Radware unveils solution for PCI DSS 4.0 compliance

Radware has introduced a new solution designed to help organisations comply with PCI DSS 4.0 requirements for application protection. This new addition to Radware’s cloud security platform aims to streamline protections, visibility, reporting, and auditing for businesses needing to meet the updated compliance regulations.

Radware has developed this PCI DSS 4.0 Compliance Solution to address the increased demands and complexity associated with the new regulations, which became effective on 31 March 2024. Organisations have until 31 March 2025, following a 12-month grace period, to ensure they are fully compliant. The updated standards require all businesses processing financial transactions, or those providing supporting services, to adhere to the compliance guidelines, extending beyond traditional retail payment chains.

Radware's Chief Operating Officer, Gabi Malka, highlighted the importance of making compliance processes more manageable. "PCI compliance is no longer just for traditional retail payment chains. PCI DSS 4.0 is a call for all businesses processing financial transactions or providing supporting services to comply," Malka stated. "Radware is taking the complexity out of PCI DSS 4.0 compliance and making it more convenient and efficient for organisations to zero in on the specific requirements for application protection and speed time to value." He added, "The out-of-the-box features are designed to help CISOs and compliance officers simplify reporting, streamline auditing, mitigate security risks, and avoid the potential fines and reputational damage that result from failed compliance."

Radware's new solution integrates a range of AI-powered, behavioural-based application protection tools into a single platform. Built on Radware’s Cloud Application Protection Service, it includes several key components aimed at addressing critical sections of the PCI DSS 4.0 requirements.

Among its features, the platform includes an industry-leading Web Application Firewall (WAF) to safeguard websites in compliance with Section 6.4.2. This tool provides organisations with adaptive and active protection against new threats, utilising a combination of negative and AI-powered, behavioural-based positive security models to block non-essential traffic.

The solution also offers real-time API protection designed to prevent business logic attacks, fulfilling the requirement outlined in Section 6.2.4. By leveraging AI and machine learning-based algorithms, Radware’s solution can analyse business logic and detect API requests that deviate from normal behaviour, thereby identifying and tracking all API endpoints and their parameters.

Addressing Sections 6.4.3 and 11.6.1, Radware’s Client-Side Protection measures aim to maintain the visibility and integrity of payment page scripts. This facet of the service helps organisations uncover and map third-party scripts running on their application’s browser side, thereby detecting unauthorised changes and automatically generating alerts when HTTP headers and payment page content are manipulated.

Radware’s ongoing recognition in the field of cyber security, with accolades from industry analysts such as Aite-Novarica Group, Forrester Research, Gartner, GigaOm, KuppingerCole, and Quadrant Knowledge Solutions, further underscores its standing as a market leader.