Granular permissions vs Perimeter permissions
Cloudflare Access™ Provides Zero Trust to the Perimeter, Agilicus Goes Deeper.
Discover Why Identity Based Zero Trust Access Beats a DNS Based Model
The Fundamental Difference
The choice between Cloudflare Access and Agilicus AnyX is a choice between perimeter level authorization vs resource level granular authorization. A choice between Identity based access vs DNS based.
Agilicus AnyX
Resource level authorization enables your organization to provision access to users on a per-control basis, defining exactly what actions can be done within a resource, and at what read/write permission level.
Cloudflare Access
Perimeter level authorization to establish connection to shared resources IP, VPN, and location based controls through a DNS architecture.
Security Model Comparison
Agilicus
Identity Based
→
Identity based access utilizing your existing credentials for Single Sign-on through a proxy to establish a connection to the resource
Cloudflare Access
DNS Based
→
DNS based architecture requires moving your DNS to Cloudflare, requiring traffic to flow through their datacenter vs direct to resource.
Utilizing an identity based security model enables users to connect to resources by authenticating with credentials for their existing identity provider and utilizing a proxy to establish a direct connection to the resource. Cloudflare Access is a DNS Based architecture, requiring users to move their DNS to Cloudflare, posing challenges for remote employees who will require split tunneling, or working with vendors that will not be open to changing their DNS for security risks.
Agilicus AnyX is a complete Zero Trust Network Access platform, comprising authentication, authorization, audit, access. One of AnyX’ core features is the ability to remotely use a remote graphical environment, via both Remote Desktop Protocol, and VNC. These are available via a browser, or via a native client, and incorporate Agilicus’ trademark simple, seamless, single-sign-on via your existing identity providers, for your staff, your partners, with optional multi-factor authentication.
Why Modern Teams Choose Agilicus
Compare capabilities side-by-side.
Feature
Agilicus AnyX
Cloudflare Access
Client Requirement
What does the user need to install?
None (Browser Only)
No Clients to Manage or Configure. Self Updating
Cloudflare WARP client defines perimeter and controls filters
Native Protocol
Are there additional steps needed?
Web/Fileshare/SSH/VNC/RDP/ etc.
No additional steps needed. Resources are natively supported
Web/SSH/VNC/RDP
Cloudflare WARP client needed for implementing policy for anything beyond Web/SSH/VNC
Granular Access
What level of granular access is provided?
Granular access for all resources to control what actions can be done and at what read/write permission at application level
Granular access only for Web/SSH/VNC. Anything requiring WARP client requires policy access at IP layer
Split Tunneling
No
Resources are not exposed to the IP layer, isolating resources, and eliminating lateral traversal.
Required
Lateral traversal vector from routing table, increasing the inherent vulnerability of split tunneling
Authentication Layer
Per Device/Resource
User authentication is utilized at a per device/resource level enabling granular authentication controls
Network Level
User authentication is done at a network level and then software filters to authenticate at device/resource level
Clientless Universal Access
Access all resources from any device with a web browser.
- Equal security across all devices accessing resources
- Enable BYOD while maintaining security
- Easy Access to all authorized resources in one tile-based web launcher
Granular Authorization
Granular authorization and permission levels on a per resource level.
- Enforce read vs write permission levels per user
- Enable specific users to perform specific tasks on a resource
- Native resource request workflow for task based permissions
Per-Resource Authentication
User authentication at a per resource level to enable granular authorization.
- Enables granular audit logs for what user on what device
- Eliminate shared passwords and team level access
- Provision / Decommission resources on a per user basis
Ready to move beyond legacy remote desktop?
Experience the security of a complete Zero Trust platform. No Clients to manage, no shared passwords to fear.