Forescout announced a first-of-its-kind solution to detect non-quantum-safe encryption in real time—a key breakthrough in securing enterprise infrastructure ahead of the quantum computing era.
This advancement anchors Forescout’s ‘Quantum-Safe Security Assurance’ strategy for identifying, assessing, and closing post-quantum cryptography (PQC) security gaps across IT, OT, and IoT environments. Invented in 2023 and patented in 2024, Forescout’s innovative technology continuously analyses device encryption to pinpoint post-quantum vulnerabilities.
The urgency to become quantum-safe has never been greater. A recent Omnia study discovered that 40% of manufacturers expect customer use of quantum technologies by 2026. This timeline makes ‘harvest now, decrypt later’ attacks—where cyber attackers hoard encrypted data to decrypt it via quantum computing in the future—an immediate concern. With the quantum technology timeline accelerating, most organisations are unprepared for this risk; only 6% of global devices use PQC, according to new data from Forescout Research – Vedere Labs.
“Quantum computing is no longer a far-off concept,” said Barry Mainz, CEO of Forescout. “It’s a fast-approaching reality that will challenge the foundations of digital trust. Every organisation, public or private, needs to start thinking about post-quantum resilience across IT, OT, and IoT environments today. This is a rare opportunity to get ahead of a generational shift in cybersecurity before urgency overtakes strategy.”
Quantum-safe security assurance
Forescout’s technology works by analysing the cryptographic ciphers each device supports, scoring them against post-quantum safety standards and surfacing encryption risk—whether the device is managed or unmanaged, compliant, or evasive. Positioned at the network layer, Forescout can detect risky encryption usage, even when devices attempt to hide their identity or posture.
The Forescout 4D Platform enforces a four-pronged quantum-safe strategy: detect, enforce, mitigate, and control.
- Detect: Forescout’s patented technology identifies PQC-safe assets in real time, delivering cryptographic posture visibility across hybrid networks
- Enforce: Forescout eyeSegment allows network segmentation to isolate critical systems and secure communication pathways
- Mitigate: proprietary threat intelligence from Forescout Research – Vedere Labs, Forescout helps detect rogue assets or misconfigurations, to swiftly target policy enforcement
- Control: Forescout protects any devices that could be at risk by limiting their traffic
“As organisations prepare for a post-quantum future, detecting systems using outdated encryption is critical,” said Robert McNutt, Chief Strategy Officer, Forescout. “Forescout is already delivering on this with our patented technology—the only solution that identifies non-quantum-safe ciphers in real time. Whether it’s PHI from medical devices or financial data crossing the web, this level of visibility empowers our customers to assess risk accurately and prioritise remediation where it matters most.”
New research highlights need for PQC readiness
Forescout also released new research that shows most connected devices remain critically unprotected against emerging quantum computing threats.
Key findings:
- Only 6% of 186 million SSH servers on the Internet support quantum-safe encryption methods
- Less than 20% of global communications use Transport Layer Systems (TLS) 1.3, the only version of TLS supporting PQC
- Adoption of NIST-standardised algorithms like ML-KEM has surged 554% over six months yet remains below 0.1% of servers
- OT, IoT, and IoMT devices face even greater barriers, often requiring firmware overhauls or hardware replacement to support PQC
“We’re seeing a clear drop-off in PQC migration once the early adopters are accounted for,” said Daniel dos Santos, Head of Research, Vedere Labs. “The data shows that most systems aren’t upgrading fast enough to keep pace with the advancing threat model.”
Mitigating risk
- Adopt PQC for devices that must communicate over third-party infrastructure
- Ensure trusted network infrastructure is protected from attackers or use network tools that can access SPAN ports
- Avoid the use of ISPs and SASE tools for critical applications and highly secured systems
There’s plenty of other editorial on our sister site, Electronic Specifier! Or you can always join in the conversation by visiting our LinkedIn page.