PDF version of this report
You must have Adobe Acrobat reader to view, save, or print PDF files. The reader
is available for free
download.
Cisco AnyConnect
Copyright 2019, Faulkner Information Services. All Rights Reserved.
Docid: 00017927
Publication Date: 1906
Report Type: PRODUCT
Preview
Cisco Systems’ AnyConnect is designed to deliver
a secure network backbone for multi-site and off-site transmission of large
amounts of data – from employee emails and video to classified files and health
records. It supports unified, endpoint compliance and protects corporate
networks by restricting VPN (virtual private network) access. AnyConnect has been designed with smartphones, tablets, and laptops in mind from the
start, making the product accessible on nearly any type of device. This report
profiles Cisco AnyConnect and its key features.
Report Contents:
- Description
- Related Faulkner Reports
- Vendor
- Applications
- Environment
- Support
- Pricing
- Competitors
- Web Links
Description
[return to top of this report]
Cisco Systems’ AnyConnect line includes hardware and
software built to allow organizations to securely transmit internal data across
the public Web. Cisco says an "always-on intelligent VPN (virtual private
network)" enables AnyConnect to secure network access points while ensuring
the most effective tunneling protocol is used.
| Related Faulkner Reports |
| Cisco Systems Company Profile |
| Switches Market Trends |
|
Network Security Best Practices |
The AnyConnect Secure Mobility Client is a multi-faceted endpoint software
product that provides VPN access through Secure Sockets Layer (SSL) and IPsec
IKEv2 along with security through built-in modules. These modules provide
services through the VPN and Cisco Identity Services Engine (ISE) architecture
as well as Web security, network visibility, off-network protection, and the
Network Access Manager. AnyConnect consists of built-in Web security, malware
threat detection, phishing protection, and command and control callback
blocking.
AnyConnect supports IEEE 802.1AE for data confidentiality, data integrity,
and data-origin authentication on wired networks. It offers IEEE 802.1X
capability for a single authentication framework to manage identities of both
users and devices.
For end users, AnyConnect Secure Mobility Client offers the benefit of
security protection for various mobile device platforms and always-on
connectivity. Administrators benefit from simple secure-access policy
enforcement and tailored policy access to corporate resources and applications
for each user group and device.
Vendor |
|
Cisco Systems Headquarters 170 W Tasman Dr San Jose CA 95134-1706 (408) 526-4000 Toll Free: (800) 553-6387 Fax: (408) 526-4100 Web: http://www.cisco.com/ Type: Data Networking Vendor Service Areas: International Founded: 1984 Stock Symbol: CSCO Number of Employees: 71,833 |
The AnyConnect Secure Mobility Client is compatible with Cisco ASA 5500-X
Series Next-Generation Firewalls.
Table 1 outlines AnyConnect Secure Mobility Client’s key features.
| Feature | Description |
|---|---|
| Unified Endpoint Compliance |
The AnyConnect ISE Agent provides endpoint posture assessment and remediation for Cisco ISE across wired and wireless environments. |
| Encryption |
Supports strong encryption (AES-256 and 3DES-168) and next-generation encryption including NSA Suite B algorithms, ESPv3 with IKEv2, 4096-bit RSA keys, and more. |
| Authentication |
Offers a range of authentication options including RADIUS, RADIUS with password expiry, RADIUS one-time password, RSA SecurID, and more. |
| Policy Control and Management |
Policies can either be preconfigured or configured locally. AnyConnect checks for untrusted certificates and if it finds one, the system sends out user warnings. |
| Client Policy Firewall | Includes protection for split-tunneling configurations. |
| Compliance | Supports Federal Information Processing Standard (FIPS) 140-2 level 2. |
| Web Security Integration |
Utilizes Cloud Web Security to prevent malware attacks and other threats. A security license is required. |
| Support for Mobile Devices |
Allows mobile devices to have remote access to the company network. |
| Localization | Support multiple languages in addition to English. |
| Diagnostics |
On-device statistics and logging data are available for viewing on device or can be emailed to an administrator or Cisco for evaluation. |
Cisco AnyConnect Secure Mobility Client for Mobile Platforms
Available for iOS, Android, Windows Phone, BlackBerry, select Amazon Kindle
and Fire Phone devices, and Chrome OS. AnyConnect Secure Mobility Client for
Mobile Platforms offers a simple user interface along with DTLS, IPsec IKEv2,
and TLS for encrypted access to corporate resources.
Table 2 describes the main features for AnyConnect Secure Mobility Client for
Mobile Platforms.
| Feature | Description |
|---|---|
| Software Access and Compatibility | Available from the Apple App Store; Google Play, Windows Store; BlackBerry App World; Google Chrome OS; and the Amazon AppStore. |
| Optimized Network Access | Automatically adapts to tunneling to the most efficient method based on network constraints. |
| Mobile Transparency | Resumes transparently after IP address change, loss of connectivity, or device stand-by. |
| Battery Transparency | Compatible with device sleep mode. |
| Encryption | Supports strong encryption and next-generation encryption. |
| Authentication | Provides various authentication including RADIUS, RSA SecurID, Active Directory or Kerberos, and digital certificate. |
| Consistent User Experience | Full-tunnel client mode supports remote access users who require a consistent LAN-like user experience. |
| Policy Control and Management | Policies can be pre-configured or configured locally and be automatically updated. |
| IP Network Connectivity | Supports administrator-controlled split- or all-tunneling network access policy. |
| Localization | Supports various languages, including English, Japanese, and Canadian French. |
| Diagnostics | On-device statistics and logging data are available for viewing on device or can be emailed to an administrator or Cisco for evaluation. |
Cisco ASA 5500-X Series Next-Generation Firewalls with AnyConnect Secure
Mobility Client
Cisco’s Adaptive Security Appliance (ASA) 5500-X Series can be scaled to
10,000 concurrent users per device and supports secure connections across public
networks. This series of firewalls provides customized network access as
required by the deployment environment and protects endpoints and networks.
Full-tunnel network access is conducted through:
- SSL
- IPsec VPN client technologies
- AnyConnect Secure Mobility Client
- Advanced clientless SSL VPN capabilities
- Network-aware site-to-site VPN connectivity
Applications
[return to top of this report]
Multi-site Corporations. Cisco’s AnyConnect offerings are primarily designed for
multi-site enterprise environments, including those intended to service the remote
and mobile worker.
High-Security Industries. Products managed services are targeted at
high-security industries such as banking, healthcare, government contractors.
Mobile Devices in the Workplace. Cisco has integrated mobile devices
into AnyConnect from the ground up, including smartphones, Apple iPads, and
tablets, and laptops.
Environment
[return to top of this report]
The AnyConnect Secure Mobility Client supports Windows 10, 8.1, 8, and 7; Mac
OS X 10.8 and later; and Linux Intel (x64). AnyConnect supports SSL (TLS 1.2 and
DTLS) and next-generation IPsec IKEv2 so that administrators can select their
protocol of choice.
AnyConnect Secure Mobility Client is currently in version 4.7 as of June 2019.
Support
[return to top of this report]
Cisco offers online support including reference guides, configuration advice,
operational and maintenance information, documentation, and troubleshooting
tools.
Clients also can register and purchase
additional support.
Pricing
[return to top of this report]
AnyConnect is available through a licensing model that
comes in two tiers. AnyConnect Plus for basic VPN services (i.e. AnyConnect and
standards-based IPsec IKev2 software clients, tbasic device context collection,
and FIPS compliance). AnyConnect Apex is the second
licensing tier and involves more advanced services such as clientless VPN, VPN
posture agent, unified posture agent, and more.
Competitors
[return to top of this report]
Cisco’s VPN portfolio competes primarily with VPN hardware and client
software from various vendors. FortiClient from
Fortinet, Palo Alto Networks’ GlobalProtect, and Zscaler’s Private Access are
the main competition for AnyConnect.
Web Links
[return to top of this report]
Cisco Systems: https://www.cisco.com/
Fortinet: https://www.fortinet.com/
Palo Alto Networks: https://www.paloaltonetworks.com/
Zscaler: https://www.zscaler.com/
About the Author
[return to top of this report]
Karen M. Spring is a staff editor for Faulkner Information
Services, tracking several high-tech industries. She has research experience in
various topics including network security, data breaches, malware, public
safety, business continuity and resilience, and vulnerabilities. She has written
on high-tech topics for publications in the k-12 and higher education industry.
Ms. Spring started her career as a marketing specialist for two computer
distributors, working closely with such clients as 3Com, IBM, Okidata, Unisys,
and Acer.
[return to top of this report]