Alibaba Cloud Security Center can help to build a complete cloud security system that supports security events monitoring, vulnerability detection, baseline check, asset fingerprints, and log retrieval. Security Center monitors web intrusions in real time and generates security alerts when an intrusion is detected. Vulnerability detection and baseline check are used to check and fix system flaws to prevent potential attacks. Asset fingerprints update you information on server processes, your system accounts, software and listening ports. Log retrieval provides server logs and network logs to help you analyze the security trends of your servers, track the causes of security events and help you handle the security threats detected by Security Center.
- Security alerts and alert correlation
Security Center detects security issues in real time, provides solutions, and allows you to search and analyze logs and events. Alert correlation rules automatically group the related events together and then generate a related alert. It can help you see all the related alerts on one page, and provide you with centralized management on the alerts and related events.
- Vulnerability detection and baseline check
Security Center automatically detects vulnerabilities and insecure configurations on assets, and provides solutions to enhance system security.
- Risk quantification and prediction
Security Center uses machine learning to quantify and analyze the threats, and predict potential risks.
- Visualized user interface
Security Center provides a visualized user interface for you to view security issues at any time.
- Log storage and retrieval
Security Center provides you with the last 180 days' log and allows you to search and analyze logs created in the last 30 days.
- Overall log analysis
Security Center provides real-time log search and analysis, which covers all types of logs for Security Center, such as starting of server process, outgoing network connection, system logon, DNS request, etc. Supports the creation of reports and alarms.
Cloud Threat Detection
Cloud Threat Detection integrates the features of popular antivirus engines, and provides you with comprehensive and real-time virus detection and protection service. This service features a unique detection model, which is based on machine learning and deep learning techniques, and large amount of threat information gathered by Alibaba Cloud.
Cloud Threat Detection checks hundreds of millions of files every day and serves millions of cloud servers.
Detection capabilities of Cloud Threat Detection
Security Center collects the process information on servers and upload it onto cloud for viruses detection. If a malicious process has been detected, you can directly stop the process and quarantine the related files.
- Virus detection engine (self-developed by Alibaba) is built on deep learning techniques and a large amount of attack samples and protection policies. The engine specializes in detecting malicious files in the cloud, can effectively identify potential threats, and cover the shortages of traditional antivirus engines.
- Cloud sandbox (self-developed by Alibaba) simulates cloud environments and allow you to monitor attacks from malicious samples. Based on big data analysis and machine learning modeling techniques, cloud sandbox automatically checks and detects potential threats and offers dynamic analysis and detection capabilities.
- Integration with antivirus engines popular in the world enables the service to timely update the virus database.
- Based on the threat data provided by Security Center, the service also integrates a server detection model to detect suspicious processes and malicious activities from various perspectives.
Supported virus types
Cloud Threat Detection provides a comprehensive solution based on the experience of Alibaba Cloud's security and defense experts. It covers data collection, masking, recognition, analysis, quarantine and recovery. You can quarantine malicious files and restore quarantined files on Security Center console.
Cloud Threat Detection can detect the following virus types :
|Mining program||A mining program illegally consumes server resources to mine virtual currencies.|
|Computer worm||A computer worm is a malware computer program that replicates itself and spread to a large number of computers within a short time.|
|Ransomware||Ransomware such as WannaCry uses encryption algorithms to encrypt files and prevent users from accessing their files.|
|Trojans||A trojan is a malicious program that allows the attacker to access users' personal information, to gain control of the server, and to consume system resources.|
|DDoS trojan||A DDoS trojan hijacks servers and uses zombie servers to launch DDoS attacks, which can interrupt your normal service.|
|Backdoor||A backdoor is a malicious program injected by an attacker, who uses the backdoor to control the server or launch attacks.|
|Computer virus||A computer virus is a type of malicious program that can replicate itself by modifying other programs and insert malicious code into other programs to infect the whole system.|
|Malicious program||Programs that brings harm to a computer system and data security.|