1-844-4TO-LYNK (865-965)

IBM Sterling Secure Proxy

While file transfer over the Internet is cheap, it can also be highly insecure. IBM Sterling Secure Proxy (SSP) enables you to leverage the cost benefits of using the Internet for file transfer while ensuring the security of your file transfer infrastructure by ensuring your firewall is secure. SSP protects your internal network from malicious attacks that may negatively impact your business and interrupt business processes.

SSP is a demilitarized zone (DMZ)-based application proxy that protects your file transfers from the public Internet, by enforcing tight controls including trading-partner authorization, multi-factor authentication and session break, before the transfer ever enters your trusted zone

  • SSL session breaks and multi-factor authentication – Help guard against unauthorized access and reduce data vulnerability to protect your brand
  • Leverage the Internet – Lower your file transfer costs and grow your file transfer community while securing the data and access to your trusted zone
  • Firewall navigation best practices – Increases perimeter security for your file transfer infrastructure to comply with regulatory policies and pass tougher security audits
  • Self-service logon portal – Provides self-service password management for trading partners reducing the dependency on IT staff
  • Sterling Secure Proxy is available as licensed on premise software.

Application Proxy:

Resides in the demilitarized zone (DMZ)
Supports IBM® Sterling Connect:Direct®, IBM® Sterling Connect Express® and IBM® Sterling B2B Integrator servers
Support for multiple DMZ environments
Supports FTP, FTPS, HTTP, HTTPS, SSH/SFTP, PeSIT and Sterling Connect:Direct protocols
Supports use of a FIPS 140-2 compliant data encryption module

Firewall Navigation Best Practices:

Prevents inbound holes in the firewall
Minimizes rich targets in the DMZ by ensuring that files, user credentials and data are not stored in the DMZ
Establishes sessions from more-trusted to less-trusted zones
Enforces internal and external security policies

Perimeter Security:

Prevents direct communications between external and internal sessions by establishing secure session breaks in the DMZ using SSL or TLS
Inspects protocol and sensitive control information, enabling configurable error handling for violations
Session limits and data encryption guard against Denial-of-Service attacks

Authentication Services:

Customizable logon portal provides self-service password management for trading partners
Supports single sign-on and integrates with existing security infrastructure, including Active Directory and Tivoli user databases
Multifactor authentication enforces tight controls and validation of trading
partner identity in the DMZ before information is passed to the trusted zone
Authentication options include IP address, user ID and password, digital certificates, SSH Keys, RSA SecurID


One central configuration manager pushes out configuration rules to multiple engines running in the DMZ, making it easy to scale
Clustering for high availability and load balancing provides operational continuity and improved performance

Let's discuss more about your needs, please submit the form below