Quantum computers aren’t just theoretical anymore. Cybersecurity teams are already dealing with “harvest now, decrypt later” attacks, where hackers store encrypted data today and wait for quantum power to break it. Forescout’s research suggests only about 6% of internet-facing SSH servers are using post-quantum encryption. That leaves nearly 94% vulnerable, making them prime targets for future-proofing threats.
What Forescout Unveiled
Forescout has released a patented technology, part of its 4D Platform, that continuously scans networks across IT, OT, IoT, and medical devices to detect encryption that quantum computers could eventually break. Invented in 2023 and patented in 2024, this innovation analyzes the cryptographic ciphers each device supports, scores them against post-quantum safety standards, and flags risky encryption in real time.
How It Works
Device Discovery
It identifies every device on the network, including unmanaged ones, using behavior analysis, traffic inspection, and handshake monitoring.
Encryption Scoring
It examines each device’s cryptographic protocols (like SSH and TLS) and scores them based on compliance with post-quantum standards.
Real-Time Alerts
If a device is using non-quantum-safe encryption, the system flags it immediately, even if the device hasn’t gone through a traditional scan.
Forescout 4D Platform: A Four-Step Strategy
Detection
It enables real-time discovery of vulnerable encryption.
Enforcement
With tools like eyeSegment, it isolates risky devices from critical systems.
Mitigation
Vedere Labs’s threat intelligence helps identify misconfigurations and rogue devices.
Control
The system restricts or blocks traffic from non-compliant devices until they meet updated safety standards.
Research Underscores the Risk
A study using data from Censys and Shodan revealed the following:
- Out of 186 million SSH servers, only about 6% support post-quantum cryptography.
- Among OpenSSH servers, just over 20% offer that support.
- Adoption of ML-KEM, a NIST-approved method, grew 554% in six months, but still makes up less than 0.1% of total servers.
- Fewer than 20% of TLS servers have upgraded to TLS 1.3, the only version supporting post-quantum encryption.
- About 75% of OpenSSH servers still run on versions from 2015 to 2022, which don’t support post-quantum encryption.
Where We Go From Here
Barry Mainz, CEO of Forescout, says quantum computing is no longer a future concern. Organizations need post-quantum resilience now. Robert McNutt, CSO, believes this new tech gives customers the ability to assess risk precisely and focus efforts where they count.
An Omnia study shows 40% of manufacturers expect clients to adopt quantum tech by 2026. That increases the urgency, as today’s encrypted records could be cracked tomorrow.
The Bottom Line
This is a race against time. Forescout isn’t just raising alarms. They’re offering visibility, risk scoring, and active controls that let organizations move from reactive defense to proactive resilience. As quantum threats get closer, this kind of tech becomes a necessity, not a luxury.
