Security Center provides unified security management and protection for hosts, containers, and virtual machines — whether they run on Alibaba Cloud, other cloud providers, or in on-premises data centers. It automates the full security operations cycle, from asset discovery and risk assessment to real-time defense and incident response, defending against threats such as ransomware, malicious mining, and vulnerability exploits, and helps your organization meet compliance requirements such as Multi-Level Protection Scheme (MLPS) 2.0.
How it works
Security Center runs a closed-loop security operations cycle built on five components:
Asset inventory: Maintains a unified inventory of all servers, containers, and cloud-native resources across multi-cloud environments, providing the visibility needed for risk assessment and policy enforcement.
Risk discovery: Proactively scans for operating system (OS) and application vulnerabilities, cloud product misconfigurations, and identity risks such as leaked AccessKey pairs.
Security hardening: Remediates discovered risks by patching vulnerabilities, correcting misconfigurations, enabling web tamper proofing, and backing up data against ransomware.
Real-time protection: Monitors host and container runtime environments continuously. Using virus signatures, behavior analysis, and Runtime Application Self-Protection (RASP), it detects and automatically blocks viruses, Trojans, unauthorized logons, and malicious files.
Proactive detection and response: Uses cloud honeypots to lure attackers, reconstructs attack chains with Agentic SOC, and applies a security large language model (LLM) for alert correlation. Automated incident handling runs through Security Orchestration, Automation, and Response (SOAR).
Use cases
MLPS 2.0 compliance
Security Center maps its security capabilities directly to Multi-Level Protection Scheme (MLPS) 2.0 clauses. Baseline checks and remediation, vulnerability management, security audits, and intrusion prevention collectively satisfy the technical and administrative controls required by the standard.
Unified host security for hybrid and multi-cloud environments
For workloads spread across Alibaba Cloud, other cloud providers, and on-premises data centers, Security Center provides a single security control plane. Deploy the agent on all servers and manage virus scanning, vulnerability assessments, and policy configuration from one console — regardless of platform or region.
Full container lifecycle security
Security Center covers every stage of the container lifecycle — from build and deployment to runtime. Container image scanning, runtime intrusion detection and prevention, and Kubernetes cluster threat detection collectively secure cloud-native applications at each phase.
Benefits
Unified management: Single pane of glass for hosts and containers across Alibaba Cloud, other cloud providers, and on-premises data centers.
Lightweight and efficient: Cloud-based detection with endpoint-based response. The agent runs in low-consumption mode where CPU usage stays within 10% of a single core, with no measurable effect on business workloads.
Deep integration: Detects configuration risks in cloud products and interoperates with Cloud Firewall to close the security operations loop with automated threat response.
Comprehensive attack detection: Over 380 threat detection models and eight protection engines identify and block the latest threats end to end.
Alert feature limits
Security Center is designed to enhance asset security through real-time alerts, vulnerability management, and attack tracing. However, due to the following limitations, we recommend adopting a defense-in-depth strategy to improve overall security:
Defense startup delay: After a server restart, it takes some time for the Security Center defense process to start. During this interval before it takes effect, fast attacks such as ransomware and DDoS trojans cannot be effectively blocked.
Unknown threat risks: Due to the continuous evolution of cyber attack methods and virus samples, as well as differences in business environments, Security Center cannot guarantee real-time detection and defense against all unknown threats.
To build a more comprehensive security defense, we recommend combining Security Center with the following measures:
Regularly update security patches for server OS and applications.
Use products such as Cloud Firewall and Web Application Firewall to reduce the network attack surface.
Billing methods
Security Center supports subscription and pay-as-you-go billing. Regardless of the method you choose, you have access to the features of the Free Edition.
For details on Free Edition capabilities, see Introduction to the Free Edition of Security Center.
Item | Subscription | Pay-as-you-go |
Payment model | Single upfront fee for a monthly or yearly term. Fixed cost simplifies budgeting. | Pay only for what you use. No upfront investment. |
Fee breakdown | Fees = Edition fee + Value-added service fee (optional).
Note For more information about fees, see Billing description. | Fees = Basic service fee + Feature usage fee.
Note For more information about fees, see Billing description. |
Best for | Stable, long-term workloads with a fixed budget. | Elastic scaling, short-term projects, or frequently changing demands. |
Service regions and data centers
Security Center operates two global service centers with isolated data and configurations. Select the region matching your assets in the Security Center console top navigation bar.
Region | Data center | Asset locations protected |
Chinese Mainland | Data centers in the Chinese mainland | China (Qingdao), China (Beijing), China (Zhangjiakou), China (Hohhot), China (Ulanqab), China (Shenzhen), China (Heyuan), China (Guangzhou), China (Hangzhou), China (Shanghai), China (Nanjing - Decommissioning), China (Chengdu) |
Outside Chinese Mainland | Singapore data center | Japan (Tokyo), South Korea (Seoul), Singapore, Malaysia (Kuala Lumpur), Indonesia (Jakarta), Philippines (Manila), Thailand (Bangkok), Germany (Frankfurt), UK (London), US (Virginia), US (Silicon Valley), SAU (Riyadh - Partner Region), UAE (Dubai), China (Hong Kong) |
Get started
Onboard your assets based on asset type:
Host assets: Install the agent
Container assets: Add image repositories, Add self-managed Kubernetes clusters
Third-party cloud assets: Add assets from third-party clouds
Data center assets: Add data center assets
Assets behind a proxy: Add servers to Security Center by using the proxy access feature
Manage your assets by type:
Host assets: Host assets
Container assets: Container assets
Website assets: View website information
Cloud product assets: View cloud product information
Configure features: Review the available features in Features, then follow the corresponding documentation to configure them.
For guided walkthroughs, see ECS security posture and Quick start for Agentic SOC.
FAQ
Editions, trials, and billing
How do I choose the right Security Center edition?
The right edition depends on your core security needs, asset types, and budget. See Purchase Security Center for a feature-by-edition comparison.
Can I apply for the free trial more than once?
No. Each Alibaba Cloud account is eligible for only one free trial of the Enterprise Edition.
What is the difference between the Free Edition and the Enterprise Edition free trial?
Free Edition
Enterprise Edition free trial
Eligible accounts
All Alibaba Cloud accounts that have completed identity verification
Accounts that have not activated a trial or paid version of the Enterprise Edition
Capabilities
Basic security capabilities, permanently
Full Enterprise Edition capabilities for 7 days
Duration
Permanent
7 days
Core features
Scanning for abnormal logons, mining and DDoS Trojans, and major vulnerabilities
All Enterprise Edition features, including virus scanning, advanced threat detection, and vulnerability remediation
Activation
Activated automatically — no application required
Each account can apply only once
How do I get Security Center for free?
Free Edition: Activated automatically after you complete identity verification for your Alibaba Cloud account. See Introduction to the Free Edition of Security Center.
Enterprise Edition free trial: Activate a 7-day free trial.
Core features and scenarios
Does Security Center comply with international security standards?
Yes. Security Center is certified for ISO 9001, ISO 20000, ISO 22301, ISO 27001, ISO 27017, ISO 27018, ISO 29151, ISO 27701, BS 10012, CSA STAR, and Payment Card Industry Data Security Standard (PCI DSS), among other international standards.
Does Security Center support virus scanning and removal?
Yes. The Anti-virus, Premium, Enterprise, and Ultimate editions detect and remove common network viruses.
Can Security Center automatically quarantine infected files?
Security Center supports automatic blocking but not automatic file quarantine.
Automatic blocking: Detects and prevents malicious processes and behaviors in real time when a virus attempts to intrude. Security Center can automatically block ransomware, mining programs, Trojans, and other network viruses before they infect the system.
File quarantine: Moves an infected file to a quarantine area. Because quarantining a system or business file can interrupt services, an administrator must assess the risk and perform this action manually to preserve business continuity.
How does Security Center provide end-to-end security during a cyberattack?
Security Center covers all three stages of an attack:
Before an attack (assessment and hardening): Discovers risks through asset information collection, vulnerability assessment, and baseline checks. One-click remediation, baseline hardening, and permission optimization reduce the attack surface.
During an attack (detection and defense): Detects and blocks webshells, unusual outbound connections, brute-force attacks, ransomware, and mining programs.
After an incident (response and forensics): Correlates cloud-based threat intelligence with host behavior anomalies to generate alerts, trace the attack chain, and support emergency response.
Asset coverage and connection
Can Security Center protect non-Alibaba Cloud servers, such as those in on-premises data centers or from other cloud providers?
Yes. Install the agent on any server to bring it under Security Center protection.
Server type
How to connect
Alibaba Cloud ECS
Select Security Hardening at purchase and the agent installs automatically, activating the Free Edition. To install or upgrade manually, follow the console instructions after purchasing a paid edition.
Data center or third-party cloud servers
Install the agent and connect over the Internet or through a proxy. See Connect servers in data centers to Security Center through a proxy cluster and Add assets from third-party clouds.
My server assets are outside the Chinese mainland. Can I still use Security Center? How is my data handled?
Yes. Security Center provides a Singapore data center for assets in the Outside Chinese Mainland region. When you select Outside Chinese Mainland in the Security Center console, all security data is processed and stored in the Singapore data center with no cross-border data transfer, in compliance with data sovereignty requirements.