Robust, auditable edge security for your multi-enterprise data exchanges
IBM® Sterling Secure Proxy helps secure and shield your trusted network by preventing direct connectivity between external partners and internal servers. It can secure your network and data exchanges at the edge to enable trusted business-to-business transactions and file exchanges. As a demilitarized zone (DMZ)-based proxy, Sterling Secure Proxy uses trading-partner authorization, multifactor authentication, session breaks and other controls for validation before connections are established to your trusted zone.
IBM Sterling Secure Proxy offers:
- Data exchange proxy software that resides in the DMZ to deter unauthorized access.
- Firewall navigation best practices to help protect data exchanges at the network edge.
- Perimeter security features for enhanced protection of your data and internal systems.
- Authentication services for self-service management that helps reduce dependency on IT staff.
- Clustering for improved performance and easier scalability.
Data exchange proxy software
- Resides in the DMZ to validate connections and help prevent unauthorized access.
- Supports IBM® Sterling Connect:Direct®, IBM® Sterling B2B Integrator, IBM® Sterling File Gateway and IBM® Sterling Connect:Express.
- Compatible with layered or multiple DMZ environments.
- Supports FTP, FTPS, HTTP, HTTPS, Applicability Statement 2 (AS2), Secure Shell/Secure File Transfer Protocol (SSH/SFTP), Protocol d’Echanges pour un Systeme Interbancaire de Telecompensation (PeSIT) and Sterling Connect:Direct protocols.
- Includes a Federal Information Processing Standard (FIPS) 140-2-compliant data encryption module with the option to force “strict FIPS mode” communications.
Firewall navigation best practices
- Helps prevent inbound holes in the firewall.
- Reduces rich targets in the DMZ by helping to ensure that files, user credentials and data are not stored on physical drives in the DMZ.
- Establishes sessions from more-trusted to less-trusted zones.
- Enforces compliance with internal and external security policies and enables companies to pass security audits more easily.
Perimeter security features
- Helps prevent direct communications between external and internal sessions by establishing security-rich session breaks in the DMZ using Secure Sockets Layer (SSL) or Transport Layer Security (TLS) connections.
- Inspects protocol and sensitive control information and supports configurable error handling if violations are detected.
- Provides session limits and data encryption to guard against denial-of-service attacks.
- Provides a customizable logon portal with self-service password management for trading partners.
- Supports single sign-on and integration with existing security infrastructure, including Active Directory and Tivoli® user databases.
- Uses multi-factor authentication to enforce tight controls and validation of trading partner identity in the DMZ before internal sessions are established to the trusted zone.
- Includes authentication options for IP address, user ID and password, digital certificates, SSH keys and RSA SecurID.
- One central configuration manager delivers configuration rules to multiple engines running in the DMZ, facilitating easier scalability.
- High-availability and load-balanced clustered environments are supported for improved business continuity and optimal performance.