MetaDefender Icap Server

MetaDefender ICAP Server- Ramsdata

Advanced threat prevention for network traffic

Cybercriminals are constantly trying to send malware to your systems. Employees accidentally visit malicious sites or download malicious files and software containing vulnerabilities from the Internet. Both internal and external users intentionally or unintentionally upload files containing sensitive data.

Enterprises need a powerful multi-layered cyber security system to prevent harmful, offensive or inappropriate content.

MetaDefender ICAP Server protects your systems and users by inspecting every file that passes through your network. Each file is scanned for malware and security vulnerabilities. With customized policies and workflows, suspicious files can be blocked or deep cleaned. Sensitive information is blocked, deleted or edited before it leaves your network. All files are corrected before they become available to the end user.

MetaDefender ICAP Server is a plug-and-play solution to protect your network from malicious Internet content.

How the ICAP server works

MetaDefender ICAP Server provides an ICAP interface on top of MetaDefender Core to provide industry-leading advanced threat protection. Any content routed through the ICAP interface will be scanned and processed before entering the network and reaching end users.

MetaDefender ICAP Server can seamlessly integrate with any ICAP-enabled network devices, including reverse proxies, web application firewalls, load balancing modules, forwarding proxies, web gateways, SSL inspectors, etc.

ICAP server benefits
  • Comprehensive detection and prevention of threats on your network in real time
  • Protection against sending malicious files at the gateway of your network
  • Protection against zero-day and advanced targeted attacks
  • Detect vulnerabilities in files before they are installed.
  • No more sensitive data enters or leaves your organization without your knowledge
  • Custom policies, workflows and analysis rules to meet your unique security needs
  • Easy integration with any ICAP-enabled devices
File transfer security

Reverse Proxy / Web Application Firewall / Load Balancer.

Hackers can bypass security and upload a new file or overwrite an existing file, which can be used to launch a server-side attack. A hacked server can be used to distribute malware, demand ransom or steal sensitive data. Protect your application’s web servers from malicious file transfers with a MetaDefender ICAP server upstream of your site.

Supports: F5 Advanced WAF ™, F5 Big-IP® ASM ™, F5 Big-IP LTM ™, Symantec ProxySG

Internet traffic security

Forward Proxy / Web Gateway / Firewall.

Users are susceptible to tricks when browsing the Web, and sometimes reputable sites can be taken over.

Prevent users from downloading malicious files from the Internet. Monitor network traffic before it reaches a secured network using the MetaDefender ICAP server located at your network gateway.

Supports: Squid, ARA Networks JAGUAR5000, McAfee Web Gateway ™, Fortinet FortiGate®.

SSL Inspection

Most malware is now encrypted to bypass network security methods. Use the SSL inspector to decrypt traffic and check for malware in these encrypted payloads. Integrate multiple MetaDefender features at the decryption stage for simplicity and flexibility, using the MetaDefender ICAP Server located in line with the SSL inspector.

Supports: F5 SSL Orchestrator ™, A10 Networks Thunder® SSLi®

MetaDefender ICAP Server – Use Cases

MetaDefender ICAP Server can be used with any ICAP-enabled network device to provide leading-edge protection against advanced threats. This page contains examples of different types of network devices that the MetaDefender ICAP server can work with.

Reverse Proxy

System administrators can configure any reverse proxy that implements ICAP to automatically send all uploaded files to the MetaDefender ICAP server, which will then scan files for threats and vulnerabilities and disinfect them.

Application Delivery Controllers (ADCs).

MetaDefender ICAP Server can be integrated with application delivery controllers such as F5® BIG-IP® Local Traffic Manager™ (LTM®) to provide superior protection against both known and unidentified cyber threats. With ICAP integration, MetaDefender protects all uploaded files via ADC.

Internet gateways

By offloading value-added services such as content scanning from web gateways to MetaDefender ICAP Server, web gateways can be scaled according to unprocessed HTTP bandwidth instead of dealing with these additional tasks.

Next Generation Firewalls (NGFW)

Integrating the firewall with MetaDefender ICAP Server allows the firewall to offload work to a separate server specifically configured for specialized processing (deep disarming and content reconstruction and file-based vulnerability scanning) of incoming traffic. This significantly reduces the resource load on the firewall.

Connected storage devices

Protect critical data by adding MetaDefender’s advanced threat protection on storage devices such as the Dell EMC Isilon.

Intrusion Prevention Systems

MetaDefender ICAP Server greatly enhances the effectiveness of intrusion prevention systems (IPS) by adding advanced features to detect and prevent threats and vulnerabilities.

Redirecting proxy servers

System administrators can configure any proxy server that implements ICAP, such as Squid Open Proxy or Blue Coat® ProxySG, to automatically send HTTP requests to MetaDefender ICAP Server for advanced threat protection.