Companies try to plan and pace their growth. Those plans go out the window when a merger or acquisition happens, as it did to DigiCert Inc.
DigiCert, based in Lehi, Utah, had long been a leading Certificate Authority (CA), providing electronic documents that verify and authenticate the identities of web sites and their visitors in order to enable encrypted communications.
When DigiCert acquired the digital certificate business of rival Symantec Inc. in 2017, it was like “swallowing a much bigger fish,” recalled Aaron Blakely, Director of Global Security Operations at DigiCert Inc.
Of course, that depended on DigiCert quickly and successfully taking over Symantec’s certificate operations, all the while maintaining 24/7 availability, and preserving the high-assurance security environment a Certificate Authority requires. That was no trivial task.DigiCert was able to absorb the new systems by leveraging AWS. The agility and capacity they gained from AWS meant DigiCert could migrate IT workloads to AWS platforms without missing a beat. To secure its new infrastructure from intrusions and DDoS attacks, DigiCert doubled down on its Imperva deployment.
Prior to Symantec, DigiCert had already switched DDoS and Web security for some of their existing on-premises applications away from the solution of another vendor, and adopted Imperva’s SaaS Web Application Security platform (formerly Incapsula). According to Blakely, the company got “tired of DDoS services that would scrub your traffic to death or block legitimate traffic.”The positive previous experience compelled Blakely and his team to use Imperva DDoS and WAF Protection to achieve the scale needed to keep the newly acquired Symantec systems safe and always available on AWS.
Using 44+ network operation centers around the globe, that are able to scrub 6+ Terabits-per-second of network traffic, Imperva DDoS Protection offers an industry-leading 3-second SLA to mitigate attacks against customers, including those that appear to be the biggest ever.
Imperva’s scale helped DigiCert withstand “some pretty big attacks that would’ve knocked over other solutions,” said Blakely.
By adding Imperva application security in front of its AWS sites – which Blakely said was a smooth transition – and with Imperva securing both DigiCert’s on-premise servers and AWS-hosted ones, DigiCert can manage its intricate, hybrid infrastructure from a ‘single pane of glass,’ saving Blakely’s team valuable time.
Imperva’s turnkey automation also mitigates attacks against DigiCert quickly without requiring Blakely’s team to respond at all hours.
“If you work in operations like me, you’re usually signing up to be woken up at 3 AM to deal with issues. That gets old after a while,” Blakely said. With Imperva, “we don’t have to respond nearly as much as we used to. That’s taken a big load off of my team.”
Today, DigiCert uses Imperva to protect virtually all of their web application footprint. The ROI of Imperva is simple to calculate, because any downtime is lost revenue for DigiCert, and “we know exactly how much revenue we generate every day,” said Blakely.
“We’re paying a small price to avoid lost business and bad customer experiences,” he said.
Watch this webinar hosted by AWS and Imperva to learn more about how Imperva helped Digicert automate its DDoS and other application security. And read more customer case studies and learn more about Imperva Application Security.