Radware targets encrypted layer 7 DDoS attacks without requiring SSL certificate sharing

As encrypted web traffic becomes the default rather than the exception, security teams face a persistent dilemma. They need visibility into application layer threats, yet they hesitate to decrypt traffic in the cloud or hand over SSL certificates to third parties. This week, Radware introduced a cloud based service that attempts to resolve that tension.

The company launched Web DDoS Protection for Encrypted Traffic, a service designed to mitigate encrypted layer 7 distributed denial of service attacks without forcing customers to share certificate keys or decrypt user sessions. Instead of relying on traditional inspection models that expose sensitive key material, Radware uses behavioral analysis and machine learning to detect abnormal traffic patterns.

Application layer DDoS attacks often imitate legitimate users. Consequently, they bypass simple rate limiting or volumetric filtering. At the same time, modern privacy expectations and regulatory requirements make full traffic decryption a governance challenge. Many organizations, especially in finance and healthcare, prefer to keep certificate management tightly controlled inside their own infrastructure. Therefore, a mitigation model that avoids external certificate handling can simplify compliance reviews.

Radware states that its platform establishes a baseline of normal traffic behavior and then identifies anomalies linked to malicious activity. When it detects suspicious patterns, the system generates mitigation rules automatically. As traffic shifts, the models adjust accordingly, which reduces the need for manual policy tuning during an active attack.

Importantly, customers still have the option to share certificates if they choose. However, the default cloud deployment does not require decryption to deliver protection. The service runs through Radware’s Cloud Security Platform, while alternative deployment models remain available through on premises DefensePro appliances and Kubernetes native environments.

The timing is also significant because it represents a wider change in internet security approaches. Encryption is currently dominating internet traffic; however, inspection tools often require decryption at the edge.

By focusing on encrypted layer 7 DDoS mitigation without mandatory SSL certificate sharing, Radware addresses an operational gap that many enterprises have struggled to close as application security and compliance expectations continue to evolve.