>
    Strata Copilot
    How To Use the Quantum-Safe Security App
    Focus
    Download PDF
    Focus
    1. Home
    2. Network Security
    3. Quantum-Safe Security App
    4. How To Use the Quantum-Safe Security App
    Download PDF
    Network Security

    How To Use the Quantum-Safe Security App

    Table of Contents

    How To Use the Quantum-Safe Security App

    Accomplish common PQC migration planning and preparation tasks.
    Where Can I Use This?What Do I Need?
    • NGFW (Managed by Strata Cloud Manager)
    • Prisma Access (Managed by Strata Cloud Manager)
    The Quantum-Safe Security app translates asset and cryptographic metadata into actionable insights and recommendation workflows. You can leverage the inventory and dashboard to streamline critical PQC migration planning and preparation tasks, including assessing risk at the organizational and individual asset levels, identifying remediation options, and setting migration priorities.
    The following table outlines common use cases and how to use the app to achieve the specific goal.
    Use CaseHow to do it
    I want to identify specific assets that are ready for migration.
    Select the Inventory tab, and then click Add Filter. Apply the Quantum Readiness filter and select Ready to see all assets whose underlying hardware and software currently support PQC.
    To narrow your focus further, combine this with the Type filter. For example, to identify web applications ready for migration, select the Internet filter for Type and the Quantum Readiness filter (Ready).
    I want to prioritize assets vulnerable to Harvest Now, Decrypt Later (HNDL) attacks.
    1. Open the Overview dashboard and look at the central pie chart to view the total volume of data currently exposed to HNDL risks.
    2. Click View Details on the HNDL risk category to reveal top risk contributors and other information.
    3. Switch to the Inventory view, click Add Filter, and then filter by Cryptography Risk to isolate the specific assets transmitting this vulnerable data so you can move them to the top of your migration queue.
    I want to pinpoint the root cause of a weak cryptographic session.
    Select the problematic asset in the Inventory view (click the Asset Name) to inspect details, such as the cryptography in use.
    The app automatically traces the vulnerability back to its exact source, revealing whether the weak cryptography stems from a specific underlying crypto-library (such as a deprecated OpenSSL version) or an outdated operating system.
    I want to secure legacy IoT devices or infrastructure that I cannot easily upgrade.Use the Inventory view to identify non-upgradable assets. For these devices or infrastructure, you will see cipher translation recommendations. By following the steps to enable the Cipher Translation Proxy, your NGFW acts as an inline proxy that intercepts the legacy classical algorithms and re-encrypts the traffic into quantum-resistant algorithms (ML-KEM) at the network edge in real-time, requiring zero code changes to the legacy endpoint itself.
    I want to find the exact upgrade path to make an asset quantum-safe.
    1. In the Inventory view, click Show Recommendations.
    2. Click the Quantum Safe category of recommendations.
      This opens a dedicated side panel displaying targeted mitigation steps. You can use the search bar within the recommendations panel to look for specific terms like "hardware" or "software" to find exact guidance, such as whether a device requires an OS upgrade or a certificate compliance change.
    I want to identify the specific firewall configurations and policies permitting weak cryptography.
    Select the problematic asset (click the Asset Name) in the Inventory view. The app provides policy-level visibility that reveals exactly which decryption profiles, decryption policy rules, or security policy rules are actively allowing weak or vulnerable sessions. This enables you to assess the business impact of a configuration change before applying it to block the vulnerable cryptography.
    You can also filter assets by the Data Exposure risk and view recommendations specific to these assets.

    © 2026 Palo Alto Networks, Inc. All rights reserved.