Radware Announces Another DDoS Industry First - Encrypted Attack Blocking Without SSL Decryption

Rhea-AI Summary

Radware (NASDAQ: RDWR) launched a cloud-based Web DDoS Protection for Encrypted Traffic on March 3, 2026 that blocks sophisticated layer‑7 encrypted attacks without requiring SSL certificate sharing or traffic decryption.

The AI‑powered service uses behavioral analysis and machine learning to auto‑mitigate attacks in real time and supports cloud, on‑premises, hybrid and Kubernetes deployments.

Positive

• Cloud service blocks layer‑7 encrypted DDoS without SSL certificate sharing
• AI‑driven mitigation with automated behavioral baselining and dynamic rules
• Flexible deployment: cloud, on‑premises, hybrid and Kubernetes options

Negative

• Optional SSL decryption may limit deep payload inspection for some threat types
• Cloud model relies on adoption choices; customers retaining certificates may face integration tradeoffs

Market Reality Check

Price: $24.02 Vol: Volume 242,134 is below t...

normal vol

$24.02 Last Close

Volume Volume 242,134 is below the 20-day average of 308,908 (relative volume 0.78x). normal

Technical Shares at $23.59 are trading below the 200-day MA of $25.32 and about 25% under the 52-week high of $31.57.

Peers on Argus

RDWR gained 1.9% while key software/security peers showed mixed but mostly posit...

RDWR gained 1.9% while key software/security peers showed mixed but mostly positive moves (e.g., RPD +2.45%, ATEN +4.04%). The momentum scanner did not flag a coordinated sector move.

Historical Context

5 past events · Latest: Feb 19 (Negative)

Pattern 5 events

Date	Event	Sentiment	Move	Catalyst
Feb 19	Threat report release	Negative	-4.7%	2026 Global Threat Report showed sharp YoY increases in cyberattacks.
Feb 13	Share repurchase plan	Positive	+5.8%	Board authorized new <b>$80M</b> share repurchase plan through March 2027.
Feb 11	Earnings results	Positive	+5.4%	Reported record Q4 and FY2025 revenue, ARR growth, and higher EPS.
Feb 10	Investor Day announcement	Positive	+3.3%	Announced Investor Day 2026 in NYC with executive presentations and webcast.
Feb 03	AI product launch	Positive	-1.6%	Launched Agentic AI Protection to secure autonomous AI agents from new threats.

Pattern Detected

Recent clearly positive corporate actions (record earnings, buyback, Investor Day) have typically seen aligned positive price reactions, while one AI security product launch drew a mild negative divergence.

Recent Company History

Over recent months, Radware has highlighted strengthening fundamentals and a growing security portfolio. Record Q4 and FY2025 results on Feb 11, 2026 showed higher revenue and EPS, followed by a new $80M buyback plan on Feb 13 and an Investor Day announcement. The 2026 Global Threat Report on Feb 19 underscored rising DDoS and application attack volumes. Earlier, an Agentic AI protection launch on Feb 3 saw a small negative reaction. Today’s encrypted Web DDoS update fits the pattern of ongoing cloud and AI-driven security innovation.

Market Pulse Summary

This announcement expands Radware’s Web DDoS capabilities to protect encrypted traffic without requi...

Analysis

This announcement expands Radware’s Web DDoS capabilities to protect encrypted traffic without requiring SSL certificate sharing or decryption, targeting a growing share of web communications. It follows record Q4 and FY2025 results and a new $80M repurchase plan, underscoring a focus on cloud and AI-driven security. Investors may track uptake of the cloud-based and Kubernetes-native deployment options, competitive responses in encrypted DDoS mitigation, and how these offerings contribute to future revenue and ARR growth.

Key Terms

ddos, ssl certificate, ssl decryption, layer 7, +4 more

8 terms

ddos technical

"Radware Announces Another DDoS Industry First - Encrypted Attack Blocking..."

A DDoS (distributed denial-of-service) attack is when many compromised computers or devices artificially flood a company's online systems with traffic so legitimate users cannot access websites, apps, or services. For investors, DDoS episodes can disrupt sales, damage customer trust, and expose weaknesses in a company's security — like a traffic jam that shuts down a city's main highway, revealing costs and operational risks that can affect revenue and stock value.

ssl certificate technical

"does not require SSL certificate sharing or traffic decryption."

An SSL certificate is a digital 'lock and passport' for a website that encrypts information sent between a visitor and the site and confirms the site’s identity. For investors, it matters because it helps prevent data theft, phishing and fraud that can damage a company’s reputation, lead to regulatory penalties, and harm customer trust—factors that can quickly affect revenue and share price.

ssl decryption technical

"organizations often rely on SSL decryption to inspect traffic for layer 7 threats."

SSL decryption is the process of reversing the encryption that protects internet connections so security tools can inspect the underlying data. Think of it as opening a sealed letter to check for harmful content: it helps detect malware, data leaks or compliance breaches that would otherwise be hidden, but it also adds technical cost, potential privacy exposure, and regulatory risk. Investors watch this because how a company handles encrypted traffic affects security posture, legal liability, operating expense, and customer trust.

layer 7 technical

"block sophisticated, encrypted layer 7 DDoS attacks in the cloud..."

Layer 7 is the top level of network communication that handles the actual applications people use, like web browsers, mobile apps, and online services — think of it as the front desk where requests from users are processed. For investors, Layer 7 matters because problems or improvements here directly affect user experience, security (such as blocking malicious traffic), and the functionality of online products, which can influence customer retention, costs, and revenue.

behavioral analysis technical

"uses cross-correlated, behavioral analysis and machine learning models..."

Behavioral analysis is the study of how people actually make choices and respond to information, applied to markets, customers, regulators or patients. Like reading footprints to infer where a crowd is heading, it looks at patterns in trading, buying, communication or compliance to reveal tendencies, biases and triggers. Investors use it to spot likely market moves, assess risk from human behavior, and design strategies that account for predictable reactions.

machine learning models technical

"behavioral analysis and machine learning models to establish traffic baselines..."

Machine learning models are computer programs that learn patterns from past data to make predictions or decisions without being explicitly programmed for each task. For investors, they matter because they can improve forecasting, automate routine work, reduce costs or introduce new risks; think of them as a smart assistant that learns from past results like a chef refining recipes, helping businesses spot opportunities or mistakes faster.

kubernetes technical

"Deployment in Kubernetes-native environments using Radware Kubernetes WAAP"

Kubernetes is an open-source system that automates running and managing many pieces of software across groups of computers, like a conductor coordinating musicians so each piece plays at the right time and place. For investors, it matters because companies that use it can deploy updates faster, scale services up or down automatically, and cut infrastructure costs — factors that influence growth, reliability and operating margins.

waap technical

"environments using Radware Kubernetes WAAP"

WAAP (Web Application and API Protection) is a category of cybersecurity tools that guard websites and application programming interfaces (APIs) against attacks like data theft, fraud and service outages. For investors, WAAP matters because breaches or downtime can hit a company’s sales, regulatory standing and reputation—think of it as a digital security guard and filter that helps keep customer data safe and services running smoothly.

AI-generated analysis. Not financial advice.

MAHWAH, N.J., March 03, 2026 (GLOBE NEWSWIRE) -- Radware® (NASDAQ: RDWR), a global leader in application security and delivery solutions for multi-cloud environments, today announced the availability of its Web DDoS Protection for Encrypted Traffic as a cloud-based service that does not require SSL certificate sharing or traffic decryption. With this release, Radware believes it is the only security provider to offer a cloud-based solution designed to block sophisticated, encrypted layer 7 DDoS attacks in the cloud without the need for a certificate, thus eliminating a common operational and compliance concern associated with encrypted traffic inspection.

As encrypted traffic now represents the majority of web communications, organizations often rely on SSL decryption to inspect traffic for layer 7 threats. While effective, this approach can introduce privacy, regulatory, and key management complexities. Radware’s cloud-based deployment allows organizations to choose whether to share certificates. Organizations choosing not to share certificates can still receive automated, accurate and scalable cloud-based protection while preserving regulatory and privacy frameworks.

“Many organizations want strong Web DDoS protection but are hesitant or unable to share SSL certificates or decrypt traffic in the cloud,” said Haim Zelikovsky, vice president, cloud security business at Radware. “This release makes our proven Web DDoS protections available as a cloud service that is designed to eliminate that requirement.”

Automated Web DDoS Mitigation for Encrypted Applications

Radware’s AI-powered Web DDoS Protection service uses cross-correlated, behavioral analysis and machine learning models to establish traffic baselines, detect anomalies, and dynamically generate mitigation rules. The system is designed to mitigate layer 7 DDoS attacks in real time without requiring ongoing manual policy tuning. Protection automatically adapts as traffic patterns evolve, helping maintain application availability while minimizing impact on legitimate users.

Flexible Deployment Models

With this new release, organizations can deploy Web DDoS protection in multiple ways depending on operational, regulatory, and infrastructure requirements:

• Cloud-based deployment via Radware’s Cloud Security Platform, with optional SSL decryption
• On-premise deployment using Radware DefensePro appliances, or integrated application delivery and security through Radware Alteon Protect appliances

• Deployment in Kubernetes-native environments using Radware Kubernetes WAAP
  
  

These options allow customers to choose between cloud, on-premises, hybrid, and containerized deployments, including a cloud-based model that does not require SSL certificate sharing nor traffic decryption.

For more information about Radware’s Web DDoS Protection, please visit https://www.radware.com.

About Radware
Radware® (NASDAQ: RDWR) is a global leader in application security and delivery solutions for multi-cloud environments. The company’s cloud application, infrastructure, and API security solutions use AI-driven algorithms for precise, hands-free, real-time protection from the most sophisticated web, application, and DDoS attacks, API abuse, and bad bots. Enterprises and carriers worldwide rely on Radware’s solutions to address evolving cybersecurity challenges and protect their brands and business operations while reducing costs. For more information, please visit the Radware website.

Radware encourages you to join our community and follow us on: Facebook, LinkedIn, Radware Blog, X, and YouTube.

©2026 Radware Ltd. All rights reserved. Any Radware products and solutions mentioned in this press release are protected by trademarks, patents, and pending patent applications of Radware in the U.S. and other countries. For more details, please see: https://www.radware.com/LegalNotice/. All other trademarks and names are property of their respective owners.

Radware believes the information in this document is accurate in all material respects as of its publication date. However, the information is provided without any express, statutory, or implied warranties and is subject to change without notice.

The contents of any website or hyperlinks mentioned in this press release are for informational purposes and the contents thereof are not part of this press release.

Safe Harbor Statement
This press release includes “forward-looking statements” within the meaning of the Private Securities Litigation Reform Act of 1995. Any statements made herein that are not statements of historical fact, including statements about Radware’s plans, outlook, beliefs, or opinions, are forward-looking statements. Generally, forward-looking statements may be identified by words such as “believes,” “expects,” “anticipates,” “intends,” “estimates,” “plans,” and similar expressions or future or conditional verbs such as “will,” “should,” “would,” “may,” and “could.” For example, when we say in this press release that our new solution automatically adapts as traffic patterns evolve, helping maintain application availability while minimizing impact on legitimate users, we are using forward-looking statements. Because such statements deal with future events, they are subject to various risks and uncertainties, and actual results, expressed or implied by such forward-looking statements, could differ materially from Radware’s current forecasts and estimates. Factors that could cause or contribute to such differences include, but are not limited to: the impact of global economic conditions, including as a result of the state of war declared in Israel in October 2023 and instability in the Middle East, the war in Ukraine, tensions between China and Taiwan, financial and credit market fluctuations (including elevated interest rates), impacts from tariffs or other trade restrictions, inflation, and the potential for regional or global recessions; our dependence on independent distributors to sell our products; our ability to manage our anticipated growth effectively; our business may be affected by sanctions, export controls, and similar measures, targeting Russia and other countries and territories, as well as other responses to Russia’s military conflict in Ukraine, including indefinite suspension of operations in Russia and dealings with Russian entities by many multi-national businesses across a variety of industries; the ability of vendors to provide our hardware platforms and components for the manufacture of our products; our ability to attract, train, and retain highly qualified personnel; intense competition in the market for cybersecurity and application delivery solutions and in our industry in general, and changes in the competitive landscape; our ability to develop new solutions and enhance existing solutions; the impact to our reputation and business in the event of real or perceived shortcomings, defects, or vulnerabilities in our solutions, if our end-users experience security breaches, or if our information technology systems and data, or those of our service providers and other contractors, are compromised by cyber-attackers or other malicious actors or by a critical system failure; our use of AI technologies that present regulatory, litigation, and reputational risks; risks related to the fact that our products must interoperate with operating systems, software applications and hardware that are developed by others; outages, interruptions, or delays in hosting services; the risks associated with our global operations, such as difficulties and costs of staffing and managing foreign operations, compliance costs arising from host country laws or regulations, partial or total expropriation, export duties and quotas, local tax exposure, economic or political instability, including as a result of insurrection, war, natural disasters, and major environmental, climate, or public health concerns; our net losses in the past and the possibility that we may incur losses in the future; a slowdown in the growth of the cybersecurity and application delivery solutions market or in the development of the market for our cloud-based solutions; long sales cycles for our solutions; risks and uncertainties relating to acquisitions or other investments; risks associated with doing business in countries with a history of corruption or with foreign governments; changes in foreign currency exchange rates; risks associated with undetected defects or errors in our products; our ability to protect our proprietary technology; intellectual property infringement claims made by third parties; laws, regulations, and industry standards affecting our business; compliance with open source and third-party licenses; complications with the design or implementation of our new enterprise resource planning (“ERP”) system; our reliance on information technology systems; our ESG disclosures and initiatives; and other factors and risks over which we may have little or no control. This list is intended to identify only certain of the principal factors that could cause actual results to differ. For a more detailed description of the risks and uncertainties affecting Radware, refer to Radware’s Annual Report on Form 20-F, filed with the Securities and Exchange Commission (SEC), and the other risk factors discussed from time to time by Radware in reports filed with, or furnished to, the SEC. Forward-looking statements speak only as of the date on which they are made and, except as required by applicable law, Radware undertakes no commitment to revise or update any forward-looking statement in order to reflect events or circumstances after the date any such statement is made. Radware’s public filings are available from the SEC’s website at www.sec.gov or may be obtained on Radware’s website at www.radware.com.

Media Contact:

Gina Sorice
Radware
GinaSo@radware.com

FAQ

What is Radware's March 3, 2026 Web DDoS Protection announcement (RDWR)?

Radware announced a cloud Web DDoS Protection for encrypted traffic that blocks layer‑7 attacks without SSL decryption. According to the company, the service uses AI behavioral analysis and machine learning to auto‑mitigate attacks while offering multiple deployment models.

How does RDWR's solution block encrypted DDoS attacks without sharing SSL certificates?

The service blocks encrypted attacks using cross‑correlated behavioral analysis and machine learning rather than decrypting traffic. According to the company, this preserves regulatory and privacy frameworks while providing automated, scalable protection in the cloud.

Which deployment options does Radware offer for the new Web DDoS Protection (RDWR)?

Radware offers cloud deployment via its Cloud Security Platform, on‑premise DefensePro or Alteon Protect appliances, and Kubernetes WAAP deployment. According to the company, these options support cloud, on‑premises, hybrid, and containerized environments.

Will Radware's RDWR service require ongoing manual policy tuning for mitigation?

No, the service is designed to mitigate in real time without ongoing manual tuning by using adaptive models. According to the company, protection automatically adapts as traffic patterns evolve to minimize impact on legitimate users.

Does Radware's March 2026 offering address privacy and regulatory concerns for encrypted traffic (RDWR)?

Yes, the cloud option that avoids certificate sharing aims to reduce privacy and regulatory complexities tied to SSL decryption. According to the company, customers can choose whether to share certificates while retaining automated cloud protection.