At OPSWAT, we are committed to continuous innovation by providing customers with effective and performant file upload security technologies. Here, we present a detailed breakdown of the performance metrics for MetaDefender Core in a standalone database environment on Linux and Windows operating systems. The MetaDefender Core platform continues to improve performance with each release, and we are proud to share performance results periodically.
We understand that when deploying full-featured cybersecurity solutions like MetaDefender Core, analyzing your system's performance and efficiency are of the utmost importance. Our performance results serve as a sizing guide and can help you select the cybersecurity solution that best fits your needs.
As OPSWAT innovates by adding new and more effective technologies, demonstrating an increase in performance of our purpose-built, detection- and prevention-based technologies is paramount.
MetaDefender Core Overview
OPSWAT MetaDefender Core is a comprehensive and complete file upload cybersecurity platform engineered to protect critical infrastructure and IT networks from file-borne threats.
Our powerful technologies can:
Scan files with multiple anti-virus engines.
Perform file sanitization and regeneration with the Deep Content Disarm and Reconstruction (Deep CDR) engine.
Detect sensitive and out-of-policy content with the ML-powered Proactive Data Loss Prevention (Proactive DLP) engine.
Identify vulnerabilities with the patented File-Based Vulnerability Assessment engine.
Moreover, MetaDefender Core is uniquely capable of extracting and scanning archive files.
Disclaimer: Before diving in, it's essential to stress that the ensuing results are best interpreted as guiding references. The multitude of variables – the diversity of file sets, the intricacies of network configurations, and the nuances of hardware specs – all combine to make each deployment unique. So, if you're prioritizing throughput, we recommend site-specific benchmarking before transitioning to a full production mode.
Test Environment Setup
| MetaDefender Core hosted on Linux | MetaDefender Core hosted on Windows |
|
|
A custom Python tool played the role of the client, automating file transfer from a designated folder to MetaDefender Core for processing.
Dataset
For a holistic assessment, the dataset spanned multiple file categories and types, containing 5,000 compressed and 5,260 extracted files. This dataset represented a total size of 7,728.5 MB (compressed) and 7,759.5 MB (extracted), with average sizes being 1.55 MB and 1.48 MB, respectively. We used the same set for Windows and Linux.
MetaDefender Core Settings
The MetaDefender Core settings were varied for this test, including turning off data retention and engine updates. Archive extraction and Multiscanning settings were maximized to ensure that large files and deeply nested archives didn't pose a bottleneck.
Linux Performance Test Results
Check out the complete configuration for Linux and Windows, including antivirus engines and technologies, here.
MetaDefender Core with Single Engine (Technology)
| Use case | Scan duration (minutes) | Avg. CPU usage (%) | Avg. Memory usage (%) | Avg. Network speed (KB/s) | Throughput (processed objects/hour) | Avg. processing time (seconds /object) |
| Metascan (8AV) | 35 | 63.6 | 25.2 | Receive: 4,687.1 Send: 745.5 | 220,953.2 | 0.016 |
| Deep CDR | 20 | 49.7 | 35.2 | Receive: 12,338.3 Send: 599.8 | 374,339.5 | 0.01 |
| Proactive DLP | 15 | 38.7 | 26.8 | Receive: 13,524.9 Send: 816.2 | 496,183.4 | 0.007 |
| Vulnerability | 12 | 46.2 | 21.5 | Receive: 12,245.1 Send: 938.4 | 621,777.8 | 0.006 |
MetaDefender Core with Common Engine Packages
| Use case | Scan duration (minutes) | Avg. CPU usage (%) | Avg. Memory usage (%) | Avg. Network speed (KB/s) | Throughput (processed objects/hour) | Avg. processing time (seconds /object) |
| Metascan (8 AV) + Deep CDR | 42 | 78.6 | 37.8 | Receive: 3,855.3 Send: 644.6 | 183,090.8 | 0.020 |
| Metascan (8 AV) + Deep CDR + Proactive DLP | 47 | 80.7 | 43.5 | Receive: 3,481.6 Send: 619.5 | 161,829.6 | 0.022 |
| Metascan (8 AV) + Deep CDR + Proactive DLP + Vulnerability | 49 | 81.4 | 43.7 | Receive: 3,465.6 Send: 603.2 | 155,749.4 | 0.023 |
Windows Performance Test Results
MetaDefender Core with Single Engine (Technology)
| Use case | Scan duration (minutes) | Avg. CPU usage (%) | Avg. Memory usage (%) | Avg. Network speed (KB/s) | Throughput (processed objects/hour) | Avg. processing time (seconds /object) |
| Metascan (8AV) | 31 | 42.6 | 30.6 | Receive: 8,116.2 Send: 85.5 | 249,872.6 | 0.014 |
| Deep CDR | 20 | 59.8 | 30.2 | Receive: 12,113.1 Send: 70 | 374,999.4 | 0.01 |
| Proactive DLP | 16 | 39.6 | 29.5 | Receive: 14,055.3 Send: 99.2 | 482,510.5 | 0.007 |
| Vulnerability | 10 | 57.5 | 23.9 | Receive: 13,521.9 Send: 97.7 | 748,308.5 | 0.005 |
MetaDefender Core with Common Engine Packages
| Use case | Scan duration (minutes) | Avg. CPU usage (%) | Avg. Memory usage (%) | Avg. Network speed (KB/s) | Throughput (processed objects/hour) | Avg. processing time (seconds /object) |
| Metascan (8 AV) + Deep CDR | 35 | 64.2 | 34.4 | Receive: 10,400.9 Send: 61.6 | 218,663.8 | 0.016 |
| Metascan (8 AV) + Deep CDR + Proactive DLP | 37 | 72.7 | 37.6 | Receive: 11,558.3 Send: 75.7 | 205,513.6 | 0.018 |
| Metascan (8 AV) + Deep CDR + Proactive DLP + Vulnerability | 37.5 | 73.6 | 36.9 | Receive: 12,577.4 Send: 83.5 | 203,880.7 | 0.018 |
Here's what the metrics revealed:
For the Linux environment, Metascan(8AV) test case exhibited a throughput of 220,953.2 objects/hour, with an average processing time of just 0.016 seconds per object while the full-featured (Metascan + Deep CDR + Proactive DLP + Vulnerability) test case demonstrated a throughput of 155,749.4 objects / hour at 0.023 seconds per object
The Window’s performance for Metascan(8AV) alone processed 249,872.6 objects/hour, averaging .014 seconds per object. The full-featured (Metascan + Deep CDR + Proactive DLP + Vulnerability) test case achieved a throughput of 203,880.7 objects/hour at 0.018 seconds per object.
In Conclusion
Performance metrics can be illuminating, especially when evaluating a comprehensive system like MetaDefender Core. However, numbers, while revealing, are just part of the story. For a true sense of how MetaDefender Core can easily integrate into your environment, please get in touch with one our File Uploads Security experts.
