Cisco Cisco AnyConnect Secure Mobility Client v4.x Data Sheet

Page 4 of 14

AnyConnect can also assist with the deployment of Cisco Advanced Malware Protection (AMP) for Endpoints with

its AMP Enabler. The AMP Enabler significantly expands endpoint threat protection to VPN-enabled endpoints or

wherever AnyConnect services (802.1X network access, posture, etc.) are in use. This capability further reduces

the potential of an attack from enterprise-connected hosts. Cisco AMP for Endpoints is licensed separately from

Cisco AnyConnect.

The AnyConnect client has built-in web security and malware threat defense. You can use the premises-based

Cisco Web Security Appliance, cloud-based Cisco Cloud Web Security, or Cisco Umbrella Roaming offers. Along

with remote access, the comprehensive and highly secure enterprise mobility solution supports web security and

malware threat defense. It automatically blocks phishing and command-and-control attacks. Consistent, context-

aware security policies help ensure a protected and productive work environment.

In addition to industry-leading VPN capabilities, the AnyConnect client supports advanced IEEE 802.1X

capabilities. A single authentication framework manages user and device identity along with the network access

protocols required to move smoothly from wired to wireless networks. Consistent with its VPN functionality, the

client supports IEEE 802.1AE Media Access Control security (MACsec) for data confidentiality, data integrity, and

data origin authentication on wired networks. Communication between trusted components of the network is

protected.

2.1 Servers and Platforms

AnyConnect services are used in conjunction with numerous Cisco head server platforms, including but not limited

to the Cisco Adaptive Security Appliance (physical and virtual), Cisco Firepower

™

Next-Generation Firewalls,

Identity Services Engine, Aggregation Services Routers, Cloud Web Security, and Cisco IOS

Software on

Cisco Integrated Services Routers. Headend termination devices and cloud services, along with the associated

service costs and support contracts, are purchased separately.

3. Licenses

AnyConnect 4.x offers simplified licensing to meet the needs of the broad enterprise IT community as it adapts to

growing end-user mobility demands. AnyConnect 4.x collapses the formerly complex AnyConnect licensing model

into two simple tiers. The first is AnyConnect Plus, which includes basic VPN services such as device and

per-application VPN (including third-party IKEv2 remote access VPN headend support), trusted network detection,

basic device context collection, and Federal Information Processing Standards (FIPS) compliance. AnyConnect

Plus also includes other non-VPN services such as the AnyConnect Network Access Manager 802.1X supplicant,

the Cloud Web Security module, and the Cisco Umbrella Roaming module. Existing AnyConnect customers should

think of AnyConnect Plus as similar to the previous AnyConnect Essentials.

The second offer is AnyConnect Apex, which includes more advanced services such as endpoint posture checks

(Hostscan through ASA VPN, or ISE Posture through the Cisco Identity Services Engine), network visibility, next-

generation VPN encryption (including Suite B), and clientless remote access VPN as well as all the capabilities of

AnyConnect Plus. Existing AnyConnect customers should think of AnyConnect Apex as similar to previous

AnyConnect Premium and Premium Shared Licenses. AnyConnect Plus and Apex licenses offer a set of features

and deployment

flexibility to meet a wide range of your enterprise’s requirements. See Table 1 for details. For

enterprises that want only AnyConnect for remote access use cases, there is also the AnyConnect VPN Only

license. Please refer to section 4.3 for additional details on VPN Only licenses.