Next-Generation Technologies & Secure Development , Security Operations , Web Application Firewalls (WAF)

DigiCert to Buy Vercara to Boost DNS Security, Digital Trust

Deal to Unite DNS and SSL for Big Enterprises, Streamline Digital Trust Management
DigiCert to Buy Vercara to Boost DNS Security, Digital Trust
Amit Sinha, CEO, DigiCert (Image: DigiCert)

DigiCert will purchase an enterprise DNS service provider led by the former CEO of Arbor Networks to simplify automation, reduce outages and minimize security risks.

The Salt Lake City-area digital trust provider said its proposed buy of Washington, D.C.-area Vercara will simplify DNS management, automate certificate issuance and reduce operational costs for large firms, said CEO Amit Sinha. Automating certificate issuance and domain validation will address demands for simplified digital trust management and enhance DNS services for large and midmarket clients, he said.

"Automation is an absolute requirement in the multi-cloud world that we live in," Sinha said. "Getting DNS from your cloud provider ties you down to that infrastructure. So, if you do have a hybrid, multi-cloud approach, keeping a neutral provider for your SSL and DNS makes it much more suitable to today's environment."

Vercara was founded in 1996, employs 250 people and hasn't raised any outside funding. The company has been led since January 2022 by Colin Doherty, who previously spent more than seven years at Arbor Networks, including five years as the DDoS protection and network visibility vendor's CEO. Arbor was bought in January 2015 by service assurance firm NetScout Systems as part of a $2.3 billion transaction (see: KillNet: The Next-Generation DDoS Group?).

Why DNS and SSL Are Better Together

DNS and SSL are two critical building blocks for digital trust on the internet, Sinha said. SSL ensures secure, encrypted communications while DNS plays a key role in managing domain registrations. There's significant customer overlap between DigiCert's SSL certificate services and Vercara's DNS solutions, he said, particularly among large enterprises and Fortune 500 companies, making the acquisition beneficial.

Integrating DNS and SSL on the same platform simplifies tasks such as domain control validation and automating certificate issuance, Sinha said, reducing the potential for outages and improving security. Having DNS and SSL on the same platform makes it easier for security and infrastructure teams to manage and integrate those services, simplifying the process for large organizations, according to Sinha.

"It just makes it easy when security and infrastructure teams have products from the same company when it comes to integrating and simplifying DNS management and simplifying certificate management," Sinha said.

DigiCert was already familiar with the DNS space through its June 2022 acquisition of DNS Made Easy, which services midmarket customers. The opportunity to acquire Vercara's enterprise-level DNS was exciting due to customer overlap and product synergies, Sinha said. Vercara handles about 20% of all DNS requests globally, including those from major hyperscalers and Fortune 500 companies, Sinha said (see: DigiCert Snags Longtime Zscaler Executive Amit Sinha as CEO).

DigiCert plans to take a phased approach to integration, focusing initially on general and administrative functions such as human resources, finance and legal and then turning to the product and sales divisions further down the road, Sinha said. Within the first year of closing, DigiCert aims to onboard Vercara's leadership and combine SSL and DNS to enhance customer trust and security automation, Sinha said.

Digital Trust Beyond DNS

Automating DNS and SSL management for large organizations with thousands of certificates reduces the risk of outages due to certificate expiration, according to Sinha. Automating processes such as domain control validation, meanwhile, reduces the likelihood of outages and lowers operational costs, he said.

"There's a lot of push in the industry toward automation," Sinha said. "Large organizations have hundreds of thousands of certificates that all need main control validation. How can we automate it?"

A year after the closing, Sinha said, DigiCert will turn its attention to deep functional integration and the exploration of AI-driven product enhancements around DDoS protection, API security and web application firewalls. Analyzing the large amount of data from DNS requests using artificial intelligence could help with identifying patterns and improving detection around botnets and phishing attempts.

"Initially, it's more focused on use cases like certificate management and DNS, but as we go deeper, you can think about customers getting a unified stack for their online experiences, starting with basic DNS and SSL and adding the ability to do DDoS, API gateway, botnet management and even CDN," Sinha said. "These become nice, layered services from a vendor consolidation perspective."

DigiCert will measure the success of the Vercara acquisition based on annual recurring revenue growth and profit margins, and the company is focused on balancing efficiency and growth, according to Sinha. He advised CISOs to view DNS and SSL as vital components of digital trust and recognize the importance of automation in managing digital certificates and stopping breaches, especially in multi-cloud settings.

"PKI, SSL and DNS often are thought of as plumbing, but they're absolutely essential to digital trust, and it's unfortunate that they get noticed at the CISO or CSO level only when there's an outage or there's a breach," Sinha said.


About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing paymentsecurity.io, you agree to our use of cookies.