MetaDefender Deployments and Integrations

MetaDefender is designed to prevent threats and zero-day attacks independently as well as complement other security solutions. MetaDefender can be deployed within your premises, cloud infrastructure or by integration with MetaDefender Cloud.

Depending on where the data lives, we offer native connectors or ability to integrate via REST API that supports a variety of deployment scenarios. In fact, our recommendation would be to always use native connectors, because it is typically a plug-and-play solution that does not require a code change.

Find the right cybersecurity solution for your organization

ScenarioIdeal solutionBenefits
On-premisesMetaDefender Core
MetaDefender ICAP Server
MetaDefender Core Container

Deploy on Windows or Linux servers in your environment, even if it is air-gapped.

Easily configure to adjust to each deployment-specific need.

Built-in high-performance architecture & load balancing feature.

SaaSMetaDefender Cloud

24/7 availability

No infrastructure to maintain.

Full benefit of the MetaDefender offering.

Cloud/IaaSMetaDefender Core
MetaDefender Cloud
MetaDefender Core AMI
MetaDefender Core Container

Flexible licensing and packaging.

Developer friendly REST API.

Private file processing.

Reliable and seamless scalability.

Access to threat intelligence feeds and broader threat prevention data sources.


MetaDefender REST API makes almost any integration straightforward. MetaDefender frequently releases new functionalities, which enrich the API response while guaranteeing the backward compatibility. Below are several integration methods for your consideration.

1. Custom

Although custom integrations are available, the functionality will be limited to the feature set at the time of integration. Even though it would be easy to extend the integration, it requires application changes, and the approval process can be lengthy in some industries.

2. Native Connectors

OPSWAT provides a suite of native connectors that are officially supported. This means that if OPSWAT extends its functionality and introduces new information in its API response, OPSWAT will also swiftly update the integration. By using native connectors, you will always be able to leverage MetaDefender’s full functionality.


One of the most popular native connector solutions is MetaDefender ICAP Server, which offers native integration to most Web Application Firewalls (WAFs), Load Balancers (LBs), and Network Attached Storage (NAS) products. This offers a seamless integration through the ICAP protocol which allows for the ability to offload the uploaded (or downloaded) files for analysis.

Supported ICAP Clients

Have you determined the applicable deployment and integration options for your organization?

Discover more details about the MetaDefender threat prevention suite to define which offerings are right for you

MetaDefender Cloud API

For integration in cloud and IaaS environment or with your existing SaaS products via REST API with our large hash database, IP reputation services, and more

MetaDefender Core AMI

For deployment in your AWS account to process received files or protect your S3 buckets

MetaDefender Core

For integration with your existing security architectures via REST API

MetaDefender ICAP Server

For integration with Web apps (via WAF, LB or API Gateway) or Storage (NAS) in order to detect and prevent threats in file transfer process

MetaDefender Core Container

For deployment of MetaDefender Core in your containerization environment such as Docker.

Or schedule a meeting with an OPSWAT technical expert to be advised on how to protect your organization’s infrastructure