Find every quantum-vulnerable dependency.
Build the plan to fix it.

Qestrel inventories RSA, ECC, certificates, keys and cryptographic dependencies from the tools you already run, then turns that exposure into a board-ready post-quantum migration plan with vendor ownership and deadlines.

Aligned to NCSC migration guidance, NIST FIPS 203 / 204 / 205, and the 2035 transition horizon
No agents Read-only APIs Metadata only UK hosted
The quantum threat

Harvest now,
decrypt later.

Adversaries don't need a quantum computer today to put you at risk. They only need to capture your encrypted traffic and wait. Anything with a shelf life — health records, financial data, state secrets, IP — is already exposed.

01

Intercept

Encrypted data is captured in transit and stored, unread, at scale.

02

Store

It sits in an archive. Today's encryption holds — for now.

03

Decrypt

A quantum computer running Shor's algorithm breaks RSA and ECC retroactively. The archive is read in full.

// data captured2026
// algorithmRSA-2048
// status todaysecure
// quantum-vulnerableyes
// shelf life of data10–30 yrs
How it works

From your tools to a migration plan.

No agents, no rip-and-replace. Qestrel reads the cryptographic signals already sitting in your security stack and turns them into something you can act on.

01 / CONNECT

Pull from your existing tools

Qestrel integrates with the security tooling you already run, pulling encryption and certificate data via API — no new agents to deploy.

02 / MAP

Build your cryptographic estate

Every algorithm, key, certificate and dependency, assembled into a single live inventory — the visibility regulators now expect you to hold.

03 / PLAN

Generate the migration plan

A prioritised roadmap ranked by risk, including whether each vendor will handle the migration for you — and on what timeline.

What you leave with

Outputs your board, auditors and teams can use.

A demo should not end with a vague promise. Qestrel shows the concrete artifacts your security team needs to scope, fund and execute the migration.

01 / INVENTORY

Cryptographic estate map

A single inventory of algorithms, keys, certificates, systems, owners and source tools.

02 / EXPOSURE

Quantum vulnerability report

RSA, ECC and weak legacy cryptography ranked by impact, data sensitivity and time horizon.

03 / VENDORS

Vendor readiness map

Which suppliers own each fix, which fixes sit with your team, and where timelines create risk.

04 / ROADMAP

Board-ready migration plan

A prioritized plan that turns crypto exposure into budget, milestones and accountable work.

05 / EVIDENCE

Audit evidence pack

Exportable reports for risk committees, regulators, customers and internal assurance teams.

The platform

Built for security teams.
Ready on day one.

Qestrel connects to the tools you already run and surfaces your full cryptographic exposure — then turns it into a prioritised migration plan your team can act on immediately.

Screenshots show sample output from a demo estate.

SAMPLE OUTPUT / 01 / ASSESS

Instant visibility across your cryptographic estate

Qestrel pulls from ADCS, AWS, Azure Key Vault, CipherTrust and your other security tools to surface every algorithm, key and certificate — scored against NIST post-quantum standards the moment it connects.

// findings surfaced67,800
// quantum-vulnerable53,872
// avg risk score77.2 / 100
// sourcesADCS · AWS · Azure
Sample quantum risk dashboard showing findings, risk breakdown and attack vectors
The migration path

A deadline you can plan for.

NCSC sets out a phased route to post-quantum migration through 2035. Qestrel gives you the inventory, the plan and the vendor tracking to move through it on schedule.

PHASE 01 · NOW

Define & discover

Build the cryptographic inventory, identify your most sensitive long-lived data, and establish ownership. The work that makes everything after it possible.

PHASE 02 · BY 2028

Prioritise & plan

Translate the inventory into a migration roadmap. Sequence systems by risk, agree budget, and engage vendors on their PQC timelines.

PHASE 03 · BY 2031

Migrate high-priority systems

Your teams and vendors migrate the most exposed systems first — with Qestrel tracking progress and flagging where a vendor's timeline puts you at risk.

PHASE 04 · BY 2035

Complete the transition

Full estate migrated and crypto-agile, with Qestrel maintaining a live record of coverage as evidence for auditors and regulators.

Standards & assurance

Built on the new baseline.

We track the standards your auditors, regulators and government customers already recognise, and keep your migration plan aligned as post-quantum guidance evolves.

FIPS 203
ML-KEM — lattice-based key encapsulation
FIPS 204
ML-DSA — primary digital signature standard
FIPS 205
SLH-DSA — stateless hash-based signatures
NCSC
UK migration guidance to 2035
Falcon
FN-DSA / FIPS 206 standardisation tracked
HQC
NIST-selected backup KEM tracked for readiness
Security & trust

We hold your estate
to our own standard.

Qestrel connects to some of the most sensitive telemetry you own. We built it to earn that access — least privilege, metadata only, and nothing deployed inside your estate.

METADATA ONLY

We never see your keys or data

Qestrel reads cryptographic metadata — algorithms, certificates and configurations. Your private keys, secrets and plaintext never leave your systems and are never transmitted to us.

READ-ONLY

Least-privilege by design

Every integration uses the narrowest read-only API scope that does the job. Qestrel cannot modify, delete or write to any system it connects to.

REVOCABLE

Scoped access, fully audited

Credentials are encrypted, scoped per connection and revocable at any time. Every action Qestrel takes against your tools is logged for your review.

NO AGENTS

Nothing to deploy on your estate

Qestrel runs entirely from API connections. There are no agents on your endpoints or servers — no new software to approve, and no added attack surface.

Data residency
UK hosted
All data stored & processed in the UK
Cyber Essentials
Certified
UK government-backed baseline
UK GDPR
Compliant
Processed lawfully under UK GDPR
Assurance roadmap
ISO 27001
Actively working towards certification

Prepared for enterprise security review

For procurement and assurance teams, Qestrel can provide the materials needed to review access, data handling and operational controls before any production connection is approved.

Read-only scope matrix Data processing summary Architecture overview Audit logging model Credential handling notes Security pack on request
Get started

Book a PQC readiness demo.

In 30 minutes, see how Qestrel builds a cryptographic inventory, surfaces quantum-vulnerable dependencies, and turns the findings into a migration plan your security team can execute.

No agents Metadata only Read-only access Security pack available