Request for Enhancement (RFE): Alternative User Exit Options in IBM Sterling Secure Proxy (SSP)
1. Introduction
This document proposes an enhancement to IBM Sterling Secure Proxy (SSP) to include support for alternative user exit options beyond the current ICAP protocol. This will provide greater flexibility and integration capabilities for customers with diverse security and infrastructure needs.
2. Current Situation
Currently, SSP primarily relies on the ICAP protocol for user exits, enabling integration with external services like antivirus scanners and DLP solutions. While ICAP is a standard protocol, it may present limitations for some users:
Performance Bottlenecks: ICAP can introduce performance overhead, especially for large files or high-traffic environments.
Limited Functionality: ICAP primarily focuses on content inspection and may not be suitable for all types of user exit requirements, such as authentication or authorization.
Integration Challenges: Integrating with services that don't natively support ICAP can be complex and require custom development.
3. Proposed Enhancement
We request that SSP be enhanced to support alternative user exit options, including:
REST API: A REST API would allow seamless integration with a wide range of modern services and platforms. This enables functionalities like real-time data exchange, dynamic configuration, and granular control over user exit logic.
gRPC: For performance-critical use cases, gRPC offers a high-performance, lightweight framework for communication between SSP and external services.
Webhooks: Webhooks provide a mechanism for SSP to proactively notify external services about events, enabling asynchronous processing and reducing latency.
4. Benefits of Alternative User Exit Options
Implementing alternative user exit options in SSP offers several advantages:
Increased Flexibility: Support for multiple user exit mechanisms allows customers to choose the best option based on their specific needs and existing infrastructure.
Improved Performance: Alternatives like REST APIs and gRPC can offer better performance compared to ICAP, especially for high-volume transactions.
Enhanced Integration Capabilities: Modern user exit options facilitate easier integration with a broader range of security and infrastructure services.
Simplified Development: Well-defined APIs and frameworks can simplify development efforts for custom user exit implementations.
Future-Proofing: Embracing modern communication protocols like REST and gRPC ensures SSP remains adaptable to future technology trends.
5. Use Cases
Alternative user exit options in SSP would benefit various use cases, including:
Advanced Authentication and Authorization: Integrate with modern identity providers and authorization services using REST APIs.
Real-time Threat Intelligence: Utilize REST APIs to query threat intelligence platforms and dynamically update security policies.
Cloud-Native Integrations: Seamlessly integrate with cloud-based security services using REST APIs or gRPC.
Custom Security Logic: Develop custom user exits using preferred programming languages and frameworks to implement specific security requirements.
6. How This RFE Will Be Used
This enhancement will enable our organization to:
Improve performance by replacing ICAP with a more efficient user exit mechanism like gRPC for high-volume file transfers.
Integrate with our existing security infrastructure which relies heavily on REST APIs for communication and data exchange.
Implement custom security logic to address our unique business requirements, leveraging the flexibility offered by a REST API.
7. Conclusion
Expanding user exit options in IBM Sterling Secure Proxy is essential for providing customers with the flexibility and integration capabilities needed to address their evolving security challenges. By supporting modern protocols like REST APIs and gRPC, SSP can better adapt to modern architectures and enhance its value proposition in the market.
