Analyst(s): Dr. Bob Sutor
Publication Date: August 16, 2024
The News: Digital security company DigiCert announced on August 14 that it plans to acquire cloud-based security company Vercara. The acquisition will expand DigiCert’s capabilities to secure a user’s online presence against malicious attacks on DNS and via Distributed Denial-of-Service (DDoS).
DigiCert Expands Security Portfolio with Planned Vercara Acquisition
Analyst Take: Among the reasons companies acquire other companies, filling functionality gaps and expanding customer bases are near the top. Digicert, already strong in core Public Key Infrastructure (PKI) and certificate management infrastructure, adds Vercara’s “Ultra” series of products for hosted DNS, detecting and blocking malicious queries, DDoS mitigation, web application firewalls, and secure API calls. DigiCert is quickly becoming a one-stop shop for enterprises to secure their online presence. The combined sets of customers will benefit from the product integration I expect to see beginning late this year and into 2025.
About the Security Companies
DigiCert was founded in 2003 in Lehi, Utah, approximately 30 miles south of Salt Lake City and 17 miles northwest of Provo. In addition to organic technology and market development, it grew via acquisitions of TLS/SSL and PKI businesses from Verizon and Symantec and full acquisitions of QuoVadis, Mocana, and DNS Made Easy. The functionality of DNS Made Easy may overlap with Vercara’s offerings, and DigiCert must reconcile and publicize the conjoined DNS set of solutions. Digicert is backed by private equity firms Clearlake Capital Group, Crosspoint Capital Partners, and TA Associates Management.
Vercara is based in Herndon, VA, west of Washinton, DC, near Dulles International Airport. It got its current company name in 2023 when Neustar Security Services was rebranded after the bulk of Neustar was sold to GoDaddy and TransUnion. Neustar itself was founded in 1998 as a subsidiary of Lockheed Martin Corporation. Singaporean sovereign wealth fund GIC Private Limited and private equity firm Golden Gate Capital owned Vercara before the acquisition by DigiCert.
The Expanded Security Portfolio
Here are some examples of the features in DigiCert’s five categories of security solutions:
- Enterprise IT, PKI, and Identity – managing the certificate lifecycle as more users move to the cloud, companies become crypto-agile, the threat of PKI-service outages increases, and enterprises need greater visibility into their certificate collections.
- Websites and Servers – managing the complete Transport Layer Security/Secure Sockets Layer (TLS/SSL) certificate lifecycle for Internet data integrity, security, and privacy.
- Code and Software – scanning for open-source, free-software/GPL, third-party, and malicious code and libraries, together with a Software Bill of Materials (SBOM) listing all detectable code sources.
- Documents and Signing – providing document provenance via secure digital signatures, electronic seals, and timestamps.
- IoT and Connected Devices – ensuring certification of the safety and intended performance of a device’s hardware and software, as required by policies including the European Union Medical Device Regulation (EU MDR).
With Vercara, DigiCert gains the following capabilities, among others:
- Managed, authoritative, top-level domain, and protective DNS – providing cloud-based DNS services at enterprise security levels with threat detection and response.
- DDoS protection – mitigating denial-of-service attacks with support for IPv6 and OSI Layer 3 (network), Layer 4 (transport), and Layer 7 (application, including HTTP).
- Web application and API security – securing software access to web services via application programming interfaces (APIs) through API discovery and inventory, testing and monitoring, and protection against bot attacks.
- Web Application Firewall (WAF) – protecting websites and applications from data breaches, alterations, and bot attacks, regardless of where the web assets are hosted.
DigiCert and Post-Quantum Cryptography
Although unrelated to the Vercara acquisition, I want to make note of DigiCert’s post-quantum cryptography capabilities, given the publishing of three new standards by the National Institute of Standards and Technology (NIST) this week.
Bad actors may someday crack current cryptographic protocols such as RSA once quantum computers get large enough and powerful enough. This is still several years away if it happens, but we must prepare for the possibility. I predict that no one will use a quantum computer to break transactional security in the next several years, but it can take years and possibly more than a decade for an organization to implement new encryption/decryption methods. Moreover, thieves are stealing data now, hoping to eventually gain access to private and confidential information once quantum computing matures.
DigiCert was among the first companies to recognize that security would need to be upgraded because of potential quantum attacks. The company will support the new standards within its Trust Lifecycle Manager solution. An organization must be crypto-agile to accelerate the adoption of the latest specifications. Given the increased enterprise, cloud, and web attacks, I don’t think there is any excuse for delaying this move.
In 2023, DigiCert published its guidance on creating a quantum-safe cybersecurity infrastructure. It’s worth a read and should encourage you to start or augment your journey to crypto-agility.
Key Takeaway
The acquisition of Vercara simply makes sense. The portfolios of security solutions are largely discrete, and the merger of the two provides required security capabilities for customers from a single, trusted vendor.
For additional details, see the “DigiCert to Acquire Vercara, Strengthening Its Position as a Leader in Digital Trust” press release.
Disclosure: The Futurum Group is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.
Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of The Futurum Group as a whole.
Other Insights from The Futurum Group:
Quantum in Context: IBM Key to New NIST Post-Quantum Crypto Standards
Cybersecurity Summer-to-Date 2024 Monthly Market Snapshot Report
Security Investments Rise as Threat Landscape Darkens
Author Information
Dr. Bob Sutor is an expert in quantum technologies with 40+ years of experience. He is the accomplished author of the quantum computing book Dancing with Qubits, Second Edition. Bob is dedicated to evolving quantum to help solve society's critical computational problems.
