08-25-2022, 04:18 PM
Cisco Secure Client (including AnyConnect) 5.0.00529
AnyConnect is now known as Cisco Secure Client. Additionally, Secure Endpoint is a new optional module of Secure Client that provides customers with integrated advanced Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR) capabilities.
Cloud Management via SecureX with Device Insights is a new optional capability for Secure Client. This new feature makes deploying, configuring, and monitoring Secure Client simple. Customers are not required to adopt cloud management and can continue to deploy using the current mechanisms; Cisco Secure Firewall, ISE, Software Management tools, i.e., SCCM as an example, or directly using the MSI.
New SecureX screens and tools for Cloud Management include
● Customizing and generating a network installer for Secure Client
● Creating and downloading custom VPN profiles for Secure Client
● Integrating with Device Insights to monitor and manage an inventory of endpoints with Secure Client installed.
Modules and Features
- AnyConnect VPN/ZTNA User and Management Tunnels. Cisco Secure Client provides many options for automatically connecting, reconnecting, or disconnecting VPN sessions. These options offer a convenient way for your users to connect to your VPN and support your network security requirements. An always-on intelligent VPN helps AnyConnect client devices automatically select the optimal network access point and adapt its tunneling protocol to the most efficient method, including Datagram Transport Layer Security (DTLS) protocol for latency-sensitive traffic, and a path for entering Zero Trust Network Access. Tunneling support is also available for IP Security Internet Key Exchange version 2 (IPsec IKEv2). Select application VPN access may be enforced on Apple iOS and Google Android. Management VPN tunnel provides connectivity to the corporate network whenever the client system is powered up, not just when the end-user establishes a VPN connection. As a result, you can perform patch management on out-of-the-office endpoints, especially devices that are infrequently connected by the user, via VPN, to the office network. This feature will also benefit endpoint OS login scripts that require corporate network connectivity. This capability does not have an end-user interface.
- Cisco Secure Endpoint. Available with Cisco Secure Client for Windows, Secure Endpoint functions as a module within Cisco Secure Client and is accessible via the Cisco Secure Client user interface. The Cisco Secure Endpoint Cloud can also deploy Cisco Secure Client with Cisco Secure Endpoint, as can SecureX Cloud Management. by taking advantage of this integration, customers can reduce the number of clients under their management.
- Cloud Management Module. SecureX Cloud Management Deployment for Cisco Secure Client enables administrators to create cloud-managed deployments of Cisco Secure Client. The deployment configuration generates the option to download a lightweight bootstrapper that contains the information needed by the endpoint to contact the cloud for the specified Cisco Secure Client modules by the deployment with their associated profiles. A full installer is also available. In either case, the installers can be distributed to the endpoints by the administrator using their preferred software method.
- Network Visibility Module. The Network Visibility Module delivers a continuous feed of high-value endpoint telemetry, which allows organizations to see endpoint and user behaviors on their networks. It collects flow from endpoints on and off-premises and valuable contexts like users, applications, devices, locations, and destinations. It caches this data and sends it to the Network Visibility Module Collector when it is on a trusted network (the corporate network on-prem or through VPN). Network Visibility Module Collector is a server that receives Internet Protocol Flow Information Export (IPFIX) data and optional filters that are exported to Cisco Secure Network Analytics Endpoint License, Syslog, or a third-party collector. Network Visibility Module Collector processes received messages that adhere to the nvzFlow protocol specification. NVM sends flow information only when it is on the trusted network. By default, no data is collected. Data is collected only when configured as such in the profile, and the data continues to be collected when the endpoint is connected. If collection is done on an untrusted network, it is cached and sent when the endpoint is on a trusted network. No UI
- Umbrella Roaming Security module. To take advantage of Umbrella Roaming Security service, you need the Professional, Insights, Platform, or MSP package subscriptions. Umbrella Roaming Security provides DNS-layer security when no VPN is active and adds an Intelligent Proxy. Additionally, Cisco Umbrella subscriptions provide content filtering, multiple policies, robust reporting, functional directory integration, and more. Use the same Umbrella Roaming Security module regardless of the subscription.
- ISE Posture module. ISE Posture is a module you can choose to install as an additional security component of the Cisco Secure Client product. Perform an endpoint posture assessment on any endpoint that fails to satisfy all mandatory requirements and is deemed non-compliant. The other endpoint authorization states are posture unknown or compliant by meeting mandatory requirements. The client receives the posture requirement policy from the headend, collects the posture data, compares the results against the policy, and sends the assessment results back to the headend. Even though ISE determines whether the endpoint is compliant, it relies on Secure Endpoint's policy evaluation.
- Network Access Manager. Network Access Manager manages user and device identity and the network access protocols required for secure access. It works intelligently to prevent end-users from making connections that violate administrator-defined policies. It detects and selects the optimal Layer 2 access network by its policies and performs device authentication for access to both wired and wireless networks.
- Posture (for Secure Firewall). Secure Firewall Posture performs server-side evaluation where the Secure Firewall asks only for a list of endpoint attributes such as operating system, IP address, registry entries, local certificates, and filenames, and they are returned by Secure Firewall Posture. Based on the policy’s evaluation result, you can control which hosts are allowed to create a remote access connection to the security appliance.
AnyConnect is now known as Cisco Secure Client. Additionally, Secure Endpoint is a new optional module of Secure Client that provides customers with integrated advanced Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR) capabilities.
Cloud Management via SecureX with Device Insights is a new optional capability for Secure Client. This new feature makes deploying, configuring, and monitoring Secure Client simple. Customers are not required to adopt cloud management and can continue to deploy using the current mechanisms; Cisco Secure Firewall, ISE, Software Management tools, i.e., SCCM as an example, or directly using the MSI.
New SecureX screens and tools for Cloud Management include
● Customizing and generating a network installer for Secure Client
● Creating and downloading custom VPN profiles for Secure Client
● Integrating with Device Insights to monitor and manage an inventory of endpoints with Secure Client installed.
Modules and Features
- AnyConnect VPN/ZTNA User and Management Tunnels. Cisco Secure Client provides many options for automatically connecting, reconnecting, or disconnecting VPN sessions. These options offer a convenient way for your users to connect to your VPN and support your network security requirements. An always-on intelligent VPN helps AnyConnect client devices automatically select the optimal network access point and adapt its tunneling protocol to the most efficient method, including Datagram Transport Layer Security (DTLS) protocol for latency-sensitive traffic, and a path for entering Zero Trust Network Access. Tunneling support is also available for IP Security Internet Key Exchange version 2 (IPsec IKEv2). Select application VPN access may be enforced on Apple iOS and Google Android. Management VPN tunnel provides connectivity to the corporate network whenever the client system is powered up, not just when the end-user establishes a VPN connection. As a result, you can perform patch management on out-of-the-office endpoints, especially devices that are infrequently connected by the user, via VPN, to the office network. This feature will also benefit endpoint OS login scripts that require corporate network connectivity. This capability does not have an end-user interface.
- Cisco Secure Endpoint. Available with Cisco Secure Client for Windows, Secure Endpoint functions as a module within Cisco Secure Client and is accessible via the Cisco Secure Client user interface. The Cisco Secure Endpoint Cloud can also deploy Cisco Secure Client with Cisco Secure Endpoint, as can SecureX Cloud Management. by taking advantage of this integration, customers can reduce the number of clients under their management.
- Cloud Management Module. SecureX Cloud Management Deployment for Cisco Secure Client enables administrators to create cloud-managed deployments of Cisco Secure Client. The deployment configuration generates the option to download a lightweight bootstrapper that contains the information needed by the endpoint to contact the cloud for the specified Cisco Secure Client modules by the deployment with their associated profiles. A full installer is also available. In either case, the installers can be distributed to the endpoints by the administrator using their preferred software method.
- Network Visibility Module. The Network Visibility Module delivers a continuous feed of high-value endpoint telemetry, which allows organizations to see endpoint and user behaviors on their networks. It collects flow from endpoints on and off-premises and valuable contexts like users, applications, devices, locations, and destinations. It caches this data and sends it to the Network Visibility Module Collector when it is on a trusted network (the corporate network on-prem or through VPN). Network Visibility Module Collector is a server that receives Internet Protocol Flow Information Export (IPFIX) data and optional filters that are exported to Cisco Secure Network Analytics Endpoint License, Syslog, or a third-party collector. Network Visibility Module Collector processes received messages that adhere to the nvzFlow protocol specification. NVM sends flow information only when it is on the trusted network. By default, no data is collected. Data is collected only when configured as such in the profile, and the data continues to be collected when the endpoint is connected. If collection is done on an untrusted network, it is cached and sent when the endpoint is on a trusted network. No UI
- Umbrella Roaming Security module. To take advantage of Umbrella Roaming Security service, you need the Professional, Insights, Platform, or MSP package subscriptions. Umbrella Roaming Security provides DNS-layer security when no VPN is active and adds an Intelligent Proxy. Additionally, Cisco Umbrella subscriptions provide content filtering, multiple policies, robust reporting, functional directory integration, and more. Use the same Umbrella Roaming Security module regardless of the subscription.
- ISE Posture module. ISE Posture is a module you can choose to install as an additional security component of the Cisco Secure Client product. Perform an endpoint posture assessment on any endpoint that fails to satisfy all mandatory requirements and is deemed non-compliant. The other endpoint authorization states are posture unknown or compliant by meeting mandatory requirements. The client receives the posture requirement policy from the headend, collects the posture data, compares the results against the policy, and sends the assessment results back to the headend. Even though ISE determines whether the endpoint is compliant, it relies on Secure Endpoint's policy evaluation.
- Network Access Manager. Network Access Manager manages user and device identity and the network access protocols required for secure access. It works intelligently to prevent end-users from making connections that violate administrator-defined policies. It detects and selects the optimal Layer 2 access network by its policies and performs device authentication for access to both wired and wireless networks.
- Posture (for Secure Firewall). Secure Firewall Posture performs server-side evaluation where the Secure Firewall asks only for a list of endpoint attributes such as operating system, IP address, registry entries, local certificates, and filenames, and they are returned by Secure Firewall Posture. Based on the policy’s evaluation result, you can control which hosts are allowed to create a remote access connection to the security appliance.