Enterprises need to focus on gaining visibility into their cryptographic estate in preparation for impending changes needed to prepare for PQC and plan for accommodating hybrid and cryptographically agile implementations of PQC. Not all IT systems will be able to accommodate the expected compute and memory requirements of PQC software updates. The Palo Alto Networks announcement provides a smooth path for organizations dependent on legacy systems to combine PQC readiness with operational continuity.

Palo Alto Networks has applied an old concept to a new problem in taking a “virtual patching” approach to facilitating PQC readiness. Virtual patching has historically provided protection against vulnerabilities without modifying the code or system. In this case, Palo Alto Networks is providing a performance-optimized encryption proxy using the latest next-generation firewalls (NGFW), which are performance-optimized for PQC algorithms. Combining these NGFW with the latest update to PAN-OS introduces a "cipher translation proxy" that provides a bridge for web applications that must be protected but cannot be upgraded. This proxy adapts to a PQC world by translating classical cryptographic communications into quantum-safe ones and vice versa. 

The exact timing for a cryptographically capable quantum computer is unknown, but the challenges are engineering challenges rather than physics challenges. It is not if quantum computers will arrive, but rather when cryptographically relevant quantum computers will arrive. Palo Alto Networks is providing a path for enterprises to understand their cryptographic exposure and options for legacy infrastructure that cannot be updated to achieve PQC readiness.

The Palo Alto Networks solution is a major piece of PQC readiness that complements enterprise initiatives to prepare digital certificate infrastructure for the upcoming changes caused by quantum computing.