An Update on Vercara’s Newest Features

What an incredibly productive year it’s been at Vercara! Beyond unveiling our new name and a revitalized identity, we’ve been hard at work delivering powerful new features and capabilities across our product portfolio to increase the value we are able to bring to our customers. This article is a comprehensive dive into the most notable enhancements we’ve released since this time last August. 

UltraDNS 

QR Code-Based Two Factor Authentication (2FA) 

The UltraDNS Portal now supports QR Code-Based Two Factor Authentication (2FA), providing an extra layer of security. The new QR Code-Based 2FA feature will allow customers to connect to apps like Universal Authenticator App, Google Authenticator, Microsoft Authenticator, and other authentication apps that designed to support QR Codes. QR Code-based 2FA apps are secure, easy to use, and provide multi-device support. 

QR Code-based 2FA can be enabled from the Security Preferences section on the UltraDNS portal. 

Monthly Query Threshold Notification 

This new feature enables a configurable threshold value that represents the percentage of the account’s contractual DNS query volume. Once the threshold value is met or exceeded, the feature will send system-generated notification emails indicating the account’s contractual DNS query volume amount, and the current DNS query volume that triggered the notification email due to the threshold value being met. 

• The Query Threshold Notification feature allows users to configure up to five email addresses to receive system generated alert emails whenever the DNS query volumes exceed a configured threshold percentage. This new feature can be found in the Accounts > Notification Settings section on the UltraDNS Portal. 
• For those accounts that have the UltraDNS² feature enabled, the Usage Summary Report will display two new columns: Query Responses UltraDNS, and Query Responses UltraDNS². The addition of these new data fields provides our UltraDNS² customers with an easier and more concise view of their query volumes across both active networks. 

• Please note that for accounts with UltraDNS² enabled, this report will only be able to return up to thirteen (13) months’ worth of data. 

Integration of UltraDNS and Consul-Terraform-Sync 

This integration of UltraDNS and Consul-Terraform-Sync (CTS) delivers wide-ranging benefits to support DevOps teams throughout the development lifecycle. DevOps teams can now use capabilities such as service discovery, service mesh, and DNS management configuration during deployment. 

Real-time Push Notifications 

Realtime Push Notifications allow users to facilitate event notifications via webhooks, enabling integration with existing tools and workflows. This feature is more streamlined than the previous telemetry system, offering users greater flexibility and control over their notification preferences. 

Account Owners and Users in the Administrative group can configure up to three Webhook URLs to directly receive system notifications related to Domain and Record changes for an account. 

Below is a list of the possible changes or events that can trigger notifications: 

• Domain Changes 
• DNS Record Changes 
• Domain DNSSEC Events 

• Domain Failover Events 
• Domain Transfer Events 
• User Group Changes 
• User Authentication Events 

This feature can be found under the Accounts > Notification Settings section on the UltraDNS Portal. 

UltraDNS² 

Introducing UltraDNS² 

Last year, Vercara was thrilled to announce our new product UltraDNS²! UltraDNS² is a dual set of DNS resolution global anycast networks that work seamlessly together to provide even greater redundancy and higher availability of DNS resolution services. UltraDNS² provides two networks that offer the same features, but which have separate network operations, provisioning, automation, peering, and routing policies. By adding an independent, highly redundant second network alongside the existing UltraDNS platform, UltraDNS² allows organizations to significantly reduce risk of operational and resolution failure and to achieve their business continuity and disaster recovery goals for DNS resolution services. 

At the same time, having two independent networks backed by one vendor enables single pane of glass management of DNS infrastructure and reduces the total cost of ownership by eliminating the cost and complexity of managing a separate second provider. This eliminates the need for companies to develop and maintain their own methodologies for managing DNS across two providers, simplifies contracting and reduces mean time to repair by streamlining troubleshooting to a single provider. 

To learn more about UltraDNS², please visit our product page or contact our sales team for more information here. 

We’ve also implemented some new features since the initial release of UltraDNS², including: 

UltraDNS² Reporting 

Several newly added reporting features allow customers to have better visibility over their UltraDNS² accounts, zones, and usage.  

• The Accounts page of the UltraDNS Portal has been updated to include a new column, UltraDNS². This column will identify whether accounts have been enabled for UltraDNS². 
• The Query Analytics report (run from the Reports page of the UltraDNS Portal) now displays an additional filter drop-down menu if an account has UltraDNS² enabled. The filter allows users to retrieve the Query Analytics Report data for the following Zone types: 

• only UltraDNS zones 
• only UltraDNS2 enabled zones 
• both UltraDNS and UltraDNS2 zones 
• The Usage Summary report (run from the Reports page of the UltraDNS Portal) now displays two new columns: Query Responses UltraDNS and Query Responses UltraDNS2. The addition of these new data fields provides our UltraDNS² customers with an easier and more concise view of their query volumes across both active networks. 

Bulk Add/Remove UltraDNS2 Nameservers to Zones 

For those accounts that have the UltraDNS² service enabled, a bulk Add/Remove feature has been added to the Domains page on the UltraDNS Portal. This feature allows multiple domains to be removed from, or added to, the UltraDNS2 network in a single operation. 

UltraDDoS Protect and UltraWAF 

Alerts and Events Improvements 

Several improvements have been made to UltraDDoS Protect and UltraWAF alerts and events reporting. Improved alert and event reporting pages within the Ultra Security Portal are now near real time so that users can follow along as mitigations are occurring and provide a greater depth of contextual information for analysis. Additional improvements include: 

• Use of push notifications to provide users with real time alert and event updates. 

• Notifications now incorporate more informative and actionable detail, providing further insights users need to take the appropriate action. 
• Update of the GraphQL schema to include the new data structures. This gives the ability to manage and report on alerts programmatically using GraphQL. 

Support for SSO in the Ultra Security Portal 

Customers and partners have long asked us for integration with their respective 3^rd party SSO platform with the Ultra Security Portalⁱ, such as Microsoft Azure Active Directory and Okta. We now offer the ability to integrate with your third-party SSO platform of choice, and not be mandated to use our native portal authentication. This provides competitive flexibility when working with customers and vastly streamlines the onboarding and integration process. 

Encrypted Flow Support for UltraDDoS Protect 

UltraDDoS Protect offers “Detection and Alerting”, a flow monitoring service for rapid DDoS attack detection, which now offers the option to encrypt flow records transmitted to the UltraDDoS Protect service. 

UltraDDoS Protect Blocked IPs 

When Vercara performs a mitigation, source IPs that offend certain countermeasures are temporarily blocked. While a source IP is blocked, it is added to the “Blocked IP” list and all traffic from that source IP is simply dropped rather than applying continued countermeasures to that traffic. While a source IP is blocked, UltraDDoS Protect will periodically check to see if that source IP is still sending traffic that is offending these countermeasures. If UltraDDoS Protect determines a source IP is no longer offending, it is unblocked and removed from the “Blocked IP” list. 

A new UltraDDoS Protect feature has been introduced that provides customers access to a comprehensive and searchable list of source IPs that have recently been blocked. This will provide customers with the opportunity to forensically analyze attacks to determine the impact of the attack, prepare game plans in advance of the next attack, and to establish or update policy on network edge devices. It will also provide a means to determine if a particular IP address was blocked during mitigation. 

The new Blocked IPs feature can be found be found by navigating to:  

Analytics > DDoS > Events > Blocked IPs from the Ultra Security Portalⁱ landing page after login. 

Alert Trigger Threshold Transparency 

As a provider of a premier white glove service, we value the input of our customers. Over time, we have received valuable feedback from users expressing the desire for a more hands-on approach to defining DDoS detection sensitivity settings.  

To empower customers with greater control, we have developed the UltraDDoS Protect Alert Trigger Threshold Transparency feature that offers complete visibility of the configured alert detection thresholds within the Ultra Security Portalⁱ . Now, customers can actively collaborate with Vercara’s Security Operations Center to customize and fine-tune these thresholds. Customers can experience this feature at the following convenient locations within the portal: 

• Analytics > Managed Objects: This new page lists the customer’s managed objects. By clicking the “View” button for a managed object in the listing, the user ican see all the alert detection thresholds for the managed object (called “Misuse Types”). 

• Analytics > Alerts: On this page, the user can find a listing of all the customer’s alerts. When the user selects “D&A” or “On Network” alert for viewing, they’ll be shown the Alert Details page for the alert. 

• This page now includes the managed object name. Selecting the “View” button next to the managed object name directs the user to the customer’s Analytics > Managed Objects where they can see the configured “Misuse Type” thresholds. 
• This page also now includes the “Misuse Types” thresholds that triggered the alert. Selecting the “View” button next to “Misuse Types” will show the triggered Misuse Types, and the “actual rate”, “trigger rate”, and “high severity rate” per listed Misuse Type. 

WAF Signature Multi-Select 

Previously, the pagination of the Signatures listing was limited to 10 items per page within UltraWAF’s Edit Policy page in the Ultra Security Portalⁱ, allowing users to view up to 100 items per page within the Signatures listing pagination. This improvement makes it easier for users to browse, select, and edit signatures. 

UltraDDR 

Introducing UltraDDR (UltraDNS Detection and Response) 

Earlier this year, Vercara was thrilled to announce our new product UltraDDR (UltraDNS Detection and Response)! UltraDDR is an innovative product that has been specifically designed to meet our customers’ need for: 

• Protective DNS: protecting organizations, users, and devices from ransomware, phishing, supply chain compromise, and more by utilizing years of historical domain data with real-time communication pattern analysis to detect and block never before seen attacks. 
• Acceptable Use Policy Compliance: providing organizations with the power to customize and easily enforce company-wide internet use policies. 

• Maximizing existing security investments: equipping organizations with the integrations and APIs they need to augment and correlate DNS intelligence into security information and event management systems, firewalls, endpoint solutions, and more. 
• Secure and reliable recursive DNS: rock-solid global recursive DNS that organizations can depend on for their recursive needs, consisting of 27 nodes worldwide that are fully protected by Vercara’s UltraDDoS Protect. 

To learn more about UltraDDR, please visit our product page or contact our sales team for more information. 

We’ve also implemented some new features since the initial release of UltraDDR, including: 

Inspection Mode 

This new feature allows our customers and prospects to obtain accurate DNS resolutions while seeing what action our categories and intelligence would have taken. This feature is available under the Global Settings section of the UltraDDR portal, accessible via the tool icon in the top right corner of the main landing page. 

In Inspection Mode, the UltraDDR system will score all traffic and show the results that would have occurred with blocking enabled, but without actually blocking anything. This way customers can access our system’s intelligence while receiving normal DNS resolution. 

It’s important to note that we will continue to default to “Protection Mode”, which has always been our standard operating procedure. However, with Inspection Mode customers and prospects have the flexibility to choose which mode best suits their unique needs and preferences. 

UltraDDR Agent software for Windows, macOS, iOS, and Android 

This latest addition to UltraDDR is now generally available and ready to help protect our customers’ users and devices. 

With the UltraDDR Agent, we are now able to offer powerful protective DNS for all users, whether they are on or off-premises. By simply installing the agent onto their devices, UltraDDR policies can be enforced regardless of their location. This is a significant enhancement to our product suite and we are excited to provide our customers with this added layer of protection. 

To get started with the UltraDDR Agent, simply follow the links below to learn more and download the software: 

• Windows agent  
• macOS  
• iOS  

• Android  

Domain Category Lookup tool 

From the main menu icon denoted by the shield for “Policy Engine” (found along the left-hand margin of the UltraDDR portal landing page), a new input box has been added to the top-right-hand corner called “Domain Category Lookup”. By entering a domain of interest into the input box, users are provided with an understanding of how a given domain will be categorized. This provides clients with more predictability around expected behavior prior to toggling “Blocked” on a category. 

Custom Block Page 

When a page is blocked by UltraDDR, the UltraDDR DNS resolvers direct the user’s browser to a block page instead of the page with the blocked content. UltraDDR administrators are now able to customize the block page. The following elements of the block page can now be customized: 

• Custom logo 
• Support contact information 
• Message 
• A message that explains the block page, e.g., “This site has been blocked by the network policy. If you feel this is in error, please contact your network administrator.” 
• Footer message 

• An optional variable for a contact email. If this is configured, you can ensure this email address is rendered in the Message by placing “{{ContactInfo}}” in the message text. 

Discover Vercara’s newest features 

Ready to discover how these new features can help you secure your online experience? Contact our sales team for a free demo!