Forescout Research finds only 6% of SSH servers support post-quantum encryption, leaving vital data exposed to ‘harvest now, decrypt later’ attacks

Forescout, a global leader in cybersecurity, today announced a first-of-its-kind solution to detect non-quantum-safe encryption in real time—a critical breakthrough in securing enterprise infrastructure ahead of the quantum computing era.

This groundbreaking advancement anchors Forescout’s “Quantum-Safe Security Assurance” strategy for identifying, assessing, and closing post-quantum cryptography (PQC) security gaps across IT, OT, and IoT environments. Invented in 2023 and patented in 2024, Forescout's innovative technology continuously analyzes device encryption to pinpoint post-quantum vulnerabilities.

The urgency to become quantum-safe has never been greater. A recent Omnia study found that 40% of manufacturers expect customer use of quantum technologies by 2026. This timeline makes "harvest now, decrypt later" attacks—where threat actors hoard encrypted data to decrypt it via quantum computing in the future—an immediate concern. With the quantum technology timeline accelerating, most organizations are unprepared for this risk; only 6% of global devices use PQC, according to new data from Forescout Research – Vedere Labs.

“Quantum computing is no longer a far-off concept,” said Barry Mainz, CEO of Forescout. “It’s a fast-approaching reality that will challenge the foundations of digital trust. Every organization, public or private, needs to start thinking about post-quantum resilience across IT, OT, and IoT environments today. This is a rare opportunity to get ahead of a generational shift in cybersecurity before urgency overtakes strategy.”

Quantum-Safe Security Assurance

Forescout’s technology works by analyzing the cryptographic ciphers each device supports, scoring them against post-quantum safety standards and surfacing encryption risk—whether the device is managed or unmanaged, compliant, or evasive. Positioned at the network layer, Forescout can detect risky encryption usage, even when devices attempt to hide their identity or posture.

The Forescout 4D Platform™ enforces a four-pronged quantum-safe strategy: detect, enforce, mitigate, and control.

Detect: Forescout’s patented technology identifies PQC-safe assets in real time, delivering cryptographic posture visibility across hybrid networks.

Enforce: Forescout eyeSegment enables network segmentation to isolate critical systems and secure communication pathways.

Mitigate: Proprietary threat intelligence from Forescout Research – Vedere Labs, Forescout helps detect rogue assets or misconfigurations, to swiftly target policy enforcement.

Control: Forescout protects any devices that could be at risk by limiting their traffic.

“As organizations prepare for a post-quantum future, detecting systems using outdated encryption is critical,” said Robert McNutt, Chief Strategy Officer at Forescout Technologies, Inc. “Forescout is already delivering on this with our patented technology—the only solution that identifies non-quantum-safe ciphers in real time. Whether it’s PHI from medical devices or financial data crossing the web, this level of visibility empowers our customers to assess risk accurately and prioritize remediation where it matters most.”

New Research Underscores the Need for PQC Readiness

Forescout also released new research that shows most connected devices remain critically unprotected against emerging quantum computing threats.

Key findings:

• Only 6% of 186 million SSH servers on the internet support quantum-safe encryption methods.
• Less than 20% of global communications use Transport Layer Systems (TLS) 1.3, the only version of TLS supporting PQC.
• Adoption of NIST-standardized algorithms like ML-KEM has surged 554% over six months yet remains below 0.1% of servers.
• OT, IoT, and IoMT devices face even greater barriers, often requiring firmware overhauls or hardware replacement to support PQC.

“We’re seeing a clear drop-off in PQC migration once the early adopters are accounted for,” said Daniel dos Santos, Head of Research at Vedere Labs. “The data shows that most systems aren’t upgrading fast enough to keep pace with the advancing threat model.”

Immediate Steps to Mitigate Risk

• Adopt PQC for devices that must communicate over third-party infrastructure.
• Ensure trusted network infrastructure is protected from attackers or use network tools that can access SPAN ports.
• Avoid the use of ISPs and SASE tools for critical applications and highly secured systems.

Post-quantum cryptography is more than a future-proofing exercise—it’s a defining moment for cybersecurity. With its patented visibility technology and cross-domain platform, Forescout is uniquely positioned to help organizations take control of their cryptographic future.

To read the full report and learn how Forescout enables quantum-safe readiness, visit www.forescout.com.

About Forescout

For more than 25 years, Fortune 100 organizations, government agencies and large enterprises have trusted Forescout as their foundation to manage cyber risk, ensure compliance and mitigate threats. The Forescout 4D Platform™ delivers comprehensive asset intelligence, continuous assessment and ongoing control over all managed and unmanaged, agented and un-agentable assets across IT, OT, IoT and IoMT environments. Forescout’s open platform makes every cybersecurity investment more effective with seamless data integrations and automated workflow orchestration across more than 100 security and IT products. Forescout Research – Vedere Labs is the industry leader in device intelligence, curating unique and proprietary threat intelligence that powers Forescout’s platform.

View source version on businesswire.com: https://www.businesswire.com/news/home/20250717783040/en/