Ensuring the confidentiality of system logs, maintaining service continuity, and keeping up with cryptographic best practices are all critical responsibilities for IT security engineers, IT administrators, and compliance teams. In our latest MetaDefender ICAP Server 5.8.0 release, we’re introducing enhancements that address these security and operational challenges—including encrypted syslog transmission, automated license expiry notifications, and more.
MetaDefender ICAP Server™
Advanced Threat Prevention for Network Traffic
MetaDefender ICAP Server™
Advanced Threat Prevention for Network Traffic
Secure and Aggregate Logs with TLS-Encrypted Syslog
We have enhanced log management with TLS-encrypted syslog. Using a log aggregation tool such as SIEM or SOAR, administrators and security teams can achieve centralized visibility of all file scanning activities from various MetaDefender ICAP Server instances.
Modern security operations rely on logs from multiple infrastructure components to detect threats, analyze traffic anomalies, and maintain audit trails for compliance. However, collecting logs from multiple sources and ensuring their security and confidentiality can be a challenge. Syslog transmission methods can leave logs vulnerable to interception and tampering, increasing the risk of MITM (man in the middle) attacks and compliance violations.
What’s Improved
With TLS-encrypted syslog, IT security administrators can aggregate logs from multiple sources without worrying about security gaps. This approach enables:
- Supports secure log transmission over TCP using TLS
- Faster issue detection and resolution by correlating events across systems
- A tamper-resistant audit trail for compliance audits and forensic investigations
- Reduced operational complexity by eliminating fragmented log collection methods
- Automated log ingestion for real-time monitoring, reducing incident response times
Benefits
Centralized Logging from Multiple Sources
Securely collects and consolidates logs into a single location for streamlined monitoring and analysis
Protected Log Integrity and Confidentiality
Ensures that log data cannot be read or altered in transit, preventing MITM attacks or insider threats
Integration with Centralized Log Management Solution
Integrates file security capabilities with a SIEM, SOAR or GRC tool to enhance real-time threat detection and compliance reporting
Compliance-Ready Log Transmission
Aids regulatory compliance, including SOC 2, ISO 27001, and PCI DSS, by enforcing encrypted log transport
With all logs centralized in one place, security teams can identify patterns, investigate threats, and refine security policies with greater speed and accuracy. Whether tracking potential breaches, auditing system activity, or enhancing operational efficiency, a comprehensive, real-time view of your logs empowers proactive decision-making.
License Expiry Notifications
IT administrators can now receive automated email alerts before a MetaDefender ICAP Server license expires.
What’s Improved
- Immediate notifications when a license expires, is about to expire, or is lost
- Option to customize email content or use the default email template
- Configurable triggers to receive alerts for license expiration and upcoming renewal reminders
This enhancement is particularly helpful for organizations managing multiple MetaDefender ICAP Server deployments across distributed environments. By providing proactive expiry notifications, teams can focus more on security rather than logistical oversight.
Security Updates for OpenSSL Library
In accordance with our standard SDLC policies, MetaDefender ICAP Server has been updated to incorporate OpenSSL v3.4.1 to address the high-severity CVE-2024-12797. This upgrade reinforces protection against potential vulnerability exploitation and follows industry security best practices for third-party library management.
Other New Features and Enhancements
- New OS support for Rocky Linux 9.4, along with a Docker image built from the official Rocky Linux repository
- Support for User Login via Nested AD (Active Directory) Groups: When the "Nested Group Login" option is enabled, both direct and indirect members of the specified AD group can log in and inherit the group's roles and permissions
- Security Enhancements: Upgraded third-party libraries besides OpenSSL v3.4.1 to address vulnerabilities:
- cURL v8.9.1 (Linux)
- NGINX v1.26.3
- Libxml2 v2.12.10
- Various Usability Enhancements
MetaDefender ICAP Server: File Security at the Network Perimeter
OPSWAT MetaDefender ICAP Server protects organizations against file-borne cyberattacks at the network perimeter. Comprehensive, multi-layered security technologies detect and prevent malicious files as they pass through your load balancer, WAF (web application firewall), managed file transfer (MFT) solution, or any other ICAP-enabled network security device.
All suspicious files traveling through your network traffic are blocked or sanitized before they are accessible to end users to protect against evolving cyberthreats. Sensitive data is redacted, removed, or blocked to help organizations meet security compliance standards. Upgrade to our latest version or talk to our security experts to learn more about MetaDefender ICAP Server.
Release Details
- Product: MetaDefender ICAP Server
- Release Date: March 20, 2025
- Release Notes: 5.8.0
- Download from OPSWAT™ Portal
For more information, talk to our cybersecurity experts.
