Security Center monitors the security status of your assets in real time, and provides security scores for your assets and the number of detected risks. This topic describes the different score ranges and deduction items.
Security scores
| Security score | Description | Font color |
|---|---|---|
| 95 to 100 | Your assets are secure. | Green |
| 85 to 94 | Your assets are exposed to a few security risks. We recommend that you reinforce your security system at the earliest opportunity. | Yellow |
| 70 to 84 | Your assets are exposed to a large number of security risks. We recommend that you reinforce your security system at the earliest opportunity. | Yellow |
| 69 or lower | Your assets are at high risk. We recommend that you reinforce your security system at the earliest opportunity. | Red |
Deduction items
Note
- The maximum security score is 100 and the minimum score is 10.
- If the security score is greater than 60 after penalty points are endorsed but unhandled alerts are detected, the final score is 60.
- If the security score is greater than 80 after penalty points are endorsed but unhandled alerts or vulnerabilities are detected, the final score is 80.
- If the security score is greater than 90 after penalty points are endorsed but unhandled baseline risks are detected, the final score is 90.
- All paid editions in the following table indicate the Basic Anti-Virus, Advanced, and Enterprise editions of Security Center.
| Type | Required edition | Item | Penalty point | Suggestion |
|---|---|---|---|---|
| Configurations of core features | All paid editions | Web tamper proofing is disabled. | 5 | Activate web tamper proofing |
| Basic | Anti-brute-force rules are not configured. | 2 | Configure IP blocking policy | |
| Basic | Quick installation of the Security Center agent is unauthorized. | 2 | If this is the first time you use this feature, obtain the required permissions. | |
| Advanced and Enterprise | Configuration assessment is unauthorized. | 2 | If this is the first time you use this feature, obtain the required permissions. | |
| All paid editions | Log analysis is disabled. | 2 | Activate log analysis | |
| All paid editions | Antivirus is disabled. | 2 | Enable the anti-ransomware feature | |
| All paid editions | No anti-ransomware policies are created. | 2 | Create a protection policy | |
| All paid editions | Periodic virus detection is disabled. | 5 | Periodic virus scanning | |
| Enterprise | Kubernets threat detection is disabled. | 5 | Threat detection for Kubernetes containers | |
| Unhandled alerts | All paid editions | Unhandled high-risk alerts are detected. | 20 | Handle alerts |
| All paid editions | Unhandled medium-risk alerts are detected. | 20 | Handle alerts | |
| All paid editions | Unhandled low-risk alerts are detected. | 20 | Handle alerts | |
| Unfixed vulnerabilities | Advanced and Enterprise | Unfixed Web-CMS vulnerabilities are detected. | 2 | Web-CMS vulnerabilities |
| Advanced and Enterprise | Unfixed Windows system vulnerabilities are detected. | 2 | Windows system vulnerabilities | |
| Advanced and Enterprise | Unfixed Linux software vulnerabilities are detected. | 2 | Linux software vulnerabilities | |
| Advanced and Enterprise | Unfixed urgent vulnerabilities are detected. | 5 | Urgent vulnerabilities | |
| Advanced and Enterprise | Urgent vulnerabilities are detected for the first time. | 3 | Urgent vulnerabilities | |
| Baseline risks | Advanced and Enterprise | Baseline risks are detected. | 1 | Manage baseline risks |
| Configuration risks | Advanced and Enterprise | The Basic edition of Security Center is used. | 5 | Purchase Security Center |
| Advanced and Enterprise | Anti-DDoS Pro and Anti-DDoS Premium fail the back-to-origin configuration check. |
|
Manage configuration risks | |
| Advanced and Enterprise | Two-factor authentication is disabled for your Alibaba Cloud account. |
|
Manage configuration risks | |
| Advanced and Enterprise | ApsaraDB RDS fails the security policy check. |
|
Manage configuration risks | |
| Advanced and Enterprise | High risks are detected for cloud service configurations. | 2 | Manage configuration risks | |
| Advanced and Enterprise | Low and medium risks are detected for cloud service configurations. | 1 | Manage configuration risks | |
| AccessKey pair leaks | All editions | Potential risks of AccessKey pair leaks are detected. | 30 | View and handle AccessKey pair leaks |
| Other types | Enterprise | Attack events are detected. | 5 | Improve the security score |
References
What are the priorities of security events?
How do penalty points differ between the Advanced and Enterprise editions?
How does the vulnerability scan level affect the security score?
How does the baseline check level affect the security score?