Identity Aware Proxy vs Dual Tunnel Architecture
Claroty xDome® Secure Access ensures anybody accessing their client is authenticated, Agilicus authenticates at the resource level, eliminating the need for clients and encrypted tunnels.
Discover why an identity aware proxy beats a dual tunnel architecture for modern security.
The Fundamental Difference
The choice between Agilicus AnyX and Claroty xDome Secure Access (formerly SRA) is a choice between a complete Zero Trust platform and a secure access client to create legacy tunnels to shared resources.
Where Claroty relies on a dual tunnel to create a connection between the user > secure access client > shared resource, AnyX is a proxy based platform, giving direct access to resources.
Agilicus AnyX
Complete Zero Trust platform utilizes an identity aware proxy, connecting the user to the shared resource through an outbound-only connection providing the user with seamless access to the resource without being visible to the public internet.
Claroty xDome
Claroty xDome provides the user with a Zero Trust tunnel to the client, and a secondary tunnel is created from the client to the shared resource. The tunnel based platform requires specific port configurations to allow for traffic.
Security Model Comparison
Agilicus
Identity Aware Proxy
→
User accesses the shared resource via a proxy
Claroty xDome
Dual Tunnel
→
User access the shared resources via tunnel to client, and tunnel from client to resource
Agilicus AnyX operates at the application layer (layer 7 on the OSI scale) through an identity aware proxy creating the connection from the user to the end user. Claroty xDome utilizes a dual-tunnel architecture creating a tunnel between the user and the client, and a second tunnel from the cloud to the resource, allowing it to act similar to a virtual jump server.
Why Modern Teams Choose Agilicus
Compare capabilities side-by-side.
Feature
Agilicus AnyX
Claroty xDome
VPN Tunnels
No
Resources are not exposed to the IP layer, isolating resources, and eliminating lateral traversal.
Required
Data in transit travels through dual tunnels (user>client>resource) to create a connection between user and resource
Session Logs
Granular audit logs for each user and resource.
Know who accessed what, when, and what they did while they were there.
Audit logs are available at site-level and the secure access client.
Granular audit trails at application levels are not available
Architectural Approach
Layer 7
Operates at layer 7 – Application layer
Layer 3
Operates at Layer 3 – Network layer
Network Model
Proxy based
Direct connection of user to resource
Operates with outbound-only connection, eliminating the need for publicly accessible IP address
Tunnel based
A tunnel connection is established between the user and the secure access client.
A secondary tunnel is created between the client and the resource.
Authentication Layer
Authentication Per Device/Resource
Authentication is done at the client level.
Zero-Trust Access
Agilicus is a complete Zero Trust Access platform providing identity aware access at the resource level
Claroty xDome Secure Access provides Zero Trust Access to the secure access client at the network layer
Clientless Universal Access
Access all resources from any device with a web browser.
- Equal security across all devices accessing resources
- Enable BYOD while maintaining security
- Easy Access to all authorized resources in one tile-based web launcher
Granular Authorization
Granular authorization and permission levels on a per resource level.
- Enforce read vs write permission levels per user
- Enable specific users to perform specific tasks on a resource
- Native resource request workflow for task based permissions
Per-Resource Authentication
User authentication at a per resource level to enable granular authorization.
- Enables granular audit logs for what user on what device
- Eliminate shared passwords and team level access
- Provision / Decommission resources on a per user basis
Ready to move beyond the VPN?
Experience the security of an Identity-Aware Proxy, Zero Trust, Zero Compromises. No Clients to manage, no lateral movement to fear.