MetaDefender ICAP Server is a plug-and-play solution to protect your network against malicious file sharing, uploads, and transfers. IT administrators can integrate MetaDefender ICAP Server’s file security capabilities on top of a network security device, such as WAFs (web application firewalls), load balancers, and MFTs (managed file transfers). All incoming file content will be scanned before it reaches organizations’ networks to ensure protection against file-borne malware, zero-day attacks, and sensitive data exposure.
Each year, we actively seek and prioritize our customers’ feedback to improve our products. From better compatibility with diverse infrastructure, to optimized scalability for high file traffic, intuitive UI updates, and security enhancements, our team continuously evolves MetaDefender ICAP Server to meet your needs. Here are the top features released in 2024 that we are excited to share with you.
Deploy MetaDefender ICAP Server in the Cloud
Now, OPSWAT customers can integrate their network security devices with the MetaDefender platform via ICAP (internet content adaptation protocol) to protect on-premises, hybrid, and cloud-based environments.
When files pass through network security devices (load balancers, WAFs, ingress controllers, etc.) and route through MetaDefender ICAP Server, they are sent to an on-premises MetaDefender Core instance for analysis based on the pre-configured workflow. Along with this existing on-premises scanning functionality, MetaDefender Cloud now supports additional file processing capabilities.
IT administration teams looking for a SaaS-based ICAP security service can consider this architecture, where files are transferred from network traffic to MetaDefender Cloud via ICAP.
Regardless of the deployment model chosen, teams and organizations can still benefit from the same advanced threat prevention capabilities from MetaDefender ICAP Server.
| Virtual Machines: On-Premises Deployment | Kubernetes: On-Premises and Hybrid Deployment | Cloud: Software as a Service (SaaS) |
|
|
|
Learn more about different deployment types for MetaDefender ICAP Server.
Deployment Benefits
High Availability and Continuous Operations
New High Availability Mechanism
For high availability capacity in case of incidents like data center outages, customers can now direct traffic to an alternative server group for scanning. This ensures that MetaDefender ICAP Server instances in the functioning data center can continue scanning files without interruption. Customers also have the option to divert traffic to MetaDefender Cloud for processing, starting from version 5.5.0.
Under Workflow Management > Scan > Backup Servers, customers can configure various options, including enabling or disabling ICAP requests, specifying scan targets and timeouts, and defining backup servers.
New Validated ICAP Clients
MetaDefender ICAP Server is broadly compatible with any ICAP client which implements the standard ICAP interface, including 50+ clients of network security devices with plug-and-play integration. This year, we’ve added Cyolo, Airlock, and Xona to our growing list of partners.
| New Validated ICAP Clients | Type of Network Security Device |
| Cyolo provides a lightweight, infrastructure-agnostic remote access solution that brings identity-based authentication, access control, and crucial visibility and oversight capabilities to OT/ICS. | Secure Web Gateway |
| Airlock Secure Access Hub is the central hub for secure access management in a digitalized world: identity-centric security from a single source, perfectly designed to work together. | Secure Web Gateway |
| XONA Critical System Gateway (CSG) is purpose-built to not only provide simple and compliant access to critical assets but also protect these assets from the specific threats posed by distributed workers and remote work environments. | Secure Remote Access |
To learn more about ICAP list of ICAP integrations, check out our documentation.
Usability Enhancements
We’ve updated JSON/SOAP base64 decoding with these new feature enhancements:
Support for messages containing base64 encoded data URLs for compatibility with particular environments.
All base64 decoding and encoding occurs within MetaDefender ICAP Server (instead of offloading to MetaDefender Core) for optimized performance.
PostgreSQL Database Improvements
Enhanced PostgreSQL vacuum scheduling prevents overusing disk space needed for PostgreSQL database growth.
Native Proxy Configuration
The MetaDefender ICAP Server UI now supports user control of proxy settings for products, as well as support for proxy authentication.
The new feature also provides options to define separate proxy settings for MetaDefender ICAP Server functions that require a network connection. This allows for more granular control over network traffic, and enables simple, native integration with proxies in diverse network environments.
These additions ensure a consistent experience for IT administrators when deploying both MetaDefender Core and MetaDefender ICAP Server.
Performance and Resource Optimization
We're always working to improve the performance of our products, and to elevate security solutions by updating various third-party libraries. Here are some other added enhancements from this new version:
- Performance Improvements: Enhanced system resource utilization and better scan result polling.
- Retired Legacy Tools: Removal of unused SQLite tools to reduce vulnerabilities.
- Improved system resource utilization.
- Enhanced scan result polling mechanism to improve speed and accuracy when sending files to MetaDefender Core to process. This helps reduce latency and optimizes performance and resource utilization.
Logging Enhancements
IT administrators looking to improve analytics visualization for MetaDefender ICAP Server can leverage enhanced logging capabilities with Splunk dashboards. This year, we introduced new logging options to collect system resource data for improved Splunk integration, plus additional configurations, including more detailed logs for easier troubleshooting and resource management.
IT administrators can monitor the health and performance of multiple MetaDefender ICAP Server instances, MetaDefender Core instances, and scan results traffic with SIEM logging.
Integrating MetaDefender ICAP Server empowers security teams with enhanced visibility and the option to aggregate security-related data across the environment. By indexing log files and analyzing security events, teams can identify threats faster, accelerate incident response, and improve overall system health monitoring.
To learn more about how to integrate MetaDefender ICAP Server with Splunk, talk to our experts.
Security Enhancements
- Third-Party Library Updates: Multiple security patches for libraries such as Zlib, PostgreSQL, and OpenSSL.
- Stronger Cipher for Database Security: AES_256_GCM encryption for PostgreSQL data.
- Password and Security Improvements: Increased password length and additional hardening measures for product security.
Upgrade Your MetaDefender ICAP Server
At OPSWAT, we’re committed to continually supporting and improving our products and services based on customer needs and feedback. The latest MetaDefender ICAP Server release brings robust enhancements across usability, performance, security, and cloud deployment. With improved cloud integration, high availability mechanisms, and expanded client compatibility, IT administrators and teams can optimize their file scanning workflows while reducing resource demands. Whether prioritizing data compliance, scalability, or cost efficiency, MetaDefender adapts to diverse infrastructures and operational needs. We’ve got even more exciting news in the pipeline, so stay tuned for more upgrades coming next year.
Now is the perfect time to upgrade your MetaDefender ICAP Server and unlock the full potential of these advanced features for a more secure, efficient, and adaptable security infrastructure.
To get a demo of MetaDefender ICAP Server, talk to one of our OPSWAT experts.
