Everything you need to know about QUANTRAMA and post-quantum security transition
QUANTRAMA is a Quantum Transition Management platform that helps organizations prepare for post-quantum security standards. We provide automated vulnerability assessment, migration roadmaps, and quantum-safe architecture advisory to scan your domains, subdomains, API endpoints, and SSL/TLS certificates for encryption algorithms that are mathematically vulnerable to quantum attacks.
Quantum computers are expected to break current encryption standards (RSA, ECC). The timeline is uncertain, but adversaries are already conducting "harvest now, decrypt later" attacks, storing encrypted data to decrypt once quantum computers are powerful enough.
NIST released official post-quantum security standards in August 2024. Organizations need to start migrating now to be ready before quantum computers become a practical threat.
Basic domain scans complete in 1-3 minutes. Scans with subdomain discovery enabled may take 5-10 minutes depending on how many subdomains are found. Scans with API endpoint detection can take 10-15 minutes for comprehensive coverage.
No! QUANTRAMA is a fully cloud-based SaaS platform. Simply enter your domain and start scanning. No software installation, no agents, no network access required.
The current version scans public-facing domains and endpoints only. For scanning internal infrastructure, contact us about our Enterprise plan which includes on-premises deployment options and custom integrations.
Yes! We use privacy-first handshake-only scanning with zero-knowledge architecture. We only analyze cryptographic metadata from SSL/TLS handshakes and API responses - we never access or store your actual data.
All scans are performed in real-time and results are only visible to you. We don't store scan results permanently unless you explicitly save them to your account.
Yes. We are fully compliant with GDPR, CCPA, and other major data privacy regulations. We only collect the minimum necessary data (email, domain names), never sell user data, and provide data deletion on request.
No. Our scans use standard HTTPS connections just like regular visitors. We rate-limit requests to be respectful of your servers (max 2-5 requests per second). Scanning will not cause any noticeable performance impact.
Scanning may appear in your server logs as normal HTTPS traffic. If you have intrusion detection systems (IDS/IPS), you may want to whitelist our scanner IP addresses to avoid false positives. Contact support for our current IP ranges.
Only you. Scan results are private and only visible to your account. We never share, sell, or publish your scan results. Enterprise customers can use white-label reports to share results with stakeholders under their own branding.
We detect quantum-vulnerable encryption including:
NIST-approved post-quantum security standards (finalized August 2024):
We use a combination of DNS enumeration techniques including common subdomain wordlists, DNS brute-forcing, and certificate transparency logs. Once subdomains are discovered, we scan each one individually for quantum vulnerabilities.
We probe for common API paths (/api, /v1, /graphql, etc.) and analyze responses to identify REST APIs, GraphQL endpoints, and OpenAPI/Swagger documentation. We then scan detected endpoints for API-specific vulnerabilities like weak JWT signing algorithms.
Scheduled scans automatically run at specified intervals (daily, weekly, or monthly). You can configure email notifications to alert you when critical vulnerabilities are found, when new issues appear, or for every scan completion. Perfect for continuous monitoring.
Scan comparison shows before/after changes between two scans of the same domain. We track new vulnerabilities, resolved issues, changed vulnerabilities (severity changes), and unchanged issues. This helps you monitor your migration progress over time.
Yes! Use our Bulk CSV Import feature to upload up to 50 domains at once. Download our CSV template, fill in your domains with scanning options, and upload. We'll create and run scans for all domains automatically.
Yes! Our Security Snapshot plan is free forever and includes instant scans for up to 10 assets, quantum readiness scoring, vulnerability reports, and PDF exports. No credit card required. Perfect for small businesses and personal projects.
Yes! You can upgrade from Free to Professional or Enterprise at any time. Downgrades are also available at the end of your billing period. No long-term contracts required for Professional tier.
Free tier covers up to 10 assets. Professional tier is priced based on your total asset count (up to 500 assets), typically $5K-$15K/month. Enterprise tier has unlimited assets with custom pricing based on your needs. Contact sales for an exact quote.
We accept all major credit cards (Visa, Mastercard, Amex), ACH/wire transfer, and can accommodate purchase orders for Enterprise customers. Annual prepayment discounts available (10-20% off depending on plan).
Yes. We offer a 30-day money-back guarantee for Professional tier subscriptions. If you're not satisfied within the first 30 days, contact support for a full refund. Enterprise contracts have custom terms negotiated during sales.
Transparency builds trust. We believe you should know what you're paying for upfront, not after endless sales calls. This is part of what makes us different from traditional enterprise security vendors. We want to make post-quantum security accessible to everyone, not just large enterprises with big budgets.
Our team is here to help. Get in touch and we'll respond within 24 hours.