DigiCert posts record Q4 growth driven by digital trust demand
The company said it closed Q4 at 104% of its target for net new annual contract value (NNACV), a result 25% higher than any previous quarter in its history. DigiCert indicated that it surpassed expectations for the entire second half of the fiscal year, achieving 102% of its total annual contract value plan.
Chief Executive Officer Amit Sinha said, "Our record results highlight the increasing need for digital trust in a rapidly evolving security landscape. Organisations worldwide are embracing our DigiCert ONE platform to centralise and simplify digital trust management. By securing the entire digital footprint—from authentication and encryption to DNS—our solutions help enterprises reduce risk, eliminate outages, and improve operational efficiency."
Between January 2024 and February 2025, DigiCert reported a 67% rise in customers purchasing both a certificate and at least one DigiCert ONE solution, which the company said demonstrates growing demand for integrated, end-to-end platforms.
DigiCert's business expansion during the fiscal year included the acquisition of Vercara, a move aimed at bolstering its digital trust capabilities and adding UltraDNS to its offerings. According to the company, this strengthens its position in providing security solutions to enterprises globally.
The company also expanded its leadership team, appointing Lakshmi Hanspal as Chief Trust Officer and Atri Chatterjee as Chief Marketing Officer. In addition, Dr. Taher Elgamal, known as the "father of SSL", joined DigiCert as a strategic advisor.
Sinha added, "Our record results highlight the increasing need for digital trust in a rapidly evolving security landscape. Organisations worldwide are embracing our DigiCert ONE platform to centralise and simplify digital trust management. By securing the entire digital footprint—from authentication and encryption to DNS—our solutions help enterprises reduce risk, eliminate outages, and improve operational efficiency."
DigiCert supported the advancement of post-quantum security through its inaugural World Quantum Readiness Day, an event focused on driving awareness and action for quantum-safe preparedness. The event drew nearly 4,000 registrants, including experts such as Dr. Peter Shor, Dr. Taher Elgamal, Dr. Bob Sutor, and representatives from Google, Accenture, Deloitte, IBM, Cisco, and NIST.
In terms of product development, DigiCert said it prioritised innovation through its new DigiCert ONE platform. Throughout FY2025, the company filed 81 patent applications, including nine specific to artificial intelligence and machine learning, 10 related to post-quantum cryptography, and four in the area of content authentication.
During the year, the company also introduced DigiCert Device Trust Manager, a platform that provides IoT manufacturers with security management throughout the lifecycle of connected devices. DigiCert cited industry reports projecting the number of connected devices to reach 56 billion, highlighting the need for secure provisioning, compliance management, and risk mitigation. The Device Trust Manager is designed to deliver automated provisioning, end-to-end visibility, and real-time monitoring for connected devices.
Additionally, DigiCert announced the availability of Common Mark Certificates (CMCs) to help organisations display verifiable indicators of digital trust. The company stated that it is currently the only provider offering both Common Mark Certificates and Verified Mark Certificates, addressing compliance requirements and reputation protection for enterprises operating online.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Techday NZ
an hour ago
- Techday NZ
Workday breach exposes business contact data via CRM attack
Workday has disclosed a data breach after attackers exploited a third-party Customer Relationship Management (CRM) platform through social engineering tactics. The company confirmed that no customer tenant or core system data was affected, with the exposed information limited to business contact details such as names, email addresses and phone numbers. The breach, discovered on 6 August and disclosed on 15 August, involved attackers impersonating HR and IT staff to trick employees via SMS and phone calls. This enabled access to the CRM through malicious OAuth applications. Workday said it has since blocked unauthorised access, introduced additional safeguards, and urged stakeholders to remain vigilant against phishing attempts. The company stressed that official communications will never request passwords or sensitive data over the phone. The incident follows a wave of similar CRM-targeted breaches affecting companies including Google, Adidas and Qantas, underscoring the growing threat of OAuth abuse and the risks associated with third-party integrations. Expert reaction Security experts have warned that the breach highlights the growing risks posed by social engineering and third-party applications. Dray Agha, senior manager of security operations at Huntress, said: "This incident underscores three non-negotiable defences: Eliminate OAuth blind spots and enforce strict allow-listing for third-party app integrations and review connections at regular intervals. Adopt phishing-resistant MFA: Hardware tokens are essential, as 'MFA fatigue' attacks remain trivial. A huge number of attacks begin with social engineering, users being deceived, and user enrolment in execution of malware - effective security awareness training is a must for any organisation that wishes to repudiate cyber-attacks." Tim Ward, CEO and co-founder at Redflags, noted the psychological risks of such attacks: "Workday's warning is correct; any information that attackers can use to increase 'familiarity' in subsequent social engineering attacks will significantly increase their impact. Psychological effects like authority bias, cognitive ease, social proof, and the mere exposure effect mean we are more likely to trust communications from them and be less likely to check for or notice telltale signs of social engineering. A healthy scepticism combined with helpful security awareness nudges at the point of risk to help encourage caution can be critical to protect people in organisations from these threats." Boris Cipot, senior security engineer at Black Duck, emphasised the manipulative nature of such attacks: "Social engineering is a manipulative attack method that relies on psychology and social interaction skills to deceive victims into releasing sensitive information. Attackers trick victims into performing actions that aid in gaining access to sensitive information, often requiring multiple interactions and 'internal' information to appear legitimate. To protect against social engineering, organisations should establish and enforce strict procedures for handling sensitive information, such as not providing information over the phone, even to high-ranking executives, including the CEO." He added: "Although the breached information may be limited to commonly known business data in this case, individuals should still be vigilant to avoid falling prey to further attacks." Jamie Akhtar, CEO and co-founder at CyberSmart, said training is crucial: "This breach demonstrates two things. Firstly, given that Workday is the latest in a long list that includes Adidas, Qantas, Google, and Air France-KLM to be compromised in this way, it shows how effective and sophisticated social engineering campaigns have become. Secondly, it highlights the need for every business to engage in proper, targeted cybersecurity awareness training. It's very difficult to completely eliminate social engineering threats through technical means alone." Third-party risk Darren Guccione, CEO and co-founder of Keeper Security, warned that integration points remain vulnerable: "The data breach impacting Workday is a perfect illustration of the persistent and evolving risk posed by social engineering tactics targeting third-party platforms. The situation is reflective of a troubling trend across enterprise software vendors, and it appears connected to a broader wave of recent attacks similarly targeting CRM systems at multiple global enterprises via sophisticated social engineering and OAuth-based tactics." He added that organisations must "require all partners and third-party platforms to undergo regular security assessments and continuous monitoring". Javvad Malik, lead security awareness advocate at KnowBe4, said: "Social engineering continues to be the most common way organisations get breached, for this very reason, that technical controls have their limitations. We currently don't have effective ways for technology to screen and block phone calls in the same way that we can reduce some of the risk with emails." Chris Hauk, consumer privacy advocate at Pixel Privacy, called for stronger internal processes: "Organisations like Workday need to put processes in place that will foil vishing calls like the ones that took down Workday. Companies need to train their employees and executives on how to recognise schemes like this and provide ways to immediately contact IT when an attempt occurs." Chris Linnell, associate director of data privacy at Bridewell, highlighted the importance of supply chain security: "The recent disclosure by Workday regarding a breach of its third-party CRM platform has understandably raised concerns across the data protection and security community. On the surface, the impact appears to be low – primarily because the compromised data consists of business contact information, much of which is already publicly accessible. However, this should not lull organisations into complacency. The real risk lies in the potential for targeted social engineering attacks." He concluded: "This incident underscores the ongoing need for robust employee training around social engineering. Traditional phishing simulations are no longer sufficient. Organisations must explore more creative and engaging methods to ensure that awareness messaging resonates and drives behavioural change. Finally, the breach serves as a reminder of the importance of supply chain security. As the saying goes, you're only as strong as your weakest link."
Techday NZ
12 hours ago
- Techday NZ
Google Cloud unveils advanced AI security tools & SOC updates
Google Cloud has announced new security solutions and enhanced capabilities focused on securing AI initiatives and supporting defenders in the context of growing enterprise adoption of artificial intelligence technologies. With the introduction of AI across various sectors, organisations are increasingly concerned with the risks presented by sophisticated AI agents. Google Cloud has responded by expanding on the security measures available within its Security Command Centre, emphasising protection for AI agents and ecosystems using tools such as Sensitive Data Protection and Model Armour. According to Jon Ramsey, Vice President and General Manager, Google Cloud Security, "AI presents an unprecedented opportunity for organizations to redefine their security posture and reduce the greatest amount of risk for the investment. From proactively finding zero-day vulnerabilities to processing vast amounts of threat intelligence data in seconds to freeing security teams from toilsome work, AI empowers security teams to achieve not seen before levels of defence and efficiency." Expanded protection for agentic AI Google Cloud has detailed three new capabilities for securing AI agents in Google Agentspace and Google Agent Builder. The first, expanded AI agent inventory and risk identification, will enable automated discovery of AI agents and Model Context Protocol (MCP) servers. This feature aims to help security teams quickly identify vulnerabilities, misconfigurations, and high-risk interactions across their AI agent estate. The second, advanced in-line protection and posture controls, extends Model Armour's real-time security assurance to Agentspace prompts and responses. This enhancement is designed to provide controls against prompt injection, jailbreaking, and sensitive data leakage during agent interactions. In parallel, the introduction of specialised posture controls will help AI agents adhere to defined security policies and standards. Proactive threat detection rounds out these developments, introducing detections for risky behaviours and external threats to AI agents. These detections, supported by intelligence from Google and Mandiant, assist security teams in responding to anomalous and suspicious activity connected to AI agents. Agentic security operations centre Google Cloud is advancing its approach to security operations through an 'agentic SOC' vision in Google Security Operations, which leverages AI agents to enhance efficiency and detection capabilities. By automating processes such as data pipeline optimisation, alert triage, investigation, and response, Google Cloud aims to address traditional gaps in detection engineering workflows. "We've introduced our vision of an agentic security operations center (SOC) that includes a system where agents can coordinate their actions to accomplish a shared goal. By offering proactive, agent-supported defense capabilities built on optimizing data pipelines, automating alert triage, investigation, and response, the agentic SOC can streamline detection engineering workflows to address coverage gaps and create new threat-led detections." The new Alert Investigation agent, currently in preview, is capable of autonomously enriching events, analysing command-line interfaces, and building process trees. It produces recommendations for next steps and aims to reduce the manual effort and response times for security incidents. Expert guidance and consulting Google Cloud's Mandiant Consulting arm is extending its AI consulting services in response to demand for robust governance and security frameworks in AI deployments. These services address areas such as risk-based AI governance, pre-deployment environment hardening, and comprehensive threat modelling. Mandiant Consulting experts noted, "As more organizations lean into using generative and agentic AI, we've seen a growing need for AI security consulting. Mandiant Consulting experts often encounter customer concerns for robust governance frameworks, comprehensive threat modeling, and effective detection and response mechanisms for AI applications, underscoring the importance of understanding risk through adversarial testing." Clients working with Mandiant can access pre-deployment security assessments tailored to AI and benefit from continuous updates as threats evolve. Unified platform enhancements Google Unified Security, a platform integrating Google's security solutions, now features updates in Google Security Operations and Chrome Enterprise. Within Security Operations, the new SecOps Labs offers early access to AI-powered experiments related to parsing, detection, and response, many of which use Google Gemini technology. Dashboards with native security orchestration, automation, and response (SOAR) data integration are now generally available, reflecting user feedback from previous previews. On the endpoint side, Chrome Enterprise enhancements bring secured browsing to mobile, including Chrome on iOS, with features such as easy account separation and URL filtering. This allows companies to block access to unauthorised AI sites and provides enhanced reporting for investigation and compliance purposes. Trusted Cloud and compliance Recent updates in Trusted Cloud focus on compliance and data security. Compliance Manager, now in preview, enables unified policy configuration and extensive auditing within Google Cloud. Data Security Posture Management, also in preview, delivers governance for sensitive data and integrates natively with BigQuery Security Centre. The Security Command Centre's Risk Reports can now summarise unique cloud security risks to inform both security specialists and broader business stakeholders. Updates in identity management include Agentic IAM, launching later in the year, which will facilitate agent identities across environments to simplify credential management and authorisation for both human and non-human agents. Additionally, the IAM role picker powered by Gemini, currently in preview, assists administrators in granting least-privileged access through natural language queries. Enhanced Sensitive Data Protection now monitors assets in Vertex AI, BigQuery, and CloudSQL, with improvements in image inspection for sensitive data and additional context model detection. Network security innovations announced include expanded tag support for Cloud NGFW, Zero Trust networking for RDMA networks in preview, and new controls for Cloud Armour, such as hierarchical security policies and content-based WAF inspection updates. Commitment to responsible AI security Jon Ramsey emphasised Google Cloud's aim to make security a business enabler: "The innovations we're sharing today at Google Cloud Security Summit 2025 demonstrate our commitment to making security an enabler of your business ambitions. By automating compliance, simplifying access management, and expanding data protection for your AI workloads, we're helping you enhance your security posture with greater speed and ease. Further, by using AI to empower your defenders and meticulously securing your AI projects from inception to deployment, Google Cloud provides the comprehensive foundation you need to thrive in this new era."
Techday NZ
a day ago
- Techday NZ
AI bots drive 80% of bot traffic, straining web resources
Fastly has published its Q2 2025 Threat Insights Report, which documents considerable changes in the sources and impact of automated web traffic, highlighting the dominance of AI crawlers and the emergence of notable regional trends. AI crawler surge The report, covering activity from mid-April to mid-July 2025, identifies that AI crawlers now constitute almost 80% of all AI bot traffic. Meta is responsible for more than half of this figure, significantly surpassing Google and OpenAI in total AI crawling activity. According to Fastly, Meta bots generate 52% of observed AI crawler interactions, while Google and OpenAI represent 23% and 20% respectively. Fetcher bots, which access website content in response to user prompts - including those employed by ChatGPT and Perplexity - have led to exceptional real-time request rates. In some instances, fetcher request volumes have reached over 39,000 requests per minute. This phenomenon is noted as placing considerable strain on web infrastructure, increasing bandwidth usage, and overwhelming servers, a scenario that mirrors distributed denial-of-service attacks, though not motivated by malicious intent. Geographic concentration North America receives a disproportionate share of AI crawler traffic, accounting for almost 90% of such interactions, leaving a relatively minor portion for Europe, Asia, and Latin America. This imbalance raises concerns over the geographic bias in datasets used to train large language models, and whether this bias could shape the neutrality and fairness of AI-generated outputs in the future. The findings build on Fastly's Q1 2025 observations, which indicated automated bot activity represented 37% of network traffic. While volume was previously the chief concern, Fastly's latest data suggests that the current challenge lies in understanding the evolving complexity of bot-driven activity, particularly regarding AI-generated content scraping and high-frequency access patterns. Industry-wide implications Fastly's research, compiled from an analysis of 6.5 trillion monthly requests across its security solutions, presents a comprehensive overview of how AI bots are affecting a range of industries, including eCommerce, media and entertainment, financial services, and technology. Commerce, media, and high-tech sectors face the highest incidence of content scraping, which is largely undertaken for training AI models. ChatGPT in particular is cited as driving the most real-time website traffic among fetcher bots, accounting for 98% of related requests. Fastly also notes that a continuing lack of bot verification standards makes it difficult for security teams to distinguish between legitimate automation and attempts at impersonation. According to the report, this gap creates risks for operational resilience and poses challenges for detecting and managing unverified automation traffic. Verification and visibility "AI Bots are reshaping how the internet is accessed and experienced, introducing new complexities for digital platforms," said Arun Kumar, Senior Security Researcher at Fastly. "Whether scraping for training data or delivering real-time responses, these bots create new challenges for visibility, control, and cost. You can't secure what you can't see, and without clear verification standards, AI-driven automation risks are becoming a blind spot for digital teams. Businesses need the tools and insights to manage automated traffic with the same precision and urgency as any other infrastructure or security risk." The report recommends increased transparency in bot verification, more explicit identification by bot operators, and refined management strategies for handling automated traffic. In the absence of such measures, organisations may encounter rising levels of unaccounted-for automation, difficulties in attributing online activity, and escalating infrastructure expenses.
