# Agilicus vs Claroty xDome Secure Access # Identity Aware Proxy vs Dual Tunnel Architecture Claroty xDome*®* Secure Access ensures anybody accessing their client is authenticated, Agilicus authenticates at the resource level, eliminating the need for clients and encrypted tunnels. Discover why an identity aware proxy beats a dual tunnel architecture for modern security. [TRY NOW](/l/no-cost-trial/) [BOOK A MEETING](https://www.agilicus.com/book-calendar-meeting/) ## The Fundamental Difference The choice between Agilicus AnyX and Claroty xDome Secure Access (formerly SRA) is a choice between a complete Zero Trust platform and a secure access client to create legacy tunnels to shared resources. Where Claroty relies on a dual tunnel to create a connection between the user > secure access client > shared resource, AnyX is a proxy based platform, giving direct access to resources. ![icon-authentication](https://www.agilicus.com/www/d82985c0-authentication.svg) ### Agilicus AnyX Complete Zero Trust platform utilizes an identity aware proxy, connecting the user to the shared resource through an outbound-only connection providing the user with seamless access to the resource without being visible to the public internet. ![icon-server](https://www.agilicus.com/www/fc8d0a94-icon-server.svg.svg) ### Claroty xDome Claroty xDome provides the user with a Zero Trust tunnel to the client, and a secondary tunnel is created from the client to the shared resource. The tunnel based platform requires specific port configurations to allow for traffic. #### Security Model Comparison **Agilicus** Identity Aware Proxy → User accesses the shared resource via a proxy **Claroty xDome** Dual Tunnel → User access the shared resources via tunnel to client, and tunnel from client to resource Agilicus AnyX operates at the application layer (layer 7 on the OSI scale) through an identity aware proxy creating the connection from the user to the end user. Claroty xDome utilizes a dual-tunnel architecture creating a tunnel between the user and the client, and a second tunnel from the cloud to the resource, allowing it to act similar to a virtual jump server. ## Why Modern Teams Choose Agilicus Compare capabilities side-by-side. Feature **Agilicus AnyX** **Claroty xDome** #### **VPN Tunnels** No Resources are not exposed to the IP layer, isolating resources, and eliminating lateral traversal. Required Data in transit travels through dual tunnels (user>client>resource) to create a connection between user and resource #### **Session Logs** Granular audit logs for each user and resource. Know who accessed what, when, and what they did while they were there. Audit logs are available at site-level and the secure access client. Granular audit trails at application levels are not available #### **Architectural Approach** Layer 7 Operates at layer 7 - Application layer Layer 3 Operates at Layer 3 - Network layer #### **Network Model** Proxy based Direct connection of user to resource Operates with outbound-only connection, eliminating the need for publicly accessible IP address Tunnel based A tunnel connection is established between the user and the secure access client. A secondary tunnel is created between the client and the resource. #### **Authentication Layer** Authentication Per Device/Resource Authentication is done at the client level. #### **Zero-Trust Access** Agilicus is a complete Zero Trust Access platform providing identity aware access at the resource level Claroty xDome Secure Access provides Zero Trust Access to the secure access client at the network layer ![icon-world](https://www.agilicus.com/www/9b679333-icon-world.svg.svg) #### **Clientless Universal Access** Access all resources from any device with a web browser. - Equal security across all devices accessing resources - Enable BYOD while maintaining security - Easy Access to all authorized resources in one tile-based web launcher ![icon-padlock](https://www.agilicus.com/www/c1324345-icon-padlock.svg.svg) #### ****Granular Authorization**** Granular authorization and permission levels on a per resource level. - Enforce read vs write permission levels per user - Enable specific users to perform specific tasks on a resource - Native resource request workflow for task based permissions ![icon-global-network](https://www.agilicus.com/www/965b276e-icon-global-network.svg.svg) #### ****Per-Resource Authentication**** User authentication at a per resource level to enable granular authorization. - Enables granular audit logs for what user on what device - Eliminate shared passwords and team level access - Provision / Decommission resources on a per user basis ## **Ready to move beyond the VPN?** Experience the security of an Identity-Aware Proxy, Zero Trust, Zero Compromises. No Clients to manage, no lateral movement to fear. [CONTACT ME](/contact-us/) [BOOK A MEETING](https://www.agilicus.com/book-calendar-meeting/)