Radware unveils cloud Web DDoS defence for SSL traffic

Radware has launched a cloud-based web distributed denial-of-service (DDoS) service that blocks encrypted layer 7 attacks without requiring customers to share SSL certificates or decrypt traffic.

Called Web DDoS Protection for Encrypted Traffic, the service targets organisations that want application-layer DDoS mitigation while avoiding cloud-based certificate management and inspection of encrypted content. Radware said it is designed to address operational and compliance concerns tied to inspecting encrypted traffic.

Encrypted traffic now makes up most web communications. Many security teams still decrypt SSL traffic to inspect requests for layer 7 threats, including application-layer DDoS attacks that mimic legitimate user behaviour. That approach can increase privacy and regulatory risk, and adds key-management overhead by requiring sensitive certificate material to be handled outside an organisation's direct control.

Radware's cloud deployment gives customers the option to share certificates. Customers that choose not to can still use the service for cloud-based mitigation against encrypted layer 7 DDoS attacks.

Haim Zelikovsky, vice president of cloud security business at Radware, said the release is intended to remove that requirement.

"Many organizations want strong Web DDoS protection but are hesitant or unable to share SSL certificates or decrypt traffic in the cloud," said Haim Zelikovsky, vice president, cloud security business at Radware. "This release makes our proven Web DDoS protections available as a cloud service that is designed to eliminate that requirement."

How It Works

The service uses behavioural analysis and machine-learning models to establish a baseline of normal traffic patterns, then looks for anomalies associated with application-layer DDoS activity. When it detects suspicious behaviour, it generates mitigation rules dynamically, according to Radware.

Radware described the approach as automated, saying it mitigates attacks in real time without ongoing manual policy tuning. The company also said protections adapt as traffic patterns change, helping maintain application availability and reduce disruption for legitimate users during an attack.

The launch reflects a broader shift in web security as more organisations encrypt traffic end to end. While encryption improves confidentiality and integrity, it reduces visibility for traditional inspection tools unless traffic is decrypted at the edge or within a security service. That trade-off has become more pronounced as privacy requirements tighten and organisations adopt cloud services across multiple environments.

Deployment Options

Radware is offering the service through its Cloud Security Platform, where SSL decryption remains optional. Customers can choose a mode that does not require certificate sharing and does not decrypt traffic.

Web DDoS protection is also available in other deployment models, including on-premises via Radware DefencePro appliances. Radware also cited Alteon Protect appliances, which combine application delivery and security functions.

For container-based environments, Radware said customers can deploy in Kubernetes-native environments using Radware Kubernetes WAAP. Overall, the options span cloud, on-premises, hybrid, and containerised deployments, with an emphasis on a cloud model that avoids certificate sharing and traffic decryption.

For security and network teams, deployment flexibility can shape incident response and risk management. Some organisations want mitigation close to where applications run, while others prefer cloud scrubbing services that can absorb large attack volumes before traffic reaches enterprise infrastructure. In regulated sectors, certificate handling and visibility into user traffic can also determine whether a cloud security design passes internal governance reviews.

Radware described its broader portfolio as covering application security and delivery across multi-cloud environments, including cloud application, infrastructure, and API security products. The company also targets threats such as DDoS attacks, API abuse, and automated bot traffic.

Radware said Web DDoS Protection for Encrypted Traffic is now available as a cloud-based service, alongside on-premises and Kubernetes deployment models.