Protect Your Web Application from Malicious and Negligent Users

While most organizations have safeguards in place for email delivery and portable media, many fail to protect their web applications from file-borne threats. Web applications with file upload capabilities are prime subjects of malware attacks and often the cause of compliance violations. In 2020, The Verizon Data Breach Investigations Report found that 43% of breaches were attacks on web applications, more than double the results from last year. Web application providers need to be wary of both malicious and negligent users who could be uploading files that could result in financial damage or legal damage. OPSWAT integrates with F5 BIG-IP appliances to protect your company from malicious file-borne attacks and prevent sensitive data infringement. Pair the most powerful and reliable network appliances with market-leading file detection and sanitization solutions from OPSWAT to secure your web applications from file upload threats.

Eliminate Risky Content

File-borne malware is the primrose path for cyberhackers wishing to compromise a company inexpensively. F5 BIG-IP products have ICAP enablement in order to send files efficiently and securely to content analysis providers, such as OPSWAT. This add-on layer of security, at the gateway of your network, reduces the pressure of identifying the malware at the endpoint with just a single AV. MetaDefender’s multiple antivirus engines analyze traffic and stop malware in its tracks with the highest detection rate in the market. By leveraging the diversity and strengths of different AV vendors OPSWAT’s detection rate is close to 100%*. Reject, allow, or send the file for further inspection with MetaDefender ICAP Server, a physical or virtual server placed in line with any of the BIG-IP products. The MetaDefender ICAP Server enables powerful solutions like BIG-IP appliances to work in tandem with MetaDefender Core’s multiple technologies such as multiscanning and Deep CDR, which we will get to next.

In 2020, Garter found that 57% of the documents which contained malware were Microsoft office docs. Therefore, accepting productivity documents of any sort is a huge liability for corporations. However, blocking these files from getting to the end user can become a burden and impede work productivity. To lessen the disruption that often comes with blocking productivity files from reaching the end users, OPSWAT created Deep Content Disarm and Reconstruction (CDR). This solution is especially tailored towards productivity documents such as Microsoft Office Suite, PDF, or even regional Office solutions such as Itchitaro (Japan) and Hancom (Korea). Deep CDR does not try to identify malware within the file; as the name states, it works by deconstructing files to its fundamental components, removing any potentially exploitable objects, and rebuilding them in a known, safe and fully functional way. Ultimately, Deep CDR strips all active content from the files rendering them harmless. This feature enhances the F5’s ability to transfer and accept files risk-free and securely from anywhere in the world.

Sensitive Data Compliance

Protecting your network infrastructure from careless users is not as straight forward as protecting it against malicious users. Although the intent from negligent users might not be to cause severe damage, they might inadvertently end up costing your organization anywhere from thousand to millions of dollars for failure to comply with the law. Multiple countries and states are following the example set forth by GDPR, HIPAA, PIC DSS, etc. and are putting privacy regulations in place. One example is California’s Consumer Privacy Act which became effective starting 2020. The law protects California’s residents from having their personal data collected and used without their consent, while also finning the organization for the unreported leaks of information. Which leaves companies as a Hobson’s choice: pay the fine or pay with humility. 

OPSWAT integrates directly with F5’s BIG-IP appliances, supported products include: F5 Advanced WAF™, F5 Big-IP® ASM™, F5 Big-IP LTM™, F5 SSL Orchestrator™.


OPSWAT uses F5’s ability to intercept and inspect web traffic to check content for malware and for personal identifiable information. This feature helps anneal existing compliance policies by preventing undesired information from being accessible to an unintended recipient or an unintended group. The Proactive DLP module under the MetaDefender platform redacts sensitive information from dozens of different file types. In either a client or server mode, with Proactive DLP activated you can be confident that sensitive information will not leave or enter your network without your permission. In collaboration with F5 BIG-IP products, traffic steering of information is optimized for work productivity without fearing the consequences of a data breech or unwanted information infiltration from negligent users.

Building a Scalable Architecture to Stop Attacks

MetaDefender ICAP Server is an addition to BIG-IP products and is installed on-premises or on the cloud. The software is mounted on your hardware of choice and in series with the F5 appliance to provide users with plenty of freedom when selecting deployment options. The F5 BIG-IP LTM is used to balance various instances of MetaDefender ICAP Servers and MetaDefender Cores, if necessary. Likewise, an instance of MetaDefender ICAP Server can also be used to load balance other instances of MetaDefender ICAP severs and their respective MetaDefender Core instances. 

Deploy various instances of MetaDefender ICAP Server using the load balancing features of the F5 BIG-IP LTM for faster throughput.

The image above shows a network diagram which uses load balancing features from both F5 BIG-IP LTM and MetaDefender ICAP server for optimizing network traffic flow with secure file transfer features.  Enterprises with high traffic loads can optimize OPSWAT deployments by using the health monitoring and load-balancing capabilities of the BIG-IP platform. Along with MetaDefender’s high-performance architecture, the joint solution is used to protect against advanced persistent threats (APTs) in the most demanding environments. OPSWAT compiles reports from every MetaDefender Core instance in OPSWAT’s Central Management to generate processing history aggregation reports. With joint solutions from F5 Networks and OPSWAT you will have full visibility and advanced threat protection on every gateway into your network.

Enhanced Security Architecture

F5’s security offerings complement the OPSWAT’s MetaDefender platform in protection against malware, data breaches, and compliance violations. The specialty features are integrated into the F5 Advanced WAF and the F5 SSL Orchestrator. The F5 Advanced WAF offers protection against bots, which might instigate malicious DDoS attacks or breaches, and contains URL and IP filtering. MetaDefender’s security zone settings complement F5’s Advanced WAF security features. In MetaDefender, different workflow rules are applied to content depending on the client IP; combined, these features help filter and block information from sources that could be deemed risky. Another advanced F5 cybersecurity feature is the decryption capabilities and traffic management steering from the SSL Orchestrator. The SSLO decrypts TLS, SSL and other types of traffic and then sends decrypted files to the MetaDefender ICAP Server via a hard-wired connection. This optimized solution removes the need for daisy chaining traffic and sends content directly to OPSWAT for content scanning. The SSLO will reject traffic unless its 100% sure if can identify it and that it will make sure that the content has also passed the MetaDefender malware inspection. It can integrate many different malware detection solutions; however, none compare with detection rates close to 100%* from using multiple AV scanning from OPSWAT. Both Malicious actors and negligent users will have a hard time infiltrating F5 and OPSWAT joint security solutions architecture.


Zero trust means that we must stop assuming that we can verify actors, content, or integrity. It means that if given the opportunity users will misuse your web application and cause harm to the organization. Since limiting functionality is not a solution in today's collaborate world, critical web applications need protection build by critical solutions cyber-experts. OPSWAT has been a leader in the US energy sector and US financial sector for many years now. Their products are made to cover the entire malware intelligence field including, threats never before seen and file vulnerabilities which have not yet surfaced. F5 users have paired OPSWAT cybersecurity features into their existing infrastructure for over a decade now, ensuring trust in every joint integration and knowledgeable customer success support. Pair the most powerful and reliable network appliances from F5 Networks with market-leading file detection and file sanitization solutions from OPSWAT to secure your web applications, the online face of your organization. For more information visit

* OPSWAT offers packages for every industry's security needs for example: MetaDefender 12 averages 95% or higher effectiveness rate while MetaDefender 20 averages 99% or higher effectiveness rate. Please visit our website for more information about how these rates were evaluated.



  • Web applications are among the most exposed entrances to your network, especially if they allow for file uploads. Uploading malicious files onto web applications is a popular attack method.
  • Advances in internet speed and the exponential increase of processing power have made collaboration from anywhere in the world a norm. Legitimate users should not be impeded from sharing documents, yet every document that enters your organization should be checked.
  • Negligent users cannot be stopped from sending non-compliant documents. Provisions need to be in place to handle sensitive data uploaded onto your network.

  • OPSWAT offers built-in tools and downloadable templates to help integrate F5’s BIG-IP products with MetaDefender.
  • F5 and OPSWAT joint solutions thoroughly protect your web application from file upload threats using one of the highest malware detection rates in the market.
  • The spread of sensitive information within an organization is hard to contain. It is important to set ridged policies about the information that you do not want to be held accountable for, while allowing recipients to access incoming files.
  • Add MetaDefender security features to any appliance in the BIG-IP family via ICAP (Internet Content Adaptation Protocol) for fast deployment with no software tweaking or additional development required.