Cisco Anyconnect Device Security Check

Check Your Cisco Software Use the Cisco Software Checker to search for Cisco Security Advisories that apply to specific Cisco IOS, IOS XE, NX-OS and NX-OS in ACI Mode software releases.
Cisco AnyConnect empowers you to work from anywhere, on university owned laptops and personal mobile devices, regardless of physical location. The Cisco AnyConnect Secure Mobility Client provides the security necessary to help keep the organization’s data safe and protected.

The guarantee of Cisco Security

For laptop and desktop computers, a different approach is used that utilizes a unique device identifier from the Cisco AnyConnect Client. This allows us to know uniquely what device is connecting. Using this ID, we can verify that a specific device is trusted by our management systems. There is no ambiguity any more.

Imagine taking your corporate laptop and smartphone to wherever you feel most comfortable: public transport, a coffee shop, or a swanky hotel conference room. These are all public spaces where your personal information is at risk. When you jump unto an open WiFi connection, your device is exposed to possible phishing scams and data breaches. Instead of being confined to your desk, check out Cisco AnyConnect and experience freedom in working here and there, and everywhere. The infinite protection was created to ensure your organization is safe and protected no matter where you are. As a unified security endpoint agent, it delivers multiple security services for all. It has a wide range of security services like remote access, posture enforcement, web security features, and roaming protection. Overall, it has all the features necessary to provide a heavily-armed and highly secure experience for any user.

Gold-standard in cyber security

Protect yourself from hacking and data breaches with the best cyber security program available today

The Cisco AnyConnect Secure Mobility Client has raised the bar for end users who are looking for a secure network. No matter what operating system you or your workplace uses, Cisco enables highly secure connectivity for every device. As a mobile worker roaming to different locations, the always-on intelligent VPN efficiently adapts to a tunneling protocol. For example, AnyConnect’s Datagram Transport Layer Security (DTLS) thrives in offices that are constantly on VoIP applications. The impenetrable security keeps all your calls, messages, and files safe from outsiders. In AnyConnect version 4.4, you’ll experience a wide range of endpoint security services and streamlined IT operations from a single unified agent. Achieve tighter security controls and enable direct, highly secure, per-application access to corporate resources in Cisco’s mobile per-application VPN services. Trust AnyConnect’s strong compliance capabilities to block an endpoint’s compromised state and isolating the integrity of your company’s network. This is possible because of the software’s endpoint posture assessment and remediation capabilities of wired, wireless and VPN environments that are in conjunction with Cisco Identity Services Engine 1.3. Any out-of-compliance endpoints get automated remediation actions or commands based on policy requirements.

Work anywhere

Monitor endpoint application usage both on an off-premises with AnyConnect’s Network Visibility Module. Whether you use Windows or Mac OS X platforms, you can uncover potential behavior anomalies. It will assist you to make more informed network and service design decisions, which is always of big help. You can also share rich contextual data from the AnyConnect Network Visibility Module to the growing number of Internet Protocol Flow Export (IPFIX)-capable network-analysis tools. Of course, the AnyConnect client offers basic web security and malware threat defense. Choose from any of the built-in features like the premise-based Cisco Web Security Appliance, cloud-based Cisco Web Security, or Cisco Umbrella Roaming. Along with remote access, the comprehensive and highly secure enterprise mobility solution automatically blocks phishing and command-and-control attacks. Work in a protected and productive work environment by operating with consistent, context-aware security policies.

Connect with Ease

AnyConnect 4.4 offers simplified licensing to meet your company’s needs. The AnyConnect Plus includes basic VPN services such as device and per-application VPN, trusted network detection, basic device context collection, and Federal Information Processing Standards (FIPS) compliance. This plan also offers non-VPN related services like AnyConnect Network Access Manager, Cloud Web Security module, and the Cisco Umbrella Roaming module. The second and more advanced offer is AnyConnect Apex. This plan includes more advanced cybersecurity measures like endpoint posture checks, network visibility, next-generation VPN encryption, and clientless remote access VPN.

Whether you choose the Plus or Apex plan, Cisco guarantees that both licenses eliminate the need to purchase per headend connections and dedicated license servers. You must also think that Apex offers all Plus license functionality. In this case, only one type of license is required for each user. This model lets you design and combine license tiers in one network, shifting licensing from simultaneous connections to total unique users.

Where can you run this program?

AnyConnect version 4.4 is compatible with these operating systems and requirements: Windows, Mac, Android and iPhone

Cisco Anyconnect Device Security Check Online

Is there a better alternative?

Cisco AnyConnect is an unbeatable provider of cybersecurity. But, creating your best work often needs strong, reliable and fast WiFI. With IPVanish, you can get the best of both worlds. Enjoy high-speed internet in a secure and private connection with this virtual private network app. The VPN service assures you that all your devices are protected from outside computers, smartphones, and routers. Their 360-degree approach to protection keeps you safe from hackers and snoopers, and at the same time, offers unlimited bandwidth on all platforms. This is a perfect match for you if you need supreme internet connectivity and cyber security.

Our take

Cisco AnyConnect Secure Mobility is a great solution for creating a flexible working environment. Work anywhere on any device while always protecting your interests and assets from Internet-based threats. Its availability does depend on Cisco hardware, but it is a minor-added expense to the safest cyber security network available today.

Should you download it?

Yes. It is an excellent investment, and definitely worth downloading to your smartphone and PC.

Highs

Cisco Anyconnect App Download

Complete user access
Insightful user and endpoint behavior
Single agent management
Multiple Integrations

Cisco AnyConnect Secure Mobility Clientfor Windows

4.9.06037

Published: September 2019

You may be able to bring any device through Cisco's doors. But when it comes to connecting to the corporate network, we are working on a solution that provides “full access” to applications and services for devices that we have confirmed meet our Trusted Device standard.

A laptop might have picked up malware from a home network the night before. A mobile device might not have installed a critical security fix or your device may not even be encrypted. 'Our goal is to allow trusted devices full access on the network--and to restrict the access of non-trusted devices' says Adam Cobbsky, senior IT engineer.

What's a trusted device?

Trusted devices need to meet a specific set of security standards prior to accessing corporate applications and data, on or off the production network. For example, a device must not be jailbroken or rooted, it should be running a minimum OS version, and have a screen-saver password or PIN lock enabled.

For Cisco IT and many customers, these requirements and others are enforced by device management systems. In addition to ensuring that services such as disk encryption and antivirus/antimalware are installed and enabled, device management gives Cisco IT the ability to remotely lock or wipe compromised devices. For Cisco IT, a managed device is the foundation of a trusted device.

Cisco uses several management systems: Microsoft System Center Configuration Manager (SCCM) for Windows, JAMF Pro for Mac, and soon it will use Cisco Meraki for mobiles devices running iOS and Android.

Laptops, mobiles, and tablets that are registered with the respective device management platforms and are regularly checking in to that management system are considered compliant with the required Trusted Device security standard. Compliance means the device has an acceptable security posture.

Our first approach: integrating ISE and device managers

Since 2014, we've used Cisco Identity Services Engine (ISE) with device management integration. In its simplest form, ISE receives the MAC address of a device connecting to the network from the ISE-enabled switch or wireless access point.

Through ISE and device management integration, ISE can query the relevant management platform to verify the connecting device is registered and active and can confirm it meets our definition of trusted.

Cisco Anyconnect Device Security Check Free

'Integrating ISE with our device management systems looked like a simple solution on the surface, but we discovered a lot of practical issues,' says Donald Gunn, IT program manager.

One problem is knowing exactly what device is connecting to our networks. The ability to uniquely identify a device is an industry challenge, and the increase in privacy protection within devices and operating systems to obscure unique identifiers is not making this any easier.

Further, MAC addresses may be shared across different devices and even OS types. This can occur due to plug-in network adapter dongles that get used by more than one device, or the use of virtual machines (VMs) that can share the same MAC address as the host. These types of scenarios can make it a challenge to uniquely identify a machine on the network and correlate it to a device in management.

Over 1.5 million endpoints connect to our ISE-enabled network. Not being sure whether the connecting device is a Windows laptop, MacBook, or mobile device, ISE potentially could query all device management platforms looking for a matching device. This isn't an intelligent use of resources, and some device management platforms couldn't handle the burden of that number of queries. We needed a more scalable and dynamic solution for device posture checking.

Cisco Anyconnect Device Security Check Code

The two core issues come down to wanting a unique and reliable device identity and the need to focus device queries to device management systems down to sustainable levels.

Our solution: a compliance database that maps the device ID to device type

To address these issues, Cisco IT has worked closely with the ISE development team. For mobile devices, the main challenge was to identify devices that are mobile and ensure ISE looks these up in our Mobile Device Management (MDM) system. When a mobile device enrolls in a management system, our automation tools pass the device details to ISE and a flag is set in ISE to identify the management system this device is enrolled in. When this device tries to connect to the network, ISE knows where to look it up, avoiding unnecessary queries.

Cisco Anyconnect Free Download

To further buffer the management systems from device posture queries, we decided to create a central database of devices that meet our posture requirements. Not only does this give us better scalability, it also provides resiliency and availability in our solution without passing this burden directly on to the management systems.

Cisco Anyconnect Secure Mobility Client Free

This compliance database is synchronized with the device management systems through custom software and acts as the central database that ISE queries, instead of each individual device management system. We chose Active Directory as the foundation because it scales, has low latency everywhere in our network, replicates quickly, is highly available, and is stable.

Cisco IT has now completed a successful proof of concept using this solution (Figure 1).

A custom script extracts the unique device ID (UDID) from the AnyConnect client on the laptop and compares it against the database. ISE needs to know the device ID to check its compliance status. We use the same posture database to check device status before allowing a connection to cloud services such as Office 365 as well.

Cisco Anyconnect Device Security Check 2020

Figure 1 We check device posture with ISE, a compliance database, and device management platforms