Only 6% of SSH servers use quantum-resistant encryption, according to Vedere Labs.
Forescout, a cybersecurity company, announced a key breakthrough to protect the digital ecosystem against quantum computing threats: a patented technology capable of detecting, in real time, the use of insecure encryption in IT, OT, and IoT environments. This unprecedented solution is part of their “Quantum-Safe Security Assurance” strategy, aimed at identifying, assessing, and closing cryptographic vulnerabilities as quantum computers advance.
The announcement comes amid growing urgency. An Omnia study shows that 40% of manufacturers expect their clients to adopt quantum technologies before 2026, increasing the risk of “harvest now, decrypt later” attacks—cyberattacks that collect encrypted data today to decrypt in the future with quantum computing.
A four-pillar strategy
Forescout’s patented technology, developed since 2023 and released in 2024, continuously inspects the cryptography supporting each device connected to the network. It assigns a risk level based on the device’s post-quantum readiness, even if the device attempts to hide its identity or status.
This analysis is integrated into the Forescout 4D™ platform, which employs a four-phase approach:
- Detect: Real-time identification of devices supporting post-quantum cryptography.
- Apply: Network segmentation using eyeSegment to isolate critical systems.
- Mitigate: Using Vedere Labs threat intelligence to detect unauthorized or misconfigured assets.
- Control: Limiting traffic on at-risk devices.
“There’s a unique opportunity to get ahead of a generational shift in cybersecurity,” said Barry Mainz, CEO of Forescout. “Every organization, public or private, must start now on its path toward post-quantum resilience.”
Data reveals insufficient preparedness
According to research published by Forescout Research – Vedere Labs, the current landscape is concerning:
- Only 6% of the 186 million SSH servers online support post-quantum encryption.
- Less than 20% of global traffic uses TLS 1.3, the only version with quantum-resistant encryption.
- Although adoption of NIST-standardized algorithms like ML-KEM has grown 554% over six months, their deployment remains below 0.1% of servers.
- OT, IoT, and IoMT devices require firmware updates or even hardware replacements to support PQC.
Robert McNutt, Forescout’s strategy director, emphasized, “Identifying systems with obsolete encryption is critical. Our solution offers a unique level of visibility to prioritize mitigation actions.”
How to act starting today
Forescout recommends immediate steps for organizations to reduce risks:
- Migrate to post-quantum cryptography on devices operating over third-party infrastructures.
- Protect trusted corporate networks from attackers accessing SPAN ports.
- Avoid using ISP and SASE solutions on highly sensitive systems.
“After early adopters, we’re seeing a clear slowdown in PQC migration,” noted Daniel dos Santos, research lead at Vedere Labs. “The threat is advancing, but preparedness isn’t keeping pace.”
A more secure cryptographic future
Forescout positions its solution as an essential element for building resilient infrastructures in the quantum era, providing visibility, control, and action capabilities in an increasingly complex and fragmented environment.
via: forescout