Security Center is available in Basic, Advanced and Enterprise Edition.
- Basic Edition: Detects unusual logon and server vulnerabilities. Basic Edition is available for free.
- Enterprise Edition: Provides comprehensive security services, including security events, server vulnerability detection and resolution, baseline check, asset fingerprints, and log retrieval. Enterprise Edition is charged by annual and monthly subscription.
Feature comparison among Basic/Advanced/Enterprise Edition
The following table compares the features provided by Basic Edition, Advanced Edition and Enterprise Edition of Security Center:
- X indicates that the related feature is excluded in the service.
- √ indicates that the related feature is included in the service.
- Value-added indicates that you must purchase the related feature additionally.
|Security events||Unusual logon detection||Basic detection
|Security events||Webshell removal||Webshell detection: checks both instances/servers and networks for web scripts, such
as PHP, ASP, and JSP files.
|Webshell removal: easily quarantines the detected Webshell in the console. You can restore the Webshell within 30 days after isolation.||X||√||√|
|Malicious processes (malware checking)||Virus detection: Periodically scans processes, monitors process initiation events,
and detects malicious viruses and Trojans using the anti-virus mechanism in the cloud.
Virus removal: Terminates processes and quarantines malicious files in the console.Scope of virus targets:
|Suspicious processes||Suspicious process detection: Restores intrusion links based on real attack-defense
scenarios in the cloud, creates a process whitelist, and generates alarms when detecting
illegal and intrusive processes.
Scope of suspicious types:
Suspicious process coverage: Builds more than 1,000 process patterns for hundreds of processes, and analyzes suspicious processes by comparing them with these patterns.
|Sensitive file tampering||Tampering detection: Monitors sensitive directories and files in real time, and generates
alarms when detecting suspicious reading, writing, and deletion processes.Scope of
|Unusual network connection||Unusual connection: Monitors connections between instances and networks, and generates
an alarm when detecting an illegal connection.Scope of unusual connections:
|Vulnerability management||Vulnerabilities of Linux software||Detection of Linux software vulnerabilities: Compares software versions by using the Open Vulnerability and Assessment Language (OVAL?) matching engine, and generates alarms when detecting vulnerabilities from the Common Vulnerabilities and Exposures (CVE?) vulnerability database.||√||√||√|
|Vulnerability fix: Fixes vulnerabilities automatically with easily applied updates, and generates vulnerability fix instructions for manual fixes.||X||√||√|
|Windows vulnerabilities||Detection of Windows vulnerabilities: Obtains updates from Microsoft Updates for the Windows operating system, detects critical and other vulnerabilities, and generates alarms of these vulnerabilities.||√||√||√|
|Vulnerability fix: Downloads updates, installs the updates silently, and then prompts you to restart the system if required.||X||√||√|
|WCMS vulnerabilities||Detection of Web content management system (WCMS) vulnerabilities: Monitors Web directories, recognizes common website builders, and checks the vulnerability database to identify vulnerabilities in the website builders.||√||√||√|
|Vulnerability fix: Uses proprietary updates developed by Alibaba Cloud to replace or modify source code and allows you to easily fix vulnerabilities.||X||√||√|
|Baseline check||Server baseline||Server baseline check: Initiates tasks to scan security configurations of servers,
and generates notifications for vulnerable configurations. Scope of server baseline
Check policy: Supports a customized check policy that specifies the checked items, check cycle, and target server group. The system does not support customized check scripts.
|Asset fingerprints||Asset fingerprints||Port: Collects and displays port listening information, and records changes to track
Account: Collects information about accounts and related permissions, and checks privileged accounts for privilege elevation.
Process: Collects and displays process snapshots to track normal processes and detect unusual processes.
Software: Checks software installation information, and in the case of critical vulnerabilities, quickly locates affected assets.
Website background: Recognizes website back-end assets, and detects user enumeration attempts and unusual background logons.
|Log analysis||Overall log analysis||Security Center provides real-time log search and analysis, which covers all types of logs for Security Center, such as starting of server process, outgoing network connection, system logon, DNS request, etc.||X||Value-added||Value-added|
|Web Guard||Web Guard||Web Guards adopts the advanced web tempering protection technology, monitors the protected directories, prevents your website providing illegally tempered information, and backup and restore the website files.||X||Value-added||Value-added|
|Alert correlation analysis||Alert correlation analysis||Alert correlation rules automatically group the related events together and then generate a related alert. It can help you see all the related alerts on one page, and provide you with centralized management on the alerts and related events.||X||X||√|