If it is enabled check your routing table (netstat -rn) and your resolv.conf file to see which DNS entries you are pointing to. I would expect you to have a new route in your routing table pointing to your companies intranet. It has been awhile but I think secureremote wedged itself in the TCP stack such that it could intercept packets and redirect them based on its policy, encrypting them as it goes. If the policy permits split tunneling it would direct only packets going to the security domain through the VPN tunnel to your intranet. All other packets would be passed on the TCP stack to be handled as they normally would.
The Cisco client intercepts before routing, so it doesn't show up in the routing table.
