The Internet Content Adaptation Protocol (ICAP) was formally introduced in December 1999 by the ICAP Forum. ICAP is a lightweight protocol developed in the 2000s and specified in RFC 3507. The objective of the protocol is to provide a generic interface for communicating with content filtering solutions on the Internet.
ICAP defines “a standardised interface between network equipment playing the role of client (proxy server, firewall, security gateways), and service equipment (ICAP servers) whose objective is analysis and adaptation in real-time web feeds.
ICAP is a request/response protocol that is similar in semantics and usage to HTTP. It allows ICAP clients to transmit HTTP messages to ICAP servers for transformation or other processing (“adaptation”). The server runs its transformation service on the messages and returns responses to the client, usually with modified messages. Typically, suitable messages are HTTP requests or HTTP responses.
ICAP is typically used to implement virus scans and content filters in HTTP proxy caches. Content adaptation involves performing the particular value-added service (content manipulation) for the associated customer request/response.
ICAP uses TCP/IP as its transport protocol. The default port is 1344, but other ports can be used. The TCP flow is initiated by the ICAP client to a passively listening ICAP server.
The strengths of ICAP
The ICAP protocol, inspired by the HTTP protocol, from which it uses certain methods, however, is distinguished by several advantages:
- A simple transactional mode, consisting of passing several pieces of information through a single transmission medium. This allows the same resource to be shared between several users
- Data preview features
- Early interruptions of processing in order to limit exchanges between clients and ICAP servers
- Managing load distribution and redundancies
ICAP focuses on leveraging edge devices (caching proxies) to help provide value-added services. At the heart of this process is a cache that serves as a proxy for all client transactions and processes them through web servers.
These ICAP servers focus on a specific function, for example ad insertion, virus scanning, multi-AV scanning, content translation, language translation or content filtering. Offloading value-added services from web servers to ICAP servers allows those same web servers to be sized based on raw HTTP throughput without having to manage these additional tasks.
ICAP, the Internet Content Adaptation Protocol, is a protocol aimed at providing a simple object-based content vector for HTTP services.
ICAP and DLP
Data Loss Prevention (DLP) is a set of tools and processes used to ensure that sensitive data is not lost, intentionally misused, or accessed by unauthorized users.
DLP enforces remediation through alerting, encryption, and other protective actions to prevent end users from accidentally or maliciously sharing data that could create risks for the organization.
ICAP and the MFT
MFT (Managed File Transfer) or SFT (secure file transfers), protects “the movements and actions” of files at rest and in transit. Secure file transfers ensure file integrity and movement even if connectivity is interrupted or the files being sent are large.
Secure file transfer solutions encrypt information and create audit trails of transfer activity to provide necessary documentation for compliance requirements such as PCI DSS, GDPR, SOX, HIPAA, NIST and others.
With MFT, you can choose to transfer the files using different secure protocols such as SFTP, FTPS, HTTPS, AS2, AS4, etc.
The ICAP and MFT combination
Any incoming communication can pose a threat to an organization and file exchange is no exception. Files received from third parties may contain malicious code embedded in a harmless document.
DLP enhances the MFT’s ability to control information by applying deep content inspection and adaptive data loss prevention to enforce more comprehensive information security policies to prevent data loss, ensure compliance and prevent malware threats from infecting the organization.
This integration between ICAP and MFT starts with workflows and triggers defined according to your business needs, replaces sensitive text with asterisks, and detects/erases text (even in images) so that activities can continue, without the incriminated content. This integration of data security also helps ensure compliance with sector regulations.
This combination of file transfers and advanced threat protection provides end-to-end security and monitoring, with content inspection and redaction occurring in file transfers through ICAP before the files are even sent or received via MFT.
Use cases
By implementing ICAP, businesses are able to apply deep content inspection, adaptive redaction, and data leak prevention technologies to existing web security architectures.
Editing content
An Internet service provider can use a transparent HTTP proxy and modify web content received by the user via an ICAP server in order to:
- To insert advertising within web pages
- To detect the presence of malicious content and warn the user by inserting a warning and deleting suspicious content.
Files received by third parties, such as purchase orders, invoices or legal documents, may contain malicious content. ICAP helps neutralize risks such as embedded malware, suspicious scripts, and other high-risk content that enters or exits your organization without disrupting the flow of communication.
Secure your file transfers
Email is the primary vector of incoming threats, but also a source of data leaks.
Protect your organisation from threats and data leaks when sharing files internally or externally.
Prevent accidental sharing of files containing sensitive data and redact sensitive information from file transfers to eliminate data and compliance risks.
With ICAP, you prevent ransomware and other malware from entering your organization and being shared externally.
