Security Center is a cloud platform that can be used to handle security risks. Security Center can continuously monitor the security status and provides in-depth threat defense, comprehensive analysis, and quick response capabilities.
Security Center uses a cloud-native architecture to provide multiple features such as cloud asset management, baseline check, proactive defense, security hardening, configuration assessment, and security status visualization. These features are developed based on years of experience in cloud security and attack and defense scenarios. Security Center also uses cloud logs, analysis models, and superior computing power to monitor the security status of assets in the cloud in a comprehensive manner. Security Center can efficiently detect and block risks such as viruses, attacks, encryption ransomware, vulnerability exploits, AccessKey pair leaks, and mining. Security Center is an end-to-end automated system that is provided to perform security operations. Security Center can be used to protect workloads on hosts, containers, and virtual machines that are deployed on hybrid clouds and help you meet regulatory compliance requirements.
Architecture
Security Center provides an in-depth protection system that covers the network layer, host layer, and application layer. The system protects networks, hosts, and web applications against intrusions, detects web application vulnerabilities, and scans for trojans. The system uses big data analysis to provide a more precise algorithm and rule support for protection at each layer.
- Protection at the network layer
Security Center detects threats by capturing packets at the network layer. You can check and analyze each inbound and outbound packet of the base on which your workloads and cloud services are deployed based on traffic mirroring.
- Protection at the application layer
Security Center scans for web application vulnerabilities, detects web attacks, and analyzes access records at the application layer. Then, Security Center reports the information found at the application layer to the data analysis cluster of Security Center. The report operation does not affect the performance of applications.
- Protection at the host layer
Security Center monitors your hosts in real time to identify suspicious processes, ports, and network connections at the earliest opportunity. Security Center also scans for host vulnerabilities and configuration risks at regular intervals. This helps protect your hosts in a comprehensive manner.
Security Center is integrated with the big data security analytics platform to detect potential intrusion attempts and threats based on machine learning and data models. A Security Center-based threat detection system is built. Security Center analyzes a large amount of user data in real time and traces the sources of attacks based on security events. Then, Security Center uses the analysis and tracing results to detect suspicious behavior in the networks and business systems of users and generate alerts for threats. If penetration attacks, social engineering attacks, network attacks, and phishing attacks are detected, Security Center delivers quick response and generates threat intelligence. You can make security decisions based on the threat intelligence.
Benefits
Centralized security management
Security Center protects the servers, containers, and cloud services that are deployed on Alibaba Cloud, data centers, and other cloud platforms in a centralized manner.
Comprehensive detection of attacks
Security Center provides more than 250 threat detection models and 8 protection engines to identify threats to your assets in a comprehensive manner. This way, you can handle risks at the earliest opportunity.
Stability and reliability
Security Center uses the Security Center agent to detect threats and allows you to handle the detected threats in your server on which the Security Center agent is installed. This process consumes a small number of resources on your server. Security Center can protect millions of servers. If you enable the basic protection mode for the Security Center agent to protect your servers, the agent consumes up to 10% resources of each CPU core of your servers. This does not affect your normal workloads.
Various features
Security Center provides various features to meet the security requirements for Cloud Workload Protection Platform (CWPP) and Cloud Security Posture Management (CSPM), and protect containers throughout the container lifecycle. You need to only install the Security Center agent to configure protection.
Scenarios
Classified protection compliance
Description
Security Center helps enterprises pass the classified protection compliance check. Security Center helps enterprises meet the industrial regulatory requirements, clarify security goals, build secure information systems in a systematic manner, and reduce security risks and the possibility of being attacked. Security Center ensures the security of information systems and improves the confidence of customers, partners, and concerned parties. To meet the requirements of specific check items in the classified protection compliance check, you need to choose a suitable product to implement security measures.
MLPS 2.0
Multi-Level Protection Scheme (MLPS) 2.0 outlines level 2 requirements for intrusion prevention, identity authentication, and security audit to evaluate the security of servers. Security Center can perform baseline checks against more than 15 requirements at MLPS 2.0 level 2 and fix the baseline risks that are detected. This helps your servers meet the compliance assessment requirements. If your websites require special security assurance, you can use Security Center to harden the security of important websites to prevent attacks and tampering.
Protection for servers in hybrid clouds
Description
To handle various security threats in the cloud, different platforms provide different security capabilities for business in hybrid clouds. This makes business systems vulnerable to attacks. The process of monitoring and managing the security status of different types of servers at the same time is difficult. In hybrid-cloud scenarios, the following issues can occur: system bottleneck issues, high O&M difficulties, and security risks.
Protection solutions for servers in hybrid clouds and multi-cloud environments
Security Center can protect servers that are deployed on Alibaba Cloud, data centers, and third-party clouds. You can use Security Center features to protect all types of servers and implement O&M in the Security Center console in a centralized manner. This helps reduce the costs of security management and improve the overall system security. The Security Center features include virus detection and removal, vulnerability scan, and anti-ransomware.
Container protection
Description
An increasing number of enterprises are involved in the development of cloud-based containerization. However, attacks are also evolving. Containers can be attacked during the building stage, deployment stage, or running stage, which affects the running of the business. Enterprises that use the container architecture must focus on container security and choose suitable products to harden the security of the containers and ensure the stable running of the business.
Protection solutions for containers
Security Center protects containers throughout the container lifecycle based on the Alibaba Cloud Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) framework. The lifecycle covers container building, container deployment, and container running. Security Center uses the cloud-native technology to build comprehensive security capabilities for containers and provide comprehensive support for containerized development of enterprises in the cloud.
Editions
Security Center is available in the Basic, Anti-virus, Advanced, Enterprise, and Ultimate editions. The Basic edition is free of charge.
| Edition | Overview |
|---|---|
| Basic edition | Security Center Basic provides basic security hardening capabilities free of charge. You can use the capabilities to detect unusual logons to your servers, DDoS attacks, common vulnerabilities on your servers, and configuration risks of cloud services. If you select Security Enhancement when you purchase an Elastic Compute Service (ECS) instance, Security Center Basic is automatically activated. |
| Anti-virus edition | Security Center Anti-virus provides features such as detection and removal of common viruses. |
| Advanced edition | Security Center Advanced provides features such as virus detection and removal, vulnerability detection and fixing, and security reports. |
| Enterprise edition | Security Center Enterprise provides comprehensive security features such as virus detection and removal, vulnerability detection and fixing, baseline check, asset fingerprints, and attack analysis. The features help your servers meet the requirements of classified protection. |
| Ultimate edition | Security Center Ultimate provides security features for servers and container assets. The features include container image scan, threat detection on Kubernetes containers, network topology of containers, alerting, antivirus, vulnerability detection and fixing, baseline check, asset fingerprints, and attack analysis. |
If you did not purchase Security Center, you can apply for a free trial of the Enterprise or Ultimate edition of Security Center.
References
Compliance certifications
Security Center complies with the standards of ISO 9001, ISO 20000, ISO 22301, ISO 27001, ISO 27017, ISO 27018, ISO 29151, ISO 27701, and BS 10012. It also obtains the Security, Trust, Assurance and Risk (STAR) certificate from Cloud Security Alliance (CSA) and complies with Payment Card Industry Data Security Standard (PCI DSS).
Was this helpful?