What is ICAP?
The Internet Content Adaptation Protocol (ICAP) is the protocol used by network appliances such as application delivery controllers, web gateways, forward and reverse proxies, and next-generation firewalls to communicate with an external server or appliances to perform value added actions such as malware scanning and content filtering. By integrating the network appliance and the ICAP scanning solution, network administrators can protect their networks from known and unknown threats such as application installer vulnerabilities, document-based malware, and web-based exploit kits.
What is Metadefender ICAP Server?
Click image to expand
Metadefender ICAP Server helps you secure your web traffic and extend the protection of your organization against advanced threats by integrating Metadefender Core with your network security appliances. Metadefender Core exposes an ICAP interface that allows system administrators to easily integrate OPSWAT's proprietary data sanitization (CDR) and multi-scanning technology into an existing appliance or solution, enabling anti-malware scanning of all HTTP downloads and uploads.
Any files scanned through the ICAP interface will be scanned with the same anti-malware engines and policies as files scanned through any other Metadefender Core interface. All files will be logged so that activity can be reviewed later if necessary. One of the most important features Metadefender ICAP Server offers is the ability to cache file scan results, which significantly improves scanning throughout. Metadefender Core can be integrated with both web proxy servers and reverse proxy servers.
Why implement Metadefender ICAP Server?
The key benefits of integrating a network appliance that natively supports ICAP such as a proxy or a web gateway are value added task processing (such as anti-malware scanning and data sanitization) along with performance enhancement.
Application Delivery Controllers (ADCs)
The modern generation of application delivery controllers, such as the F5 BIG-IP® product family, handles a wide variety of functions, including load balancing, the ability to function as a full forward or reverse proxy, rate shaping and SSL offloading, as well as serving as a web application firewall. The integrated Metadefender ICAP Server solution with F5 BIG-IP Local Traffic Manager (LTM) provides superior protection against known as well as unidentified cyber threats. Through its ICAP integration, Metadefender scans all files uploaded through F5 BIG-IP with up to 30 anti-malware engines. The solution also uses combined heuristics to detect harmful code and performs data sanitization so that any potential threats embedded within documents are removed.
Instead of scanning an object every time it is requested, it can be scanned and identified as "clean" and served to users. This ability to immediately serve scanned content to users provides significantly improved performance for networks that require content scanning.
Offloading value-added services such as content scanning from web gateways to ICAP servers allows those same web gateways to be scaled according to raw HTTP throughput instead of having to handle these extra tasks.
Next-Generation Firewalls (NGFW)
Integrating a firewall with the ICAP server allows the firewall to offload work to a separate server specifically set up for the specialized processing (data sanitization and malware scanning) of the incoming traffic. This takes some of the resource strain off of the firewall, leaving it to concentrate its resources on things that only it can do.
How does Metadefender ICAP Server integrate with my existing solution?
Forward Web Proxy:
Click image to expand
System administrators can set up any proxy that implements ICAP, such as the Squid Open Proxy or Blue Coat® ProxySG, to automatically send HTTP requests to Metadefender ICAP Server, where multiple anti-malware engines scan the requests for potential advanced threats.
Reverse Proxy Integration
The Metadefender ICAP server interface allows system administrators to easily add Metadefender Core multi-scanning technology into an existing reverse proxy configuration to enable anti-malware scanning of all file uploads. System administrators can set up any reverse proxy that implements ICAP, such as F5® BIG-IP® Load Traffic Manager™ (LTM®), to automatically forward any uploaded files to Metadefender ICAP Server, which will scan the files with multiple anti-malware engines for potential advanced threats.
Click image to expand
Which integrations does Metadefender ICAP Server support?
All proxy servers that implement the ICAP interface are supported by Metadefender ICAP Server; however, most proxy servers implement a modified version of the ICAP interface. The following servers have been extensively tested with Metadefender ICAP Server and are supported by the Metadefender Core Support team.