# Agilicus vs Cloudflare Access # Granular permissions vs Perimeter permissions Cloudflare Access™ Provides Zero Trust to the Perimeter, Agilicus Goes Deeper. Discover Why Identity Based Zero Trust Access Beats a DNS Based Model [TRY NOW](/l/no-cost-trial/) [BOOK A MEETING](https://www.agilicus.com/book-calendar-meeting/) ## The Fundamental Difference The choice between Cloudflare Access and Agilicus AnyX is a choice between perimeter level authorization vs resource level granular authorization. A choice between Identity based access vs DNS based. ![icon-authentication](https://www.agilicus.com/www/d82985c0-authentication.svg) ### Agilicus AnyX Resource level authorization enables your organization to provision access to users on a per-control basis, defining exactly what actions can be done within a resource, and at what read/write permission level. ![icon-server](https://www.agilicus.com/www/fc8d0a94-icon-server.svg.svg) ### Cloudflare Access Perimeter level authorization to establish connection to shared resources IP, VPN, and location based controls through a DNS architecture. #### Security Model Comparison **Agilicus** Identity Based → Identity based access utilizing your existing credentials for Single Sign-on through a proxy to establish a connection to the resource **Cloudflare Access** DNS Based → DNS based architecture requires moving your DNS to Cloudflare, requiring traffic to flow through their datacenter vs direct to resource. Utilizing an identity based security model enables users to connect to resources by authenticating with credentials for their existing identity provider and utilizing a proxy to establish a direct connection to the resource. Cloudflare Access is a DNS Based architecture, requiring users to move their DNS to Cloudflare, posing challenges for remote employees who will require split tunneling, or working with vendors that will not be open to changing their DNS for security risks. Agilicus AnyX is a complete Zero Trust Network Access platform, comprising authentication, authorization, audit, access. One of AnyX’ core features is the ability to remotely use a remote graphical environment, via both Remote Desktop Protocol, and VNC. These are available via a browser, or via a native client, and incorporate Agilicus’ trademark simple, seamless, single-sign-on via your existing identity providers, for your staff, your partners, with optional multi-factor authentication. ## Why Modern Teams Choose Agilicus Compare capabilities side-by-side. Feature **Agilicus AnyX** **Cloudflare Access** #### **Client Requirement** What does the user need to install? ![Green Check](https://www.agilicus.com/www/2cd3dab3-green_check.svg) **None (Browser Only)** No Clients to Manage or Configure. Self Updating ![](https://www.agilicus.com/www/32a940fb-download-agilicus-blue.svg) Cloudflare WARP client defines perimeter and controls filters #### **Native Protocol** Are there additional steps needed? Web/Fileshare/SSH/VNC/RDP/ etc. No additional steps needed. Resources are natively supported Web/SSH/VNC/RDP Cloudflare WARP client needed for implementing policy for anything beyond Web/SSH/VNC #### **Granular Access** What level of granular access is provided? Granular access for all resources to control what actions can be done and at what read/write permission at application level Granular access only for Web/SSH/VNC. Anything requiring WARP client requires policy access at IP layer #### **Split Tunneling** No Resources are not exposed to the IP layer, isolating resources, and eliminating lateral traversal. Required Lateral traversal vector from routing table, increasing the inherent vulnerability of split tunneling #### **Authentication Layer** Per Device/Resource User authentication is utilized at a per device/resource level enabling granular authentication controls Network Level User authentication is done at a network level and then software filters to authenticate at device/resource level ![icon-world](https://www.agilicus.com/www/9b679333-icon-world.svg.svg) #### **Clientless Universal Access** Access all resources from any device with a web browser. - Equal security across all devices accessing resources - Enable BYOD while maintaining security - Easy Access to all authorized resources in one tile-based web launcher ![icon-padlock](https://www.agilicus.com/www/c1324345-icon-padlock.svg.svg) #### ****Granular Authorization**** Granular authorization and permission levels on a per resource level. - Enforce read vs write permission levels per user - Enable specific users to perform specific tasks on a resource - Native resource request workflow for task based permissions ![icon-global-network](https://www.agilicus.com/www/965b276e-icon-global-network.svg.svg) #### ****Per-Resource Authentication**** User authentication at a per resource level to enable granular authorization. - Enables granular audit logs for what user on what device - Eliminate shared passwords and team level access - Provision / Decommission resources on a per user basis ## **Ready to move beyond legacy remote desktop?** Experience the security of a complete Zero Trust platform. No Clients to manage, no shared passwords to fear. [CONTACT US](/contact-us/) [BOOK A MEETING](https://www.agilicus.com/book-calendar-meeting/)