Cisco Secure Connect Data Sheet
Available Languages
Bias-Free Language
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
The new era of hybrid work requires a new approach, and SASE (Secure Access Service Edge) is a key enabler of any organization’s hybrid-work strategy. SASE combines networking and security functions in the cloud with campus, branch, remote worker, and contractor (B2B) connectivity to deliver a secure, seamless user experience, anywhere users work – office, home, or coffee shop. But deploying SASE can be complicated. Connecting existing branch SD-WAN appliances and the myriad of user endpoints to a cloud-based fabric requires planning, integration, and configuration.
Cisco Secure Connect is a turnkey, unified SASE offer that radically simplifies the way companies can securely access applications and resources hosted anywhere – across multiple public and private clouds – from any location at any time. Easy to deploy, use, and manage through a unified cloud dashboard, it significantly reduces organizations’ operational complexities to deliver greater agility, speed, and scalability.
Cisco Secure Connect use cases
Cisco Secure Connect securely connects users anywhere (in the branch or remote) to any application (in the private data center, public cloud, or SaaS) with a single subscription. The solution integrates
and clientless remote worker access, native Cisco Meraki™ SD-WAN connectivity, comprehensive cloud-based security capabilities with Zero-Trust Network Access (ZTNA), enhanced traffic acquisition, and Cisco Meraki SD-WAN policy import, with unified policy on the near horizon for enhanced posture.
Cisco Secure Connect is offered in two packages that make it easy for customers to choose the right level of protection and coverage for their organizational needs, so they can SASE their way.
Cisco Secure Connect Foundation
The Cisco Secure Foundation package includes Cisco Umbrella® SIG capabilities that provide secure internet access connectivity for branch and roaming users; Cisco Secure Connect fabric interconnect, providing private application access for branch users; a unified dashboard, offering streamlined operations management visibility and control for security and network policies; and unified, seamless support for your SASE needs. The Secure Connect Foundation package also includes 10 free-trial (non-production) licenses for hosted remote access as a service, which gives private application access for remote users.
Cisco Secure Connect Complete
The Cisco Secure Complete package includes production-level support client-based remote access as-a-service capabilities and clientless ZTNA capabilities that provide a zero-trust security model for users.
Table 1. Core offer packages
| Package |
Description |
Features |
| Cisco Secure Connect Foundation Essentials |
Secure internet-access connectivity for branch and roaming users |
Remote access: free trial of 10 users with client-based access Security: secure web gateway (proxy and inspection of web traffic URL filtering, secure malware analytics – up to 500 samples per day), cloud-access security broker (cloud application discovery, risk scoring, blocking, and cloud malware detection for two applications), Layer-3 and Layer-4 cloud firewall, and DNS-layer security Connectivity: private access, network access control, direct SaaS and IaaS peering, Cisco Meraki Secure SD-WAN integration, and interconnection of sites, users, and applications Management dashboard: simplified management and unified visibility of connectivity and security powered by Cisco Meraki Support: 24x7 unified SASE support access through email and phone and access to documentation portal for self-help Global data center availability: Foundation is now available globally in all SIG data centers. The enhanced headend capability is available in all of Europe, US, and part of Asia (Tokyo and Singapore). |
| Cisco Secure Connect Foundation Advantage |
Data protection, advanced policy |
All features included in Cisco Secure Connect Foundation Essentials, plus: Security: Layer-7 cloud-delivered firewall + IPS, inline data-loss prevention, cloud malware detection (for all supported applications), and secure malware analytics (unlimited sandbox submissions) Global data center availability: Foundation is now available globally in all SIG data centers. The enhanced headend capability is available in all of Europe, US, and part of Asia (Tokyo and Singapore). |
| Cisco Secure Connect Complete Essentials |
Secure internet, remote access as-a-service, and ZTNA for hybrid users |
Remote access/ZTNA: client-based access, clientless browser–based access (up to 10 applications), granular user and application-based access policy, SAML authentication, built-in identity provider (IdP), posture and contextual access control, and reporting Security: secure web gateway (proxy and inspection of web traffic URL filtering, secure malware analytics – up to 500 samples per day), cloud-access security broker (cloud application discovery, risk scoring, blocking, and cloud malware detection for two applications), Layer-3 and Layer-4 cloud firewall, and DNS-layer security Connectivity: private access, network access control, direct SaaS and IaaS peering, Cisco Meraki Secure SD-WAN integration, and interconnection of sites, users, and applications Management dashboard: simplified management and unified visibility of connectivity and security powered by Cisco Meraki Support: 24x7 unified SASE support access through email and phone and access to documentation portal for self-help Global data center availability: Complete is now available in all regions of US and Europe. The most recent addition was Asia, with presence in Tokyo and Singapore. |
| Cisco Secure Connect Complete Advantage |
Data protection, advanced policy |
All features included in Cisco Secure Connect Essentials, plus: Remote access/ZTNA: clientless browser-based access (up to 300 applications) Security: Layer-7 cloud-delivered firewall + IPS, inline data-loss prevention, cloud malware detection (for all supported applications), and secure malware analytics (unlimited sandbox submissions) Global data center availability: Complete is now available in all regions of US and Europe. The most recent addition was Asia, with presence in Tokyo and Singapore. |
Table 2. New features and benefits
| Feature |
Benefit |
| Native Meraki SD-WAN integration |
Easily connect your branch and DC/HQ/private cloud Meraki sites (configured as hubs or spokes) to Cisco Secure Connect with built-in native Meraki SD-WAN integration for securing connections to the internet, SaaS, and private applications. Leveraging the AutoVPN capability of your Meraki SD-WAN appliance at your branch sites for connectivity to the SASE fabric provides increased resiliency and intelligent path selection. This also enables the organization to implement consistent access and security controls across all connected sites. |
| Enhanced Meraki SD-WAN cloud |
Cisco Secure Connect introduces a dynamically scalable high-bandwidth headend solution for the Meraki SD-WAN integration. Leveraging Meraki’s AutoVPN solution, this enhanced cloud traffic acquisition solution dynamically scales bandwidth per connecting Meraki SD-WAN site. The current bandwidth scale per site is approximately 500 Mbps, both unidirectional and bidirectional. This solution also offers an even more simplified user experience for integration of Meraki SD-WAN with Cisco Secure Connect. |
| Clientless Zero-Trust Network Access (ZTNA) |
Cisco Secure Connect enables least privileged access control of private applications without requiring any agent or client installed on the endpoint device. Administrators can easily assign access privileges for contractors and employees only to resources they need access to, without any lateral move capability. Administrators can configure posture profiles for endpoint OS type and version, browser type and version, and geolocation information to be used in the access decision. |
| Client-based secure remote work |
Cisco Secure Connect enables remote users to access private applications from anywhere through the Cisco Secure Connect fabric using a Cisco AnyConnect® client. Identity-based access control is possible using SAML authentication through the customer’s IdP. Endpoint posture is also evaluated; this enables granular access control to private resources. |
| Secure internet access |
Secure internet access provides safe access to the internet anywhere users go, even when they are off the VPN. Before the user is connected to any destination, Cisco Secure Connect acts as your secure onramp to the internet and provides the first line of defense and inspection, with hybrid protection on the edge and in the cloud. Regardless of where users are located or what they’re trying to connect to, traffic can go through the fabric first. Once the traffic gets to the cloud platform, there are different types of inspection and policy enforcement that can happen, based on the security needs of the traffic. Cisco Secure Connect includes a secure web gateway, a cloud-delivered firewall, DNS-layer security, a cloud-access security broker, and data-loss prevention. This robust security solution receives real-time proactive threat updates from Cisco® Talos® intelligence, keeping your users secure while freeing your IT team from this tedious process. |
| User authentication |
Cisco Secure Connect enables customers to either bring their own SAML provider for end-user authentication to the service or use the bundled cloud-identity platform for easy configuration of users and quick onboarding of the service. Cloud-identity capability can be leveraged by customers who don’t have a SAML IdP configured or do not want to use their existing SAML IdP for the user authentication to access the service. The cloud-identity capability can be configured through a few easy steps from the Cisco Secure Connect dashboard, or an existing Meraki cloud Auth configuration can be simply applied to the service with a single click. |
| Meraki policy import |
Cisco Secure Connect natively introduced a policy import feature that is specifically designed for those who currently have their remote workforce access company resources via remote access connections to the Meraki MX headend. If those customers are transitioning to Secure Connect remote access services, this feature will allow them to import their MX firewall policies affecting client VPN traffic to Secure Connect’s cloud firewall via a guided wizard. This will help reduce the amount of time required for administrators to create and streamline their policies. Furthermore, it detects duplicates before the migration. |
| Unified management |
Cisco Secure Connect management is handled through a single dashboard to configure, monitor, and troubleshoot the service. Configuration is simplified with guided flows and dynamic checklists. Monitoring of users and sites occurs in a single pane of glass that unifies security and connectivity indicators. As part of consolidating network and security controls to unify and provide a single pane of glass experience, the following are some of the key updates: Unified cloud-delivered firewall (CDFW): CDFW policy control and management of all branch-internet, remote users-internet, and interconnects is now available on the Secure Connect dashboard. Unified posture: Client-based and clientless access posture control and management are now available on the Secure Connect dashboard. Remote access log export: Remote access logs can now be exported from the Secure Connect dashboard for all analysis and monitoring. |
| Network interconnect |
Network interconnect provides intelligent routing between sources and destinations connected to Cisco Secure Connect. Any node connected to the interconnect seamlessly gains access to any already-connected node, with access policy -enforced in a unified way across the edge and cloud from Cisco Secure Connect. This drastically reduces network complexity, providing a highly available network fabric with minimal setup and maintenance. |
Cisco Secure Connect now offers 24x7 customer support by calling +1.617.206.4332 or by opening a support case from the product dashboard.
| New or Revised Topic |
Described In |
Date |
| Made tweaks to Feature and Benefits |
Page 5,6 |
December 14, 2023 |
| Updated package section to include Foundation and Complete details |
Page 4-5 |
June 21, 2023 |
| Made tweaks to Product Overview, including use case graphic |
Page 3 |
March 29, 2023 |
| Added additional Features and Benefits |
Page 5, 6 |
March 29, 2023 |
| Changed services to reflect new customer support hours/availability |
Page 6 |
October 20, 2022 |