Managed Security Service (MSS) is available in Alibaba Cloud Security Web Application Firewall (WAF). Once you activate the MSS of WAF service, you can get professional and exclusive technical support from Alibaba Cloud Security experts with regard to implementing and using Alibaba Cloud WAF.

Overview

The MSS of WAF service is backed with Alibaba Cloud Security service team and helps you better use Alibaba Cloud WAF. With MSS of WAF, you can more effectively protect WAF-enabled Web assets, reduce Web business risk, and significantly reduce security maintenance costs.

The MSS of WAF service is suitable for situations where you have activated Alibaba Cloud WAF but lack continuous monitoring and security engineers to protect against vulnerabilities. The service is ideal for customers seeking outsourcing professionals to assist in the operation of security services.

Service scope

The MSS of WAF service provides a fully managed service for Alibaba Cloud WAF, including configuration service, protection policy optimization, security monitoring and warning, security incident response, security consulting, security training and case study, and security reporting. These services are further described as follows.

Table 1. Service scope of MSS of WAF
Service type Description
WAF configuration
  • Provides WAF configuration for implementing WAF for a website
  • Assists in configuring and uploading the HTTPS certificate (Users can import the cert and private key by themselves)
  • Assists in configuring origin server protection for ECS and Server Load Balancer instances
  • Performs adaptability verification and requesting test after website configuration is completed
  • Assists in modifying the configuration and policies when the protected website changes
Protection policy optimization
  • Provides diagnosis and troubleshooting services when exceptions occur to services on WAF
  • Optimizes user security protection policies by analyzing attack logs
  • Adjusts protection policies and provides mitigation solutions in response to security incidents
  • Provides suggestions on WAF protection configuration for fault handling, HTTP flood protection, HTTP ACL policy, and data risk control
Monitoring and warming
  • Monitors the product availability, faults, and exceptional status
  • Monitors high-risk security events and abnormal events caused by attacks
  • Monitor protection status based on the user's or system's attack alerts and makes the adjustment to the protection policies
Security reporting
  • Provides customized security service reports for the user
  • Sends the daily and monthly product operations and service report to the user

Security incident response time

When a user encounters a security incident that requires urgent assistance, the service team responds to the user in a timely manner based on the security incident response time described as follows.

Table 2. Security incident response time
No. Priority Definition Response time
1 Critical The user's critical business or core components are significantly damaged or the service is unavailable, requiring immediate processing 15 minutes
2 Emergency The user's critical business or core components are severely affected or important features are unavailable and need to be processed as soon as possible 30 minutes
3 High The user's non-critical business is seriously damaged or unavailable 2 hours
4 Medium The user's non-critical business is abnormal 4 hours
5 Low General technical or advisory questions 8 hours

Service delivery description

The following table describes the service delivery method of MSS of WAF.

Table 3. Service delivery description
Category Description
Service delivery method Remote online service
Service language Chinese and English
Service period Consistent with the user's purchase cycle
Supported service channels
  • Email
  • DingTalk
  • Phone

Billing and purchasing method

The MSS of WAF service supports subscription and can be renewed on a monthly or yearly basis. To activate the MSS of WAF, go to the sales page.
Notice Due to the special investment of the service support system and service human resources, refunds are not supported.