Security Center provides unified security management and protection for hosts, containers, and virtual machines — whether they run on Alibaba Cloud, other cloud providers, or in on-premises data centers. It automates the full security operations cycle, from asset discovery and risk assessment to real-time defense and incident response, defending against threats such as ransomware, malicious mining, and vulnerability exploits, and helps your organization meet compliance requirements such as Multi-Level Protection Scheme (MLPS) 2.0.
How it works
Security Center runs a closed-loop security operations cycle built on five components:
Asset inventory: Maintains a unified inventory of all servers, containers, and cloud-native resources across multi-cloud environments, providing the visibility needed for risk assessment and policy enforcement.
Risk discovery: Proactively scans for operating system (OS) and application vulnerabilities, cloud product misconfigurations, and identity risks such as leaked AccessKey pairs.
Security hardening: Remediates discovered risks by patching vulnerabilities, correcting misconfigurations, enabling web tamper proofing, and backing up data against ransomware.
Real-time protection: Monitors host and container runtime environments continuously. Using virus signatures, behavior analysis, and Runtime Application Self-Protection (RASP), it detects and automatically blocks viruses, Trojans, unauthorized logons, and malicious files.
Proactive detection and response: Uses cloud honeypots to lure attackers, reconstructs attack chains with Agentic SOC, and applies a security large language model (LLM) for alert correlation. Automated incident handling runs through Security Orchestration, Automation, and Response (SOAR).
Use cases
MLPS 2.0 compliance
Security Center maps its security capabilities directly to Multi-Level Protection Scheme (MLPS) 2.0 clauses. Baseline checks and remediation, vulnerability management, security audits, and intrusion prevention collectively satisfy the technical and administrative controls required by the standard.
Unified host security for hybrid and multi-cloud environments
For workloads spread across Alibaba Cloud, other cloud providers, and on-premises data centers, Security Center provides a single security control plane. Deploy the agent on all servers and manage virus scanning, vulnerability assessments, and policy configuration from one console — regardless of platform or region.
Full container lifecycle security
Security Center covers every stage of the container lifecycle — from build and deployment to runtime. Container image scanning, runtime intrusion detection and prevention, and Kubernetes cluster threat detection collectively secure cloud-native applications at each phase.
Benefits
Unified management: Single pane of glass for hosts and containers across Alibaba Cloud, other cloud providers, and on-premises data centers.
Lightweight and efficient: Cloud-based detection with endpoint-based response. The agent runs in low-consumption mode where CPU usage stays within 10% of a single core, with no measurable effect on business workloads.
Deep integration: Detects configuration risks in cloud products and interoperates with Cloud Firewall to close the security operations loop with automated threat response.
Comprehensive attack detection: Over 380 threat detection models and eight protection engines identify and block the latest threats end to end.
Billing methods
Security Center supports subscription and pay-as-you-go billing. Regardless of the method you choose, you have access to the features of the Free Edition.
For details on Free Edition capabilities, see Introduction to the Free Edition of Security Center.
| Subscription | Pay-as-you-go | |
|---|---|---|
| Payment model | Single upfront fee for a monthly or yearly term. Fixed cost simplifies budgeting. | Pay only for what you use. No upfront investment. |
| Fee breakdown | Edition fee + value-added service fee (optional). Editions: Anti-virus, Advanced, Enterprise, Ultimate, and Value-added Plan. Optional add-ons include anti-ransomware and Agentic SOC. See Billing. | Basic service fee + feature usage fee. The basic fee is a fixed monthly charge when any pay-as-you-go feature is enabled; it covers DingTalk Robot, security reports, and Task Hub (requires purchasing or enabling vulnerability remediation). Each feature is enabled and billed individually. See Billing. |
| Best for | Stable, long-term workloads with a fixed budget. | Elastic scaling, short-term projects, or frequently changing demands. |
Service regions and data centers
Security Center operates two global service centers with isolated data and configurations. Select the region matching your assets in the Security Center console top navigation bar.
| Region | Data center | Asset locations protected |
|---|---|---|
| Chinese Mainland | Data centers in the Chinese mainland | China (Qingdao), China (Beijing), China (Zhangjiakou), China (Hohhot), China (Ulanqab), China (Shenzhen), China (Heyuan), China (Guangzhou), China (Hangzhou), China (Shanghai), China (Nanjing - Decommissioning), China (Chengdu) |
| Outside Chinese Mainland | Singapore data center | Japan (Tokyo), South Korea (Seoul), Singapore, Malaysia (Kuala Lumpur), Indonesia (Jakarta), Philippines (Manila), Thailand (Bangkok), Germany (Frankfurt), UK (London), US (Virginia), US (Silicon Valley), SAU (Riyadh - Partner Region), UAE (Dubai), China (Hong Kong) |
Get started
Onboard your assets based on asset type:
Host assets: Install the agent
Container assets: Add image repositories, Add self-managed Kubernetes clusters
Third-party cloud assets: Add assets from third-party clouds
Data center assets: Add assets from data centers
Assets behind a proxy: Connect using a proxy
Manage your assets by type:
Host assets: Host assets
Container assets: Container assets
Website assets: View website information
Cloud product assets: View cloud product information
Configure features: Review the available features in Features, then follow the corresponding documentation to configure them.
For guided walkthroughs, see Quickly master your ECS security posture and Quick start for Agentic SOC.
FAQ
Editions, trials, and billing
How do I choose the right Security Center edition?
The right edition depends on your core security needs, asset types, and budget. See Purchase Security Center for a feature-by-edition comparison.
Can I apply for the free trial more than once?
No. Each Alibaba Cloud account is eligible for only one free trial of the Enterprise Edition.
What is the difference between the Free Edition and the Enterprise Edition free trial?
| Free Edition | Enterprise Edition free trial | |
|---|---|---|
| Eligible accounts | All Alibaba Cloud accounts that have completed identity verification | Accounts that have not activated a trial or paid version of the Enterprise Edition |
| Capabilities | Basic security capabilities, permanently | Full Enterprise Edition capabilities for 7 days |
| Duration | Permanent | 7 days |
| Core features | Scanning for abnormal logons, mining and DDoS Trojans, and major vulnerabilities | All Enterprise Edition features, including virus scanning, advanced threat detection, and vulnerability remediation |
| Activation | Activated automatically — no application required | Each account can apply only once |
How do I get Security Center for free?
Free Edition: Activated automatically after you complete identity verification for your Alibaba Cloud account. See Introduction to the Free Edition of Security Center.
Enterprise Edition free trial: Activate a 7-day free trial.
Core features and scenarios
Does Security Center comply with international security standards?
Yes. Security Center is certified for ISO 9001, ISO 20000, ISO 22301, ISO 27001, ISO 27017, ISO 27018, ISO 29151, ISO 27701, BS 10012, CSA STAR, and Payment Card Industry Data Security Standard (PCI DSS), among other international standards.
Does Security Center support virus scanning and removal?
Yes. The Anti-virus, Premium, Enterprise, and Ultimate editions detect and remove common network viruses.
Can Security Center automatically quarantine infected files?
Security Center supports automatic blocking but not automatic file quarantine.
Automatic blocking: Detects and prevents malicious processes and behaviors in real time when a virus attempts to intrude. Security Center can automatically block ransomware, mining programs, Trojans, and other network viruses before they infect the system.
File quarantine: Moves an infected file to a quarantine area. Because quarantining a system or business file can interrupt services, an administrator must assess the risk and perform this action manually to preserve business continuity.
How does Security Center provide end-to-end security during a cyberattack?
Security Center covers all three stages of an attack:
Before an attack (assessment and hardening): Discovers risks through asset information collection, vulnerability assessment, and baseline checks. One-click remediation, baseline hardening, and permission optimization reduce the attack surface.
During an attack (detection and defense): Detects and blocks webshells, unusual outbound connections, brute-force attacks, ransomware, and mining programs.
After an incident (response and forensics): Correlates cloud-based threat intelligence with host behavior anomalies to generate alerts, trace the attack chain, and support emergency response.
Asset coverage and connection
Can Security Center protect non-Alibaba Cloud servers, such as those in on-premises data centers or from other cloud providers?
Yes. Install the agent on any server to bring it under Security Center protection.
| Server type | How to connect |
|---|---|
| Alibaba Cloud ECS | Select Security Hardening at purchase and the agent installs automatically, activating the Free Edition. To install or upgrade manually, follow the console instructions after purchasing a paid edition. |
| Data center or third-party cloud servers | Install the agent and connect over the Internet or through a proxy. See Connect servers in data centers to Security Center through a proxy cluster and Add assets from third-party clouds. |
My server assets are outside the Chinese mainland. Can I still use Security Center? How is my data handled?
Yes. Security Center provides a Singapore data center for assets in the Outside Chinese Mainland region. When you select Outside Chinese Mainland in the Security Center console, all security data is processed and stored in the Singapore data center with no cross-border data transfer, in compliance with data sovereignty requirements.