On an ASA5525-X, how do I determine how much traffic is from streaming services, Netflix, Spotify, YouTube and so on, and how to effectively deny the traffic, if any? The use case would be, how limit AnyConnect users so they don't consume unnecessary ASA bandwidth/compute on streaming services.
If you have setup netflow you can view what kind of bandwidth using each application/service.
if you looking to restrict VPN user bandwidth, you can start implementing the QoS on network for the Any connect users
*** Rate All Helpful Responses ***
For AnyConnect users, you could use split-tunnelling, so all unneeded traffic is routed directly to the local breakout, instead of the VPN tunnel. This would be the best option.
Now to really stand a chance and block that traffic in case you don't want split-tunnelling, or for your internal users, you would need a smart proxy deployed, or you could use MPF on the ASA(but this is far from being bullet proof):
class-map match-all NETFLIX
match protocol http host "*netflix.com*"
You would need to do URL Filtering and/or app blocking. For example Cisco WSA is one such proxy; you may not be able to block everything which is tunnelled over HTTP/HTTPS with the basic functionality, but with some advanced tuning you'll make it.