What is a one sentence summary of your feature request?
Add full visibility, detection, and policy enforcement support for Post-Quantum Cryptography (PQC) algorithms within Netwrix Endpoint Protection, including compatibility with PQC-enabled applications.
Please describe your idea in detail. What is your problem, why do you feel this idea is the best solution, etc.
With the rapid development and adoption of Post-Quantum Cryptography (PQC) algorithms across major vendors (AWS, Google, Apple, Signal) and open-source implementations like OQS-OpenSSL, customers are increasingly concerned about how Netwrix EPP handles PQC-enabled communications. PQC algorithms introduce new cipher suites that may not be recognized or supported by current deep packet inspection (DPI) within EPP.
During customer testing, PQC-enabled connections were blocked or downgraded when DPI was active. This indicates a compatibility gap that may prevent organizations from safely enabling PQC functionalities, and may also allow threat actors to exploit unsupported PQC implementations to bypass security controls or create covert channels.
The feature request is to ensure EPP can detect, analyze, and enforce policies on PQC-based communications, including. Such an enhancement ensures that EPP remains future-proof as PQC becomes mainstream and prevents blind spots created by unsupported cryptography.
How do you currently solve the challenges you have by not having this feature?
Customers currently mitigate PQC issues by disabling DPI for specific applications or URLs. This approach restores functionality but reduces inspection, visibility, and enforcement on these communications, creating potential blind spots and weakening security posture.