All Products
Search
Document Center

Security Center:What is Security Center?

Last Updated:Mar 07, 2024

Security Center is a multifunctional security service built for the cloud. It leverages cloud-native technology, years of cloud security and defense experience, and cutting-edge technology. Its features include cloud asset management, baseline check, proactive defense, security hardening, configuration assessment, and security status visualization.

Security Center uses cloud logs, analysis models, and superior computing power to monitor the security status of assets in the cloud. It efficiently detects and blocks risks such as viruses, attacks, encryption ransomware, vulnerability exploits, AccessKey pair leaks, and mining. In the form of an end-to-end, automated operations system, Security Center protects workloads on hosts, containers, and virtual machines that are deployed on hybrid clouds. It is an essential tool for meeting regulatory and compliance requirements.

Architecture

Security Center provides an in-depth protection system that covers the network layer, host layer, and application layer. The system protects networks, hosts, and web applications against intrusions, detects web application vulnerabilities, and scans for trojans. The system uses big data analytics to provide a more precise algorithm and rule support for protection at each layer.

  • Protection at the network layer

    At the network layer, Security Center detects threats by capturing packets. It mirrors the outbound and inbound traffic in the cloud to inspect each packet transmitted over the network.

  • Protection at the application layer

    At the application layer, Security Center scans for web application vulnerabilities, detects web attacks, and analyzes access records. Then, it reports the obtained information to its data analysis cluster in a way that does not impact application performance.

  • Protection at the host layer

    Security Center monitors your hosts in real time to identify suspicious processes, ports, and network connections at the earliest opportunity. Security Center also scans for host vulnerabilities and configuration risks at regular intervals. It offers comprehensive protection to your hosts.

Security Center is integrated with a big data analytics platform to detect potential intrusion attempts and threats based on machine learning and data models. A Security Center-centered threat detection system is built. Security Center analyzes large amounts of user data in real time and traces the sources of attacks based on security events. Then, Security Center detects suspicious behavior in the networks and business systems of users and generates alerts for threats. If penetration attacks, social engineering attacks, cyberattacks, and phishing attacks are detected, Security Center responds quickly and generates threat intelligence. You can make security decisions based on the threat intelligence.

Benefits

  • Centralized security management

    Security Center protects the servers, containers, and cloud services that are deployed on Alibaba Cloud, data centers, and other cloud platforms in a centralized manner.

  • Comprehensive attack detection

    Security Center provides more than 250 threat detection models and 8 protection engines to identify threats to your assets in a comprehensive manner. This way, you can handle risks at the earliest opportunity.

  • Stability and reliability

    Security Center uses the Security Center agent installed on your server to detect threats. You can handle the detected threats on the server. This process consumes only a small number of resources on your server. Security Center can protect millions of servers. If you enable the low consumption mode for the Security Center agent, the agent consumes up to 10% of an individual CPU core. Your normal workloads are not affected.

  • Full range of features

    Security Center provides a full range of features to meet the security requirements of Cloud Workload Protection Platform (CWPP) and Cloud Security Posture Management (CSPM), and protect containers throughout their lifecycle. You need to only install the Security Center agent to implement security management.

Scenarios

Classified protection compliance

Description

Security Center helps enterprises pass the classified protection compliance check and meet industrial regulatory requirements. It also helps enterprises clarify their security goals, systemically construct secure information systems, and reduce security risks and the possibility of being attacked. Security Center ensures the security of information systems and improves the confidence of customers, partners, and stakeholders. To meet specific requirements in the classified protection compliance check, you need to choose a suitable product to implement security measures.

MLPS 2.0

Level 2 in Multi-Level Protection Scheme (MLPS) 2.0 outlines requirements for server security based on intrusion prevention, identity authentication, and security audit performance. Security Center can perform baseline checks for more than 15 MLPS 2.0 Level 2 requirements and fix the baseline risks that are detected. This helps your servers meet the compliance assessment requirements. For important websites that require special security assurance, you can use Security Center to harden the website security to prevent attacks and tampering.

image

Protection for servers in hybrid clouds

Description

Different platforms provide different security capabilities to handle cloud security risks for business in hybrid clouds. This makes business systems vulnerable to attacks and makes it difficult to monitor and manage the security status of different types of servers at the same time. In hybrid-cloud scenarios, the following issues can occur: system bottlenecks, complicated O&M, and security risks.

Protection solutions for servers in hybrid clouds and multi-cloud environments

Security Center can protect servers that are deployed on Alibaba Cloud, data centers, and third-party clouds. You can use Security Center to protect all types of servers and carry out centralized O&M in the Security Center console. This helps reduce the costs of security management and improve the overall system security. Security Center provides features such as virus detection and removal, vulnerability scan, and anti-ransomware for protection.

Container protection

Description

An increasing number of enterprises are deploying cloud-based containerized solutions, but attacks are also evolving to target containers. Containers are vulnerable during the building stage, deployment stage, and running stage, and attacks on containers can disrupt your business. Enterprises that use the container architecture must focus on container security and choose suitable products to harden the security of the containers and ensure the stable running of the business.

Protection solutions for containers

Security Center protects containers throughout their lifecycle based on the Alibaba Cloud Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) framework. Security Center uses cloud-native technology to deliver a full suite of security capabilities for containers and provide comprehensive support for enterprises to deploy containerized solutions in the cloud.

image

Supported regions

Security Center supports the Hangzhou and Singapore service centers, which separately correspond to the China and Outside China data management centers. In the Hangzhou service center, Security Center provides protection capabilities for assets that are deployed in the regions covered by the China data management center. In the Singapore service center, Security Center provides protection capabilities for assets that are deployed in the regions covered by the Outside China data management center. The assets and security risks displayed in the Security Center console vary based on the data management center. Before you use a feature in the Security Center console, you must select a data management center based on the region where your assets reside.

regionbar

The following table describes the regions covered by each data management center.

Data management center

Region

China

  • China (Qingdao), China (Beijing), China (Zhangjiakou), China (Hohhot), and China (Ulanqab)

  • China (Shenzhen), China (Heyuan), and China (Guangzhou)

  • China (Hangzhou), China (Shanghai), and China (Nanjing)

  • China (Chengdu)

  • China (Hong Kong)

Outside China

  • Japan (Tokyo), South Korea (Seoul), Singapore, Australia (Sydney), Malaysia (Kuala Lumpur), Indonesia (Jakarta), Philippines (Manila), Thailand (Bangkok), and India (Mumbai)

  • Germany (Frankfurt), UK (London), US (Virginia), and US (Silicon Valley)

  • SAU (Riyadh) and UAE (Dubai)

Editions

Edition

Overview

Basic edition

Security Center Basic provides basic security hardening capabilities free of charge. You can use the capabilities to detect unusual logons to your servers, DDoS attacks, common vulnerabilities on your servers, and configuration risks of cloud services.

Anti-virus edition

Security Center Anti-virus provides features such as detection and removal of common viruses.

Advanced edition

Security Center Advanced provides features such as virus detection and removal, vulnerability detection and fixing, and security reports.

Enterprise edition

Security Center Enterprise provides comprehensive security features such as virus detection and removal, vulnerability detection and fixing, baseline check, asset fingerprints, and attack analysis. The features help your servers meet the requirements of classified protection.

Ultimate edition

Security Center Ultimate provides comprehensive security features for servers and container assets. The features include container image scan, threat detection on Kubernetes containers, container asset overview, alerting, virus detection and removal, vulnerability detection and fixing, baseline check, asset fingerprints, and attack analysis.

Compliance certifications

Security Center complies with the standards of ISO 9001, ISO 20000, ISO 22301, ISO 27001, ISO 27017, ISO 27018, ISO 29151, ISO 27701, and BS 10012. It also obtains the Security, Trust, Assurance and Risk (STAR) certificate from Cloud Security Alliance (CSA) and complies with Payment Card Industry Data Security Standard (PCI DSS).

References