Security Center provides basic security features, such as virus scanning and asset exposure analysis, and value-added features, such as anti-ransomware and application protection, to meet your security needs in various scenarios. This topic describes the billing methods, billable items, and billing formulas for Security Center.
Billing methods
Subscription
Security Center supports the subscription billing method. This is a prepaid method where you pay for services before you use them. A subscription lets you reserve resources in advance and receive discounts. This billing method is suitable for the following business scenarios:
The resource usage cycle is predictable.
Business scenarios are stable.
Resources are required for a long period.
The billing cycle for a subscription resource is based on the subscription duration of the order (in UTC+8). A billing cycle starts at the exact time the resource is activated or renewed and ends at 00:00:00 on the day after the expiration date.
Pay-as-you-go
Features such as Host and Container Security, Vulnerability Fixing, and Threat Analysis and Response support the pay-as-you-go billing method. After you enable the pay-as-you-go billing method for a feature, the system generates a bill the next day based on your actual daily usage.
Billable items
Security Center billing consists of Basic feature fees and Value-added feature fees. The billable items are described as follows:
Basic feature fees: These are fees for basic protection packages offered in various Security Center editions. Basic features include virus scanning, baseline checks, proactive container defense, and security alert handling. The supported features vary by edition. You can select an edition based on your needs. For more information about the differences between editions, see Features.
Value-added feature fees: These are fees for features that can be purchased and used separately. You can also purchase one or more value-added features when you purchase a specific edition. Examples include anti-ransomware, web tamper proofing, and cloud honeypot. You can enable pay-as-you-go for features such as vulnerability fixing, agentless detection, and cloud security posture management.
Billing formulas
The Free Edition of Security Center is automatically enabled for all Alibaba Cloud users. The Free Edition provides limited security detection capabilities and no mitigation capabilities. If you require more security detection and mitigation capabilities, you can purchase the Anti-virus Edition, Premium Edition, Enterprise Edition, or Ultimate Edition, or purchase only value-added services at any time.
Edition | Billing method |
Anti-virus Edition | (Number of vCores × Basic feature fee + Value-added feature fee) × Subscription duration Note The number of vCores is the total number of virtual central processing units (vCPUs) of all servers in your assets. |
Premium Edition | (Number of protected servers × Basic feature fee + Value-added feature fee) × Subscription duration Note The number of protected servers is the total number of servers protected by Security Center. This includes purchased Alibaba Cloud Elastic Compute Service (ECS) instances and non-Alibaba Cloud servers with the Security Center client installed. |
Enterprise | |
Ultimate Edition | (Number of protected servers × Basic feature fee + Number of server cores × Basic feature fee + Value-added feature fee) × Subscription duration |
Purchasing only value-added services | Value-added feature fee × Subscription duration |
Pay-as-you-go features | Number of value-added features used × Unit price per feature |
Pricing
The billable items for Security Center vary based on the purchased edition and selected value-added features. The following prices are for reference only. The actual prices on the Security Center purchase page prevail.
Subscription billable items
Billable item | Anti-virus Edition | Premium Edition | Enterprise Edition | Ultimate | Purchasing only value-added services | |
Basic feature fee | USD 1/core/month | USD 9.5/instance/month | USD 23.5/instance/month | 23.5 USD/instance/month + 1 USD/core/month | No basic features are purchased. No fee is incurred. | |
Value-added feature fees | Vulnerability fixing | USD 0.3/time/month (Minimum purchase of 20 times) | No extra fee. You can use this feature an unlimited number of times. | USD 0.3 per fix/month(Minimum purchase of 20 fixes) | ||
Application protection | The unit price decreases as the number of quotas increases:
| |||||
Web Tamper Proofing | 165 USD/instance/month | |||||
Threat analysis and response |
| |||||
Anti-ransomware | USD 0.045/GB/month | |||||
Log analysis | USD 0.1/GB/month | Not available for purchase | ||||
Container image scan | Not available for purchase | 0.1 USD/image/month | ||||
Cloud honeypot | 333.33 USD/probe/month (Minimum purchase of 20 probes) Note "Unit" refers to the number of probes. Cloud honeypot is billed based on the number of probes. | |||||
Cloud security posture management | Tiered pricing is used based on the total number of successful scans, authentications, and fixes for each check item on each cloud product instance. The minimum is 15,000 checks. The step size is 55,000 checks. The prices are as follows:
Note An instance refers to a specific network device or application instance, such as a Bucket in Object Storage Service (OSS) or a security group for an ECS server. For more information, see CSPM overview. | |||||
Malicious file detection SDK | USD 1.5/10,000 scans/month (Minimum purchase of 100,000 scans) Note "Times" indicates the number of times a file has been scanned. | |||||
Subscription duration | You can subscribe on a monthly or yearly basis | |||||
Users of the Free Edition can purchase any edition of the host and container security feature, which includes the security features available for that edition. If you do not need to purchase the host and container security feature, you can select the Purchase only value-added services edition to purchase other security features.
Alibaba Cloud accounts that purchased Threat Analysis and Response before April 26, 2024 are still billed based on the previous model: log storage capacity is priced at USD 0.44/GB/month.
Effective July 21, 2022, the pricing for the Ultimate Edition is adjusted from USD 3/core/month to USD 23.5/instance/month + USD 1/core/month.
Users who purchased the Ultimate edition of Security Center before July 21, 2022 are billed based on the original pricing for renewals, upgrades, or downgrades.
On and after July 21, 2022, new purchases of the Security Center Ultimate Edition, repurchases of expired Ultimate Edition instances, and upgrades from other editions to the Ultimate Edition are billed at USD 23.5/instance/month + USD 1/core/month.
Pay-as-you-go billable items
Host and Container Security: After you enable the pay-as-you-go feature for Host and Container Security, fees are calculated based on the number of servers that are attached to the corresponding protection level and the actual protection duration. The duration is measured only when the client is online. Fees are accumulated in seconds and settled daily.
Protection level
Price
Monthly fee (30-day reference)
Virus protection (formerly Anti-virus Edition)
0.000000578 USD/core/second
1.5 USD/core/month
Premium Edition (new bindings not supported)
USD 0.000005497/instance/second
USD 14.25/instance/month
Comprehensive host protection (formerly Enterprise Edition)
USD 0.000013599/host/second
USD 35.25/host/month
Comprehensive host and container protection (formerly Ultimate Edition)
0.000013599 USD/host/second+0.000000578 USD/core/second
USD 35.25/instance/month+USD 1.5/core/month
Vulnerability Fixing: After you enable the pay-as-you-go billing method, you are charged USD 0.3 per fix daily. For more information, see Calculation rules for vulnerability fixes.
CTDR: After you enable pay-as-you-go for Threat Analysis and Response, you are charged on a tiered, cumulative basis for the daily log traffic that is ingested by the product. Your final daily bill is the sum of the fees for each usage tier.
NoteThe minimum billing unit for pay-as-you-go Threat Analysis and Response is 1 GB. If the usage is less than 1 GB, it is rounded up to 1 GB.
Log ingestion traffic tier (GB/day)
Price (USD/GB)
Fee calculation formula (Y is the daily ingested traffic in GB)
1 to 10
2.2
2.2 × Y (USD)
11 to 50
1.6
1.6×(Y-10)+2.2×10 (USD)
51 to 100
1.4
1.4×(Y-50)+1.6×40+2.2×10 (USD)
>100
1.2
1.2×(Y-100)+1.4×50+1.6×40+2.2×10 (USD)
Cloud Security Posture Management: After you enable pay-as-you-go for CSPM, you are billed on a calendar day basis. Fees are calculated based on a tiered, cumulative model and the number of quotas, which is the sum of scans, authentications, and successful remediations. For more information, see Core feature introduction.
Number of quotas
Price (USD/quota)
Fee calculation formula (Z is the daily number of quotas)
0 to 100,000
0.0009
0.0009×Z (USD)
100,001 to 500,000
0.0007
0.0007×(Z-100,000)+0.0009×100,000(USD)
More than 500,000
0.00045
0.00045×(Z-500,000)+0.0007×400,000+0.0009×100,000(USD)
Agentless Detection: After you enable the pay-as-you-go billing method, you are billed at USD 0.03/GB based on the volume of data scanned per calendar day. For more information, see Agentless Detection.
Serverless Asset Protection:
Billing method: Number of authorized vCores × Actual protection duration. The protection duration is measured in seconds and accumulated only when the client is online.
Billing cycle: Bills are settled daily and generated on the next day (T+1).
Price: Tiered pricing is used based on cumulative monthly usage. The prices are listed in the following table.
ImportantThe billing cycle for the first month starts from the day the feature is enabled to the end of that month. Subsequent billing cycles are calendar months, from the first day to the last day of the month.
Cumulative monthly usage (core-seconds, calculated per billing cycle)
Price (USD/core/second)
Fee calculation formula (U is the daily usage in core-seconds)
Tier 1: 0 to 200,000,000
0.000003
0.000003 × U (USD)
Tier 2: 200,000,001 to 1,000,000,000
0.000002
0.000002 × (U - 200,000,000) + 0.000003 × 200,000,000 (USD)
Tier 3: 1,000,000,001 to 9,999,999,999,999
0.0000015
0.0000015×(U-1,000,000,000)+0.000002×800,000,000+0.000003×200,000,000 (USD)
For example, if your account has 20,000 cores of Serverless assets with the Security Center client attached, the daily fee is calculated as follows:
On the first day of the billing cycle, the cumulative monthly usage is 20,000 × 86,400 = 1,728,000,000 core-seconds. The usage from 0 to 200,000,000 core-seconds falls into Tier 1. The usage from 200,000,001 to 1,000,000,000 core-seconds falls into Tier 2. The usage from 1,000,000,001 to 1,728,000,000 core-seconds falls into Tier 3.
Tiered billing is applied based on the unit price of the applicable tiers. The billing formula for the day is: 0.000003 (Unit price for Tier 1) × 200,000,000 + 0.000002 (Unit price for Tier 2) × 800,000,000 + 0.0000015 (Unit price for Tier 3) × (1,728,000,000 - 1,000,000,000) = 3,292 (USD).
From the second day of the billing cycle to the end of the cycle (the end of the month), the price for Tier 3 is used.
The daily billing formula is: 0.0000015 (Tier 3 unit price) × (20,000 × 86400) = 2,592 (USD).
SDK for Malicious File Detection: You are charged for using this feature based on the number of files that are detected. After you enable the pay-as-you-go billing method for this feature, you are billed USD 0.0002 per detection daily. For more information, see Enable the pay-as-you-go feature for malicious file detection.
Application Protection: After you enable pay-as-you-go for application protection, the system meters your online instances every minute and bills you daily at a rate of USD 0.0002 per instance per minute. For more information, see Enable application protection.
Log Management: After you enable pay-as-you-go for Log Management, you are charged daily for your total daily storage (GB) at a rate of USD 7.2 per 1,000 GB. For more information, see Log Management.
ImportantThe minimum billing unit for pay-as-you-go Log Management is 1,000 GB. If the usage is less than 1,000 GB, it is rounded up to 1,000 GB. For example, if your usage for a day is 1,900 GB, you are charged for 2,000 GB.
Anti-ransomware: Provides backup and recovery capabilities to protect against ransomware. After a ransomware attack, you can use backup files to restore your servers and databases. This service is billed based on the size of backup files and their storage duration. The price is USD 0.00013/GB/hour. For more information about supported regions and policy configuration steps, see Anti-ransomware Service Overview.
Overdue payments
If your account has an overdue payment after you purchase a subscription feature, you cannot renew or upgrade the feature.
Enabling a pay-as-you-go feature may result in an overdue payment on your account. An overdue payment occurs if the available credit in your account, including your Alibaba Cloud account balance and coupons, is less than the amount due. If your account has an overdue payment, you can no longer use features such as host and container security, vulnerability fixing, or threat analysis and response. You also cannot perform operations that incur fees, such as purchasing, renewing, or upgrading instances.
Refund policy
For information about the refund policy, submit a ticket.