Quantum computing is set to redefine the world's computational capabilities. Classical computers manipulate data in binary 0s and 1s, but quantum computers allow for a single quantum bit (or qubit) to represent multiple states simultaneously—this means that tasks formerly deemed computationally infeasible, like factoring large numbers, will be solved exponentially faster. Of course, this comes with risk. When quantum computing achieves large-scale usage, malicious actors will be able to use these powerful machines to break certain traditional encryption algorithms. Threat actors are already using a tactic called “harvest now, decrypt larger” in which they capture and steal encrypted data with the intention to decrypt it down the road. Therefore, transitioning to quantum-resistant algorithms, known as Post-Quantum Cryptography (PQC), is on the short-term roadmap for many CISOs.Zscaler is committed to providing the highest level of security for our customers and that includes timely adoption of the latest innovations in the encryption space. In that spirit, we’re excited to launch the Post-Quantum Cryptography Visibility report, now generally available to all customers in the Zscaler Admin Portal which can be accessed under Analytics > Interactive Reports > Web Activity > Post Quantum Cryptography Visibility.The new interactive report provides insights including details on PQC algorithms as applied to customer traffic including:Most frequently used PQC Key Exchange and SSL/TLS versionsDistribution of transactions, differentiating between traffic processed with PQC and non-PQC key exchangeTop users that have engaged in PQC key exchangeAccess Quantum Algorithm Data in Web Insights LogsWe know our customers need to access data in different ways that suit their workflows, and to that end we’ve updated the Web Insights Log report also to include quantum algorithm data at a granular level. The new fields and columns include:Client Digital Signature ProposalClient Key Exchange ProposalClient Side Key Exchange AlgorithmServer Side Key Exchange AlgorithmClient Side Digital Signature AlgorithmServer Side Digital Signature AlgorithmNanolog Streaming Service (NSS) Feeds Updated to Enable Ingesting Quantum Algorithm Data via APICustomers can also add the new fields listed below to the Feed Output Format when configuring an NSS or Cloud NSS feed for web logs. Once ingested via API into a SIEM or other data manipulation tool, IT or Security stakeholders can further examine the data for further analysis.%d{client_tls_keyex_pqc_offers}%d{client_tls_keyex_non_pqc_offers}%d{client_tls_keyex_hybrid_offers}%d{client_tls_keyex_unknown_offers}%d{client_tls_sig_pqc_offers}%d{client_tls_sig_non_pqc_offers}%d{client_tls_sig_hybrid_offers}%d{client_tls_sig_unknown_offers}%s{client_tls_keyex_alg}%s{server_tls_keyex_alg}%s{client_tls_sig_alg}%s{server_tls_sig_alg}Reduce the Friction of Transitioning to Post-Quantum CryptographyAccess to more data about your organization’s environment and the traffic it generates will reduce the friction of transitioning to post-quantum cryptography. With these new capabilities you can focus on three areas of activity to apply this new post-quantum cryptographic algorithm data for both strategic planning and operational execution:Identify and mitigate risks associated with post-quantum adoptionUnderstand how traffic is segregated between classical vs. PQC algorithms when it comes to what crypto stack and client algorithms are in use.Know what key exchange algorithms are in use by client software or other software services in your environment: the visibility we provide can show you what clients across your organization are not PQC-ready.Identify misconfigurations such as the usage of pure PQC key exchange algorithms instead of the industry-recommended hybrid approach. Visibility ensures that configurations adhere to best practices.Ensure compatibility and regulatory complianceMonitor hybrid cryptography use: many organizations will use hybrid cryptographic models during their transition from classical algorithms to PQC—for example, combining traditional algorithms (ECDHE) with post-quantum algorithms (ML-KEM). Visibility ensures that hybrid schemes are properly implemented and monitored for the strongest security.Manage algorithm vulnerabilities: knowing which algorithms are being used allows organizations to monitor for potential issues and pivot quickly if a particular algorithm is compromised or no longer recommended by the regulators or the security community.Protect against quantum threats and data theft todayClassical encryption detection: customers can monitor whether classical algorithms, such as ECDHE, are still being used alongside or instead of post-quantum algorithms. Doing so can detect transitional flaws during migrations from classical to quantum-resistant algorithms. Additionally, you can detect where older encryption methods are still used, exposing critical data to quantum threats (e.g., rapidly decrypting data that is transferred over communications leveraging a traditional key exchange algorithm instead of post-quantum algorithm).Encryption strength monitoring: Organizations can confirm that PQC algorithms are being correctly implemented to safeguard traffic from future quantum-powered decryption.Building the Foundation for a Quantum-Safe FutureThis release marks the first of three phases of Zscaler’s vision for a Post-Quantum Era: Now that we’re providing the visibility you need to know what quantum algorithms are in use on the traffic in your environment, we’re working now towards our second phase milestone of enabling full decryption and inspection of TLS traffic leveraging post-quantum key exchange. In our third phase we’ll support post-quantum digital signatures across the Zero Trust Exchange platform and fully transition to quantum-resistant algorithms. In summary, Zscaler is building the foundation for a secure digital future.
