among the riskiest in 2025: VoIP phones, IP cameras, point-of-sale systems, and uninterruptible power supplies.

These devices are everywhere because they keep operations running. Organizations rely on VoIP phones and video conferencing for communication, use printers for documents, labels, and receipts, and depend on IP cameras and access control for physical security. In data centers, UPS units and out-of-band controllers keep systems powered and reachable.

What stands out is how often these devices are widespread yet unmanaged, leaving risks that often go unaddressed.

Device diversity adds hidden risk

A core finding of the research is that device diversity has become one of the most significant risk factors. Each organization in the dataset had, on average, 164 different device functions, 1,629 vendors, and 876 operating system versions.

As the researchers explain, “high device diversity means that security operators must spend a considerable amount of time to identify, patch, and mitigate the risks of vulnerable devices.” This complexity is amplified by the fragmented nature of the IoT ecosystem, where every vendor and device type follows its own update cycle and configuration process.

xIoT diversity expands across key industries

Industries with heavy use of connected or embedded devices, such as healthcare, utilities, and retail, showed the highest percentage of xIoT systems.

Healthcare networks were composed of roughly 35 percent xIoT devices, while utilities and retail each reached about 22 percent. Some medical devices cannot be patched quickly because firmware updates require regulatory approval. In those cases, risk mitigation depends on compensating controls and careful network segmentation.

Retail stood out as a good example of both ubiquity and diversity. Out of 140 device types seen in retail networks, the top 25 accounted for 99 percent of all devices. Those included barcode scanners, point-of-sale terminals, and loss prevention systems tied into warehouse and enterprise resource planning platforms.

The remaining 1 percent of device types, however, contained unexpected items such as serial-to-IP converters and consumer-grade gadgets that had found their way into corporate networks.

Old firmware and open exposure in IP cameras

IP cameras are among the top three IoT device types found across enterprise networks, following phones and printers. They are also the most common connected devices in retail.

An analysis of 25,000 cameras across business environments found 125 vendors and 206 firmware versions in use. Forty percent of the cameras had at least one known vulnerability, and researchers identified over 1,400 distinct flaws. About three percent were exposed to the internet.

Several firmware versions are already near end-of-support, and outdated devices remain online with unpatched weaknesses. The same pattern appears across other connected equipment, including routers and controllers, showing how aging systems continue to expand the attack surface.