About the Web Security Module
The AnyConnect Web Security module is an endpoint component that routes HTTP traffic to a Cisco Cloud Web Security scanning proxy.
Cisco Cloud Web Security deconstructs the elements of a web page so that it can analyze each element simultaneously. For example, if a particular web page combined HTTP, Flash, and Java elements, separate “scanlets” analyze each of these elements in parallel. Cisco Cloud Web Security then allows benign or acceptable content and blocks malicious or unacceptable content based on a security policy defined in the Cisco ScanCenter management portal. This prevents “over blocking,” where an entire web page is restricted because a minority of the content is unacceptable, or “under blocking,” where an entire page is permitted while there is still some unacceptable or possibly harmful content that is being delivered with the page. Cisco Cloud Web Security protects users when they are on or off the corporate network.
With many Cisco Cloud Web Security scanning proxies around the world, users taking advantage of AnyConnect Web Security can route their traffic to the Cisco Cloud Web Security scanning proxy with the fastest response time to minimize latency.
You can configure the Secure Trusted Network Detection feature to identify endpoints that are on the corporate LAN. If this feature is enabled, any network traffic originating from the corporate LAN bypasses Cisco Cloud Web Security scanning proxies. The security of that traffic is managed by other methods and devices on the corporate LAN rather than by Cisco Cloud Web Security.
AnyConnect Web Security features and functions are configured using the AnyConnect Web Security client profile, which you edit using the AnyConnect profile editor.
Cisco ScanCenter is the management portal for Cisco Cloud Web Security. Some of the components created or configured using Cisco ScanCenter are also incorporated in the AnyConnect Web Security client profile.
ISE servers must always be listed in the static exception list, which is configured on the Exceptions pane of the Web Security client profile.