Security Center monitors the security status of your assets in real time, and provides a security score for your assets and the number of detected risks. This topic describes the ranges of scores and deduction items.

Security scores

Security score Description Font color
95 to 100 Your assets are secure. Green
85 to 94 Your assets are exposed to a few of security risks. We recommend that you reinforce the security of your system at the earliest opportunity. Yellow
70 to 84 Your assets are exposed to a large number of security risks. We recommend that you reinforce the security of your system at the earliest opportunity. Yellow
69 or lower Your assets are at high risk. We recommend that you reinforce the security of your system at the earliest opportunity. Red

Deduction items

Note
  • The maximum security score is 100, and the minimum security score is 10.
  • If the security score is greater than 60 after penalty points are endorsed but unhandled alerts are detected, the final score is still 60.
  • If the security score is greater than 80 after penalty points are endorsed but unhandled alerts or vulnerabilities are detected, the final score is still 80.
  • If the security score is greater than 90 after penalty points are endorsed but unhandled baseline risks are detected, the final score is still 90.
  • All paid editions in the following table indicate the Anti-virus, Advanced, Enterprise, and Ultimate editions of Security Center.
Category Edition Reduction item Penalty point Suggestion
Configurations of core features All paid editions Web tamper proofing is disabled. 5 Enable web tamper proofing
Basic No rules are configured to prevent brute-force attacks. 2 Configure blocking policies based on IP addresses
Basic Quick installation of the Security Center agent is not authorized. 2 If this is the first time that you use this feature, obtain the required permissions.
Advanced, Enterprise, and Ultimate Configuration assessment is not authorized. 2 If this is the first time that you use this feature, obtain the required permissions.
All paid editions Log analysis is disabled. 2 Enable log analysis
All paid editions Antivirus is disabled. 2 Use proactive defense
All paid editions No anti-ransomware policies are created. 15 Create a protection policy
All paid editions Periodic virus detection is disabled. 5 Periodic virus scanning
Advanced, Enterprise, and Ultimate Container images that can be scanned are not specified. 5 Configure a cycle to scan image vulnerabilities
Ultimate Kubernetes threat detection is disabled. 5 Use threat detection on Kubernetes containers
Unhandled alerts All paid editions Unhandled high-risk alerts are detected. 20 Handle alert events
All paid editions Unhandled medium-risk alerts are detected. 20 Handle alert events
All paid editions Unhandled low-risk alerts are detected. 20 Handle alert events
Unfixed vulnerabilities Advanced, Enterprise, and Ultimate Unfixed Web-CMS vulnerabilities are detected. 2 View and handle Web-CMS vulnerabilities
Advanced, Enterprise, and Ultimate Unfixed Windows system vulnerabilities are detected. 2 View and handle Windows system vulnerabilities
Advanced, Enterprise, and Ultimate Unfixed Linux software vulnerabilities are detected. 2 View and handle Linux software vulnerabilities
Advanced, Enterprise, and Ultimate Unfixed urgent vulnerabilities are detected. 5 View and handle urgent vulnerabilities
Advanced, Enterprise, and Ultimate Urgent vulnerabilities exist but are not detected. If no Elastic Compute Service (ECS) instances are used, no penalty points are endorsed. 3 View and handle urgent vulnerabilities
Baseline risks Enterprise and Ultimate Baseline risks are detected. 1 Manage baseline risks
Configuration risks Advanced, Enterprise, and Ultimate Anti-DDoS Pro and Anti-DDoS Premium fail the back-to-origin configuration check.
  • High risk: 2
  • Low risk: 1
Manage configuration risks
Advanced, Enterprise, and Ultimate Two-factor authentication is disabled for your Alibaba Cloud account.
  • High risk: 2
  • Low risk: 1
Advanced, Enterprise, and Ultimate ApsaraDB RDS fails the security policy check.
  • High risk: 2
  • Low risk: 1
Advanced, Enterprise, and Ultimate High risks are detected in cloud service configurations. 2
Advanced, Enterprise, and Ultimate Low and medium risks are detected in cloud service configurations. 1
AccessKey pair leaks All editions AccessKey pair leaks are detected. 30 View and handle AccessKey pair leaks
Others Enterprise and Ultimate Attack events are detected. 5 Improve the security score of your assets

References

What are the priorities to handle security events that you can access from the Security Score section?

The deduction items in the Enterprise and Ultimate editions are different from those in the Basic, Anti-virus, and Advanced editions. What are the differences?

How does the vulnerability scan level affect the security score?

How does the baseline check level affect the security score?

Improve the security score of your assets