Excalibur SAM vs. WALLIX

View

Key Competitive	Excalibur (Modern)	WALLIX (Traditional)
🎯 Approach	✅ Unified Platform, Passwordless-first, visual streaming isolation Integrated MFA + PAM + Remote Access in one easy-to-manage platform with true air-gap isolation via DOM streaming. No complex integrations, multiple agents, or modules needed.	⚠️ Proxy-based gateway, traditional credential vaulting Proxies secure connections but allows potential direct interaction between endpoint and resource. Appliance-based architecture with less flexibility for modern cloud environments.
🔐 MFA Integration	✅ Built-in, Passwordless Built from the ground-up on passwordless authentication (biometric phone MFA, passkeys). Users never handle passwords directly — credentials are transparently managed.	⚠️ External MFA providers, password-based Relies primarily on external MFA providers, password rotation, and credential vaulting. More complex to manage, not future-proofed for passwordless authentication.
🔐 Web Access & RBI	✅ Native DOM-streaming RBI with WAF, bi-directional protection Innovative DOM-streaming Remote Browser Isolation (RBI) with visually lossless, lag-free sessions. Zero-trust, bi-directional protection — guards users from malicious web apps AND web apps from user threats.	❌ No inherent RBI-WAF, resource protection only Primarily protects resources; no inherent user-side RBI-WAF capabilities. Limited protection against sophisticated web-based threats targeting users.
🔐 Endpoint Agents	✅ Fully agentless, HTML5 browser only Completely agentless — no endpoint agents required. Access via standard HTML5 browser. Easy rollout and support with zero client installation.	⚠️ Requires plugins for advanced features Typically agentless for basic access but can require endpoint agents/plugins for certain advanced features. Higher deployment complexity and management overhead for full capability.
⚡ Complexity	✅ Low: Cloud-native, deploys in hours Kubernetes-based cloud-native deployment with secure tunnels — eliminates VPN complexity. Quick time-to-value with minimal operational burden.	⚠️ Medium: Appliance-based, longer deployment Appliance-based architecture requires more infrastructure planning and setup time. Less dynamic scaling compared to modern cloud-native approaches.
🏛️ NIS2 Readiness	✅ Full coverage out of the box, single platform Covers NIS2 requirements for access control, MFA, session monitoring, and incident response — in a single platform. Compliance is the reason organisations buy — we make it simple to achieve.	⚠️ Good coverage but requires add-ons Covers core PAM requirements but may need additional modules for complete NIS2 compliance. No built-in passwordless MFA — requires external integration.
🏛️ Data Sovereignty	✅ 100% EU owned & operated, zero US footprint Fully European company with zero US presence — not subject to the US CLOUD Act in any way. No foreign government can compel access to your data or demand secret backdoors.	⚠️ French HQ but international presence raises questions Headquartered in France (EU), but international operations and partnerships may create jurisdictional exposure. Companies with any US employees, offices, or subsidiaries can be subject to US CLOUD Act.
💰 Total Cost (TCO)	✅ Lower, streamlined licensing Cost-efficient licensing structure with everything included — no hidden fees for MFA, RBI, or session recording. Cloud-native architecture reduces infrastructure and operational costs.	⚠️ Moderate, add-ons increase cost Competitive base pricing but additional modules and external MFA solutions add to total cost. Appliance-based model requires more infrastructure investment.

Why Excalibur SAM Wins

True air-gap isolation vs proxy-based gateway (True zero trust)

Passwordless MFA built-in vs external providers (Seamless security)

RBI-WAF bi-directional protection vs none (Full protection)

Fully agentless — no plugins needed (Simpler deployment)

Cloud-native K8s architecture vs appliance-based (Better scaling)

Cryptographic audits with non-repudiation (Stronger compliance)

100% EU sovereignty — zero US footprint (EU sovereignty)

NIS2-ready compliance out of the box (Regulation-ready)

Lower TCO with all-inclusive licensing (Better value)

Excalibur SAM

🇪🇺 100% EU Company — Zero US Footprint

Headquartered in the EU. All development, data processing, and operations within EU jurisdiction. No foreign parent company, no US subsidiary, no US employees.

Complete digital sovereignty — no foreign government can access your data

Zero US presence means zero legal obligation to comply with US CLOUD Act demands. No forced data disclosure, no secret backdoors, no gag orders.

Your data stays under EU law — period

Single platform covers access control, MFA, privileged session management, monitoring, and incident response requirements mandated by NIS2 Article 21.

One vendor, one platform, one contract — compliance achieved

Cloud-native architecture with secure tunnels eliminates VPN complexity. Agentless design means no endpoint software to install or maintain.

Compliance deadlines are fixed — speed of deployment matters

When all vendors cover the same requirements, price becomes the differentiator. Excalibur delivers full NIS2 compliance at a fraction of the cost.

Same regulatory coverage — significantly lower total cost of ownership

WALLIX

🇫🇷 French HQ — But International Presence

WALLIX is headquartered in France, but as companies expand internationally with offices, employees, or subsidiaries in the US, they can become subject to US CLOUD Act jurisdiction.

International presence may create jurisdictional vulnerabilities — verify their exact US footprint

Covers core PAM capabilities but lacks built-in passwordless MFA — requiring external integrations that add complexity and cost.

Multiple vendors and contracts to achieve full compliance

Relies on external MFA providers for multi-factor authentication. No native passwordless capability means additional vendor dependencies.

Additional cost, complexity, and points of failure

Traditional appliance-based deployment model requires more infrastructure planning, longer timelines, and higher operational overhead.

Slower time-to-compliance when regulatory deadlines are approaching

Proxy-based approach does not provide true air-gap isolation. No bi-directional RBI-WAF means limited protection against sophisticated web threats.

Weaker security posture for zero-trust compliance requirements

Sovereignty Dimension	Excalibur SAM	WALLIX	Impact
Company Ownership	✅ 100% EU owned, zero US footprint	⚠️ French HQ, but international operations	Purer sovereignty
US CLOUD Act	✅ Not subject — zero US presence	⚠️ Verify US footprint — potential exposure	Data protection
Built-in MFA	✅ Passwordless, integrated	❌ External MFA required	Simplicity
Zero-Trust Isolation	✅ True air-gap via DOM streaming	❌ Proxy-based, no RBI	Security posture
Deployment Speed	✅ Hours — cloud-native, agentless	⚠️ Days/weeks — appliance-based	Time to comply
Architecture	✅ Cloud-native Kubernetes	⚠️ Appliance-based	Future-proof

The Compliance Buying Logic

Regulation creates the need — NIS2, DORA, CRA force organisations to act

We cover all requirements — MFA, PAM, session control, monitoring in one platform

We make it easy — cloud-native tunnels, agentless, deploys in hours

Then it's about price — same coverage, significantly lower cost

Pure EU sovereignty wins — zero US footprint eliminates all doubt

WALLIX lacks key capabilities — no passwordless MFA, no RBI-WAF, no true isolation

Not All "EU" Vendors Are Equal — A company headquartered in the EU but with US offices, employees, or subsidiaries can still be subject to US CLOUD Act jurisdiction. The test is whether there is any US "presence" that creates legal nexus.

WALLIX's International Footprint — WALLIX has international operations beyond France. Customers should verify the exact US footprint to assess CLOUD Act exposure.

Excalibur's Position — Zero US presence of any kind — no US employees, no US offices, no US subsidiary. This makes Excalibur categorically immune to US CLOUD Act demands.

The Decisive Question — Ask any vendor: "Do you have any employees, offices, subsidiaries, or legal entities in the United States?" If the answer is anything other than "No", they may be subject to forced data disclosure.

Handling Objections

"WALLIX is established; Excalibur is newer"

• Next-gen streaming tech verified by independent tests
• EU-backed innovation with proven deployments
• Protection WALLIX's proxy architecture cannot match
• Modern cloud-native vs legacy appliance approach

"WALLIX is also European"

• Being "European" and having zero US footprint are different things
• Any US presence (employees, offices, subsidiaries) creates CLOUD Act exposure
• Ask: "Do you have ANY US-based employees or entities?"
• Excalibur has categorically zero US presence

"Users prefer native RDP/SSH clients"

• Browser streaming eliminates native client vulnerabilities
• Zero endpoint footprint, reduced attack surface
• Consistent experience across all platforms
• VITRO provides visually lossless, lag-free experience

"Streaming might be slow/degrade quality"

• VITRO & Guacamole optimization = lag-free experience
• Visually lossless proven in enterprise deployments
• Pilot demonstrations available
• DOM streaming is fundamentally lighter than pixel streaming

"WALLIX has more granular PAM features"

• Excalibur prioritizes fundamental isolation & passwordless security
• RBI-WAF protection WALLIX simply cannot match
• Unified solution vs. separate product modules
• When feature parity exists, price and sovereignty decide

"We're buying for NIS2 compliance"

• Perfect — that's exactly what Excalibur was built for
• Single platform covers MFA, PAM, session monitoring, and access control
• WALLIX requires external MFA — we include passwordless built-in
• When coverage is equal, it comes down to price, speed, and sovereignty — we win all three

Key Discovery Questions

How critical is true endpoint isolation vs proxy-based access?

Are you exploring passwordless authentication for privileged users?

Do users need simplified access from multiple devices without installing software?

Are you concerned about ransomware or endpoint-based threats reaching critical systems?

Is your current PAM solution complex to manage and deploy?

How effective is your existing protection against web-based zero-day threats?

What regulation is driving this purchase — NIS2, DORA, or internal policy?

Does your organisation have requirements around EU data sovereignty or vendor nationality?

Do you know if your current vendor has any US-based employees, offices, or subsidiaries?

How quickly do you need to be compliant? What's your deployment timeline?

Key Competitive Advantages

TRUE ZERO-TRUST ISOLATION

Excalibur's air gap architecture creates complete isolation between endpoints and resources — eliminating the attack path that WALLIX's proxy-based approach cannot close.

COMPREHENSIVE WEB PROTECTION

Excalibur's bi-directional RBI-WAF protects both users and web applications, addressing a critical gap in WALLIX's security model.

PASSWORDLESS AUTHENTICATION

Excalibur's built-in passwordless MFA eliminates credential vulnerabilities and simplifies deployment compared to WALLIX's external MFA dependencies.

MODERN CLOUD ARCHITECTURE

Kubernetes-based deployment provides superior scalability and reduced operational overhead compared to WALLIX's appliance-based approach.

PURE EU DIGITAL SOVEREIGNTY

While WALLIX is French-headquartered, Excalibur's zero US footprint provides categorically stronger sovereignty guarantees. As EU regulations tighten, having zero foreign jurisdictional exposure is a decisive advantage.

REGULATION-READY SIMPLICITY

Compliance drives purchasing — NIS2, DORA, and CRA create the mandate. Excalibur covers all requirements in one platform that deploys via cloud tunnels in hours. When coverage is comparable, price, speed, and sovereignty decide — and we win all three.