This topic describes Alibaba Cloud Managed Security Service.

Introduction

Alibaba Cloud Managed Security Service is developed by the Alibaba Cloud Security expert team based on the Alibaba Cloud Security services and years of technical practices to meet business requirements of customers. Managed Security Service offers comprehensive and professional security and consulting services for customers on the cloud, provides powerful technical capabilities, and ensures business stability and security.

Benefits

  • Full-stack operations with easy and efficient hosting

    Alibaba Cloud Managed Security Service provides comprehensive security technologies and consulting services based on years of security practices of Alibaba Cloud. It provides all-round security operations services covering from network boundaries to the internal network, from vulnerabilities to policies, and from configuration to data. Managed Security Service aims to build and continuously optimize the cloud security defense system and secure the businesses of customers. With Managed Security Service, customers can use all-round managed services and therefore focus on their business security.

  • Big data support

    Alibaba Cloud security products, such as Anti-DDoS Pro, Web Application Firewall (WAF), and Server Guard, protect VPNs, ECS instances, web applications, and databases. Based on years of experience in data mining technologies, these services support in-depth and professional data mining to provide every user on the cloud with the most advanced attack and defense intelligence data. By leveraging the intelligence data and the protection requirements and business system conditions of users, the security operations team periodically adjusts security protection policies to control security risks. This achieves dynamic adjustment, defense, operations, and management.

  • Large scale advantages

    Alibaba Cloud has more than a million paying users and a large number of users that use security products and services. To serve these users, Alibaba Cloud provides systematic and professional services. Operational costs reduce with the use of large-scale and systematic services. This helps reduce the costs of users who purchase Managed Security Service.

  • Incident response within minutes

    Cloud security monitoring and the incident response system of Managed Security Service allow timely responses to security incidents. This helps users protect against attacks, clean up Trojans, and analyze intrusion causes to minimize losses caused by security incidents and rapidly restore businesses.

Scenario

  • Build a well-developed security operations system
    • Description

      Due to the lack of effective vulnerability management and risk control, some enterprises do not build a security protection system in a timely manner after cloud deployment for informatization. As a result, risks cannot be handled in pace with the construction of information systems, which poses a great risk to security. In this scenario, Managed Security Service can provide a mature operations system that supports capabilities such as security product capability operations, security vulnerability risk operations, and basic security operations. Managed Security Service achieves seamless security operations of cloud assets. With Managed Security Service, users can focus on developing their business capabilities, which helps them win precious time for the construction of their operations systems.

    • Benefits

      The mature operations system provided by Managed Security Service allows enterprise users to focus on developing their business capabilities. During subsequent security construction, they can have sufficient time to build their operations systems with Managed Security Service.

  • Increase the returns on investment (ROI) of security operations resources
    • Description

      The security operations resources are insufficient. Such resources include security operations professionals for cloud security products, engineers for the infrastructure, and capital investments in security operations of enterprise users. In traditional scenarios, a large number of professionals are required to ensure smooth security operations. As the asset scale increases, investments in security-related human resources also gradually increase.

    • Benefits

      By leveraging the scale, service, and system advantages of Managed Security Service, enterprises can save operational costs. In addition, professional technical personnel of Managed Security Service can help enterprises improve their overall security capabilities in terms of security product protection, security policy optimization, security vulnerability management, and risk control.

  • Guide security architecture design for cloud deployment or cloud migration
    • Description

      During cloud deployment or cloud migration, enterprises may encounter security risks to their business, technology, and management. Enterprises can deploy appropriate cloud products to solve these issues. Security services provide guidance on the design of cloud security architectures and security consulting services to help enterprises design cloud-based architectures and achieve the best protection effect.

    • Benefits

      Consulting services and the guidance on designing security architectures help enterprises quickly migrate their businesses to the cloud and ensures business security and stability on the cloud.

  • Improve security capabilities
    • Description

      Ever-growing system platforms in computing environments face a variety of security threats, such as data theft, data tampering, and unauthorized access. In this case, professional security services are required to ensure the confidentiality, integrity, and availability of data that is running and stored on these system platforms.

    • Benefits

      The service team of Alibaba Cloud Managed Security Service assesses the business security conditions of customers based on their security requirements and then identifies gaps between their current business security conditions and the best security practices. Based on the issues identified in security assessment, the service team performs security hardening to improve the anti-attack capability of the operating system or network devices.

Services

Table 1. The following table describes the service details of Managed Security Service.
Category Item Description
Cloud business security assessment Security risk assessment Assigns a team of experienced Alibaba Cloud security experts to periodically provide security analysis reports to customers, so that they can understand their network security conditions.
Cloud security system consultation Security system consulting Provides security technology or management solutions based on basic business environments of customers, global cloud security standards, and security best practices.
Security incident management Troubleshooting of regular security incidents and emergencies Monitors user information systems in real time to promptly and accurately identify security incidents, locate event sources, and handle the incidents to minimize losses. Analysis and troubleshooting are provided in response to emergencies to help customers rapidly handle the incidents and reduces the impacts on their businesses.
Security product operations Security product operations Provides professional Managed Security Service (including Alibaba Cloud Security and third-party security services). This helps customers manage security policies based on security threats and customize security policies to build a strong security defense system.
Security hardening service Security hardening Performs security hardening to improve the security and anti-attack capabilities of operating systems or network devices based on the issues identified by Security Center. After the related security configuration of the system is complete, the system is secure due to periodic security assessment and maintenance services.
Security inspection Security inspection Provides regular security monitoring and inspection services to help analyze and manage regular security attacks on increasingly complex system and application platforms, and provides solutions that allow customers to improve their security systems in a cost-effective way.
  1. Security risk assessment

    To fully understand system security risks and network security threats, you must use various security check methods to collect accurate basic data so that you can analyze and identify security risks in customer business from the technical vulnerability perspective.

    The service team of Alibaba Cloud Managed Security Service assesses business security conditions of customers based on their security requirements, identifies gaps between the current security conditions and best security practices, and develops security solutions for customers.

    Security assessment is performed from three aspects: network security, host security, and application security. The assessment for each aspect is independent of each other but the final results are correlated. Deep and detailed analysis and assessment from the three aspects helps provide a complete security assessment result.

    Table 2. The following table describes the security assessment from the three aspects.
    Category Description Method
    Network security assessment
    • Checks whether access control policies are appropriate.
    • Detects high-risk ports.
    • Performs security analysis on identified issues and develops fix plans to help customers.
    Manual inspection and tool scan
    Host security assessment
    • Detects security vulnerabilities in operating systems of hosts and application software.
    • Detects configuration risks in operating systems and application software.
    • Performs security analysis on the preceding found issues and develops fix plans to help customers.
    Manual inspection and tool scan
    Application security assessment
    • Detects security vulnerabilities in the business application code.
    • Performs security analysis on the preceding found issues and develops fix plans to help customers.
    Manual inspection and tool scan
    Note To ensure business reliability and security during security assessment, the expert team of Managed Security Service assesses business conditions based on the customer network system and determines the inspection plan, risk prevention measures, emergency budget measures, and authorization instructions with the customer to mitigate risks and promptly respond to unexpected events.
  2. Security system consulting

    Comprehensive security management requires experts to monitor the network 24/7 and analyze every single change in the network structure. There are few professional personnel who are proficient in security management in China and few enterprises can have their own team that focuses on information system security. In normal cases, system administrators are responsible for the maintenance of information system security. Security management is increasingly complex and technologies rapidly develop. Therefore, security management experts must improve their technical skills. This increases the workload of system administrators. Only a few companies have sufficient resources to maintain their network security. To ensure network security, more and more enterprises outsource their security services.

    The service team of Alibaba Cloud Managed Security Service provides comprehensive models and methods for the cloud information security management cycle. These models and methods are based on the cloud business condition of customers. Based on industry-recognized best policies, global cloud security standards and processes, the team provides comprehensive consulting services and a wide range of security management services. This allows enterprises to focus on the most important information security requirements to ensure their business security on the cloud.

  3. Security incident responses

    Security is relative. Technical errors may cause operational disruptions, data leaks, reputation damage, or regulatory issues. Therefore, quick and efficient responses to security emergencies are required for information network systems. If you want to quickly respond to emergencies, you must set up an efficient reporting mechanism and event analysis and handling mechanisms to minimize the impact of security incidents.

    Incident Response Service of Managed Security Service is developed based on years of practical technical capabilities and management experience in security attack defense and the relevant national standards for the response and handling of information security incidents. A professional remote emergency response service is available 24/7 in accordance with the prevention, intelligence information collection, mitigation, elimination, and restoration procedures. If an information security incident occurs, Incident Response Service helps cloud users quickly respond to the incidents and restore their businesses. It also helps users design efficient cloud security management solutions, which prevents security incidents and reduce the impact on businesses.

    Table 3. The following table describes the categories of security incidents that Incident Response Service of Managed Security Service can handle.
    Category Description
    Malware incident Computer virus, worm, Trojan, botnet, blended attack, and web browser plug-in incidents
    Network attack incident Backdoor attack, vulnerability attack, network eavesdropping, phishing, and interference incidents
    Information destruction incident Information tampering, forgery, and interception, data breach, and loss incidents
    Information content security incident Information incidents that occur on the Internet and endanger national security, social stability, and public interests, such as disseminating illegal information, organizing illegal gatherings, inciting mobs, and hyping sensitive issues
    Information content security incident Information incidents that occur on the Internet and endanger national security, social stability, and public interests, such as disseminating illegal information, organizing illegal gatherings, inciting mobs, and hyping sensitive issues

    Incident Response Service has the following functions:

    • Security incident intrusion analysis and business restoration: If an intrusion occurs or has occurred, the service team of Alibaba Cloud Managed Security Service can help customers investigate the incident, locate backdoors, restore businesses, and collect evidence. The team also provides an incident handling report and follows up on the security status.
    • Analysis and handling of other security emergencies: Incident Response Service is activated only when a security incident has a serious impact on the network and hosts. For other regular security incidents, only security consulting and handling of regular security incidents are required.
  4. Security product operations
    • Security product operations

      For enterprises that do not have professional security personnel, Alibaba Cloud provides professional managed security services (including Alibaba Cloud Security services and third-party security products). Alibaba Cloud can help customers manage security product policies based on security threats, customize security policies as required, and build a solid security defense system for customers.

    • Security effect analysis

      After you implement security products and services, you can use the Alibaba Cloud big data platform to build an in-depth analysis model. This model can perform threat intelligence analysis on the assessment and identification of business assets and key systems on the cloud, analysis of business security threats, existing control measures, and possibilities and impacts, vulnerability assessment, and comprehensive risk identification. Based on the threat intelligence analysis, this model can detect residual business risks, set risk priorities, and provide a basis and reference for security planning and construction.

  5. Security monitoring and inspection

    Managed Security Service provides regular security monitoring and inspection services to help analyze and manage regular security attacks on increasingly complex systems and application platforms. It also provides solutions that allow customers to improve their security systems in a cost-effective way.

    Table 4. The following table describes the content of regular security inspection.
    Security aspect Item/Category
    Security product and policy Enabling status, authorization status, configuration status, and specifications of security products and policies.
    Network security layer
    • Access traffic trend.
    • Unusual network access.
    • DDoS and HTTP flood attacks.
    Operating system layer of ECS instances
    • High-risk ports, such as 22, 3389, and 3306, that are enabled and exposed to the Internet.
    • Configuration risks, such as weak passwords and root user logons.
    • Brute-force attacks on the logon protocol and remote logons.
    • Application midware vulnerabilities, such as Tomcat vulnerabilities and JBoss vulnerabilities.
    • Other suspicious events of ECS instances.
    Application security layer
    • Business availability.
    • Webshell events.
    • Trojan, hidden links, and tampering of websites.
    • Web application security vulnerabilities.
    Data layer
    • Log audit status of ApsaraDB RDS for SQL Server.
    • The status of data breach.

Edition comparison

Table 5. Managed Security Service has three editions. The following table describes the services provided in each edition.
Edition Scenario Service description
Managed Detection and Response Manages cloud security operations, provides online support from security experts, periodically monitors security risks, and quickly responds to and handles security incidents to ensure the security of businesses on the cloud.
  • Security consulting: provides online support from security experts over DingTalk during all business hours.
  • Security monitoring and inspection: performs regular security inspections and proactive monitoring to detect security risks in a timely manner.
  • Response to security emergencies: provides 24/7 system security monitoring and handles attacks in a timely manner to help customers quickly restore their businesses.
  • Security product operations: provides guidance on configuring and using Alibaba Cloud Security products.
Security Assessment Analyzes business security risks from the perspective of technical vulnerabilities to handle the existing security risks in the system and network security threats.
  • Online assessment: performs asset investigation, security baseline scans, vulnerability scans, and personnel interviews to help customers understand the security conditions of their business systems.
  • Data analysis: analyzes and sorts out data collected during online assessment.
  • Professional security assessment report: develops security assessment reports based on data analysis results and provides suggestions on fixing security risks.
Security Hardening Performs security hardening based on the issues identified during security assessment to improve the security and anti-attack capabilities of operating systems or network devices.
  • Scope of security hardening: collects the information assets of customers and communicates with the customers to confirm the scope of security hardening.
  • Security hardening plan: develops a security hardening plan based on security assessment results, the business on the cloud, and cloud product configuration of the customer.
  • Implementation and testing: performs security hardening based on the security hardening plan and checks the security hardening results.