All Products
Search
Document Center

Security Center:What is Security Center

Last Updated:Apr 29, 2026

Security Center provides unified security management and protection for hosts, containers, and virtual machines — whether they run on Alibaba Cloud, other cloud providers, or in on-premises data centers. It automates the full security operations cycle, from asset discovery and risk assessment to real-time defense and incident response, defending against threats such as ransomware, malicious mining, and vulnerability exploits, and helps your organization meet compliance requirements such as Multi-Level Protection Scheme (MLPS) 2.0.

How it works

Security Center runs a closed-loop security operations cycle built on five components:

  • Asset inventory: Maintains a unified inventory of all servers, containers, and cloud-native resources across multi-cloud environments, providing the visibility needed for risk assessment and policy enforcement.

  • Risk discovery: Proactively scans for operating system (OS) and application vulnerabilities, cloud product misconfigurations, and identity risks such as leaked AccessKey pairs.

  • Security hardening: Remediates discovered risks by patching vulnerabilities, correcting misconfigurations, enabling web tamper proofing, and backing up data against ransomware.

  • Real-time protection: Monitors host and container runtime environments continuously. Using virus signatures, behavior analysis, and Runtime Application Self-Protection (RASP), it detects and automatically blocks viruses, Trojans, unauthorized logons, and malicious files.

  • Proactive detection and response: Uses cloud honeypots to lure attackers, reconstructs attack chains with Agentic SOC, and applies a security large language model (LLM) for alert correlation. Automated incident handling runs through Security Orchestration, Automation, and Response (SOAR).

image

Use cases

MLPS 2.0 compliance

Security Center maps its security capabilities directly to Multi-Level Protection Scheme (MLPS) 2.0 clauses. Baseline checks and remediation, vulnerability management, security audits, and intrusion prevention collectively satisfy the technical and administrative controls required by the standard.

image

Unified host security for hybrid and multi-cloud environments

For workloads spread across Alibaba Cloud, other cloud providers, and on-premises data centers, Security Center provides a single security control plane. Deploy the agent on all servers and manage virus scanning, vulnerability assessments, and policy configuration from one console — regardless of platform or region.

image

Full container lifecycle security

Security Center covers every stage of the container lifecycle — from build and deployment to runtime. Container image scanning, runtime intrusion detection and prevention, and Kubernetes cluster threat detection collectively secure cloud-native applications at each phase.

image

Benefits

  • Unified management: Single pane of glass for hosts and containers across Alibaba Cloud, other cloud providers, and on-premises data centers.

  • Lightweight and efficient: Cloud-based detection with endpoint-based response. The agent runs in low-consumption mode where CPU usage stays within 10% of a single core, with no measurable effect on business workloads.

  • Deep integration: Detects configuration risks in cloud products and interoperates with Cloud Firewall to close the security operations loop with automated threat response.

  • Comprehensive attack detection: Over 380 threat detection models and eight protection engines identify and block the latest threats end to end.

Alert feature limits

Security Center is designed to enhance asset security through real-time alerts, vulnerability management, and attack tracing. However, due to the following limitations, we recommend adopting a defense-in-depth strategy to improve overall security:

  • Defense startup delay: After a server restart, it takes some time for the Security Center defense process to start. During this interval before it takes effect, fast attacks such as ransomware and DDoS trojans cannot be effectively blocked.

  • Unknown threat risks: Due to the continuous evolution of cyber attack methods and virus samples, as well as differences in business environments, Security Center cannot guarantee real-time detection and defense against all unknown threats.

To build a more comprehensive security defense, we recommend combining Security Center with the following measures:

  1. Regularly update security patches for server OS and applications.

  2. Use products such as Cloud Firewall and Web Application Firewall to reduce the network attack surface.

Billing methods

Security Center supports subscription and pay-as-you-go billing. Regardless of the method you choose, you have access to the features of the Free Edition.

Important

For details on Free Edition capabilities, see Introduction to the Free Edition of Security Center.

Item

Subscription

Pay-as-you-go

Payment model

Single upfront fee for a monthly or yearly term. Fixed cost simplifies budgeting.

Pay only for what you use. No upfront investment.

Fee breakdown

Fees = Edition fee + Value-added service fee (optional).

  • Edition fee: Editions such as Anti-virus,Advanced,Enterprise,Ultimate and Value-added Plan are available. Higher-tier editions include more comprehensive features.

  • Value-added service fee: You can purchase additional value-added services, such as anti-ransomware and Agentic SOC.

Note

For more information about fees, see Billing description.

Fees = Basic service fee + Feature usage fee.

  • Basic service fee: Charged when you enable any pay-as-you-go feature. It includes services such as DingTalk Robot, security reports, and Task Hub (requires purchase or activation of vulnerability fixing).

  • Feature usage fee: You are charged for the specific features you purchase and enable. Each feature can be enabled and billed separately.

Note

For more information about fees, see Billing description.

Best for

Stable, long-term workloads with a fixed budget.

Elastic scaling, short-term projects, or frequently changing demands.

Service regions and data centers

Security Center operates two global service centers with isolated data and configurations. Select the region matching your assets in the Security Center console top navigation bar.

Region

Data center

Asset locations protected

Chinese Mainland

Data centers in the Chinese mainland

China (Qingdao), China (Beijing), China (Zhangjiakou), China (Hohhot), China (Ulanqab), China (Shenzhen), China (Heyuan), China (Guangzhou), China (Hangzhou), China (Shanghai), China (Nanjing - Decommissioning), China (Chengdu)

Outside Chinese Mainland

Singapore data center

Japan (Tokyo), South Korea (Seoul), Singapore, Malaysia (Kuala Lumpur), Indonesia (Jakarta), Philippines (Manila), Thailand (Bangkok), Germany (Frankfurt), UK (London), US (Virginia), US (Silicon Valley), SAU (Riyadh - Partner Region), UAE (Dubai), China (Hong Kong)

Get started

  1. Onboard your assets based on asset type:

  2. Manage your assets by type:

  3. Configure features: Review the available features in Features, then follow the corresponding documentation to configure them.

For guided walkthroughs, see ECS security posture and Quick start for Agentic SOC.

FAQ

Editions, trials, and billing

  • How do I choose the right Security Center edition?

    The right edition depends on your core security needs, asset types, and budget. See Purchase Security Center for a feature-by-edition comparison.

  • Can I apply for the free trial more than once?

    No. Each Alibaba Cloud account is eligible for only one free trial of the Enterprise Edition.

  • What is the difference between the Free Edition and the Enterprise Edition free trial?

    Free Edition

    Enterprise Edition free trial

    Eligible accounts

    All Alibaba Cloud accounts that have completed identity verification

    Accounts that have not activated a trial or paid version of the Enterprise Edition

    Capabilities

    Basic security capabilities, permanently

    Full Enterprise Edition capabilities for 7 days

    Duration

    Permanent

    7 days

    Core features

    Scanning for abnormal logons, mining and DDoS Trojans, and major vulnerabilities

    All Enterprise Edition features, including virus scanning, advanced threat detection, and vulnerability remediation

    Activation

    Activated automatically — no application required

    Each account can apply only once

  • How do I get Security Center for free?

Core features and scenarios

  • Does Security Center comply with international security standards?

    Yes. Security Center is certified for ISO 9001, ISO 20000, ISO 22301, ISO 27001, ISO 27017, ISO 27018, ISO 29151, ISO 27701, BS 10012, CSA STAR, and Payment Card Industry Data Security Standard (PCI DSS), among other international standards.

  • Does Security Center support virus scanning and removal?

    Yes. The Anti-virus, Premium, Enterprise, and Ultimate editions detect and remove common network viruses.

  • Can Security Center automatically quarantine infected files?

    Security Center supports automatic blocking but not automatic file quarantine.

    • Automatic blocking: Detects and prevents malicious processes and behaviors in real time when a virus attempts to intrude. Security Center can automatically block ransomware, mining programs, Trojans, and other network viruses before they infect the system.

    • File quarantine: Moves an infected file to a quarantine area. Because quarantining a system or business file can interrupt services, an administrator must assess the risk and perform this action manually to preserve business continuity.

  • How does Security Center provide end-to-end security during a cyberattack?

    Security Center covers all three stages of an attack:

    • Before an attack (assessment and hardening): Discovers risks through asset information collection, vulnerability assessment, and baseline checks. One-click remediation, baseline hardening, and permission optimization reduce the attack surface.

    • During an attack (detection and defense): Detects and blocks webshells, unusual outbound connections, brute-force attacks, ransomware, and mining programs.

    • After an incident (response and forensics): Correlates cloud-based threat intelligence with host behavior anomalies to generate alerts, trace the attack chain, and support emergency response.

Asset coverage and connection

  • Can Security Center protect non-Alibaba Cloud servers, such as those in on-premises data centers or from other cloud providers?

    Yes. Install the agent on any server to bring it under Security Center protection.

    Server type

    How to connect

    Alibaba Cloud ECS

    Select Security Hardening at purchase and the agent installs automatically, activating the Free Edition. To install or upgrade manually, follow the console instructions after purchasing a paid edition.

    Data center or third-party cloud servers

    Install the agent and connect over the Internet or through a proxy. See Connect servers in data centers to Security Center through a proxy cluster and Add assets from third-party clouds.

  • My server assets are outside the Chinese mainland. Can I still use Security Center? How is my data handled?

    Yes. Security Center provides a Singapore data center for assets in the Outside Chinese Mainland region. When you select Outside Chinese Mainland in the Security Center console, all security data is processed and stored in the Singapore data center with no cross-border data transfer, in compliance with data sovereignty requirements.