Managed Security Service (MSS) provides comprehensive security technology and consulting services from Alibaba Cloud security experts. Based on years of Alibaba Cloud's security best practices, MSS helps you build and continuously optimize your cloud security framework to protect your business.
Background information
As more enterprises and organizations migrate their businesses to cloud platforms, they face a new wave of technological change. However, this migration process also introduces new challenges to the availability, security, and integrity of cloud-based businesses.
To address business security challenges in the cloud, MSS provides the Managed Detection and Response (MDR) service for your ECS servers. This service leverages the cloud security operations expertise of Alibaba Cloud. It provides in-depth security detection and response services to help you quickly build a foundational security operations system and protect your business.
MSS also provides value-added services such as risk assessment, emergency response, and classified protection assessment. These services cover multiple aspects of cloud business security to help you build your security framework.
Service editions
The MDR service edition of MSS includes the following items:
Security consultation
Provides consulting services for basic security products, including Anti-DDoS Pro and Anti-DDoS Premium, Web Application Firewall (WAF), Cloud Firewall, and Security Center. These services include answering questions about configuration issues, policy anomaly analysis, and anomalous activity handling.
Security monitoring
Monitors and analyzes security alert events. Alert information is pushed through DingTalk groups and alerts are handled using tickets to help you filter out false positives.
Analyzes and assesses alerts and provides security suggestions tailored to your business.
Vulnerability announcement
Provides detection of the impact of 0-day vulnerabilities based on vulnerability detection rules. It also provides impact analysis based on factors such as the host's outbound network status and overall status.
Summary and reporting
Provides cloud security posture reports in monthly, quarterly, and semi-annual formats. This service also includes product rule optimization and regular meetings to review your security posture.
Security assessment service
Assesses your overall cloud security posture. This helps you identify cloud security risks by analyzing major risks and their attack surfaces.
Security hardening
Helps you quickly apply security hardening measures after a security event occurs, based on alert information and relevant industry standards.
Emergency response
Provides methods for containment, eradication, and recovery after a security event occurs. It also offers preventive measures and security suggestions to help you find the attack source and the cause of the intrusion.
Product training
Provides training on cloud security product capabilities and best practices.
Scenarios
Build a complete security operation system
Scenario description
After some enterprises migrate their IT infrastructure to the cloud, the development of their security operations capabilities lags behind. They lack effective vulnerability management and risk management capabilities. This means that risk handling cannot keep pace with the development of information systems, leading to significant business security risks. In this context, MSS can provide you with a complete and mature security operations system. It covers security product operations, vulnerability risk management, and basic security operations. This ensures seamless security operations for your cloud assets.
Benefits
A mature operations system allows your enterprise to focus more on developing business capabilities. In the subsequent security development process, you not only have ample preparation time but can also build your security operations system more efficiently with the support of MSS experts.
Increase the return on investment of security operation resources
Scenario description
Challenges related to security operations resources include a lack of professionals for cloud security product operations, a shortage of basic service operations personnel, and insufficient enterprise capital investment in security operations. In the traditional model, you must invest in many security professionals to ensure the smooth execution of security tasks. However, as the scale of assets grows, the investment in security professionals also increases.
Benefits
The most direct benefit of scalability, service-orientation, and systematization is cost reduction. While reducing operational costs, you can also leverage the highly skilled technical personnel of MSS to enhance overall security capabilities. This includes the protection capabilities of security products, the optimization of security policies, and the management of security vulnerability risks.
Security architecture guidance during cloud adoption and migration
Scenario description
During cloud adoption or migration, enterprises may face a series of security challenges at the business, technical, and management levels. These issues can be effectively resolved by deploying cloud products appropriately. MSS provides guidance on cloud security architecture design and security consulting services. This helps enterprises design a reasonable cloud architecture to achieve optimal protection.
Customer benefits
During cloud adoption or migration, MSS provides professional consulting services and guidance on cloud security architecture solutions. This helps enterprises quickly achieve their cloud adoption goals and ensures the security and stability of their cloud business.
Improve security capabilities
Scenario description
The growing number of system platforms faces various security threats, including data theft, data tampering, and unauthorized access. Therefore, professional security services are needed to ensure the confidentiality, integrity, and availability of data that is running and stored on these platforms.
Benefits
The MSS team implements effective diagnostic services based on your security needs to assess the current state of your business's security. It identifies gaps between your current business security and best security practices. Based on the issues found in the security assessment, the MSS team implements security hardening services to improve the security and attack resistance of your operating systems and network devices.
Benefits
One-click hosting and full-stack operations
MSS leverages the technical advantages of the Alibaba Cloud platform and is based on years of Alibaba Cloud security best practices. It provides comprehensive security technology and consulting services for cloud users. The service offers security operations from the network border to the internal network, from vulnerabilities to policies, and from configuration to data. It aims to establish and continuously optimize the cloud security framework for cloud users to protect their cloud business. This allows cloud users to focus on their core business development.
Big data empowerment
Alibaba Cloud Security centralizes security data from Security Center, Cloud Firewall, Web Application Firewall, Anti-DDoS, and other security products. It covers multiple protection layers, including VPN networks, ECS, web applications, and databases. Based on data mining technology accumulated over years of practical experience, it provides threat intelligence for all cloud users. The security operations team also periodically adjusts security protection policies based on threat intelligence data, the protection needs of different users, and the current state of their business systems. This reduces security risks to a controllable level and achieves dynamic adjustments, defense, operations, and management.
Scale advantage
To serve a large user base of security products and services, MSS adopts a large-scale, systematic operations model to provide high-quality and efficient services to every cloud user.
Minute-level emergency response
The combination of cloud security monitoring and the MSS emergency response system helps cloud users quickly and effectively respond to hacker intrusions, remove trojans and back doors, and analyze the causes of intrusions when a security event occurs. This effectively reduces the losses caused by security events and helps cloud users quickly restore normal business operations.
Service content
The service content of MSS is as follows:
Web Application Firewall hosting
Service classification | Service content | Delivery details | Deliverables | SLA (Service-Level Agreement) |
Security consultation | Provides consulting services for WAF product configuration issues, policy anomaly analysis, and anomalous activity handling (excluding bot management). | Troubleshooting of WAF data anomalies. |
| During 5 × 8 business hours, we respond to consultations within 30 minutes and close consultation tickets within 72 hours. |
Guidance on WAF policy tuning. | ||||
Consultation on WAF product issues. | ||||
Access and upgrade | Provides a WAF asset access service and helps you configure security policies to meet your business needs. | Deployment and access for WAF assets. | Push notifications through DingTalk groups. | During 5 × 8 business hours, we respond to consultations within 30 minutes and close consultation tickets within 72 hours. |
Assists with WAF product upgrades and handles WAF upgrade-related anomalies. | Assistance with standardized WAF migration. |
| Yes. | |
Security monitoring |
| Periodic WAF inspection and security monitoring (excluding bot management). | Push alerts and alert analysis through DingTalk groups. |
|
Security hardening | Helps you quickly perform security hardening after a security event occurs, based on alerts and relevant industry standards. | WAF security product configuration service: Helps you perform security analysis and configure security policies based on alerts and abnormal log data (excluding bot management). | Security hardening configuration checklist. | Yes. |
Major event support | Provides support services for major business events, including periodic inspections and security event responses during the event. | Support for major business events. | Major event support daily report. | Major business event support service (5 × 8 business hours). |
Emergency response | Provides emergency response services for WAF emergency security events. | Security event emergency response. | After the emergency response is complete, an Emergency Response Report is provided. Trigger conditions include the following scenarios:
|
|
Security operation support | Free trial for new feature Proof of Concept (POC). | Free trial for new feature POC. | A 7-day free trial is provided when a new WAF feature is released. | Yes. |
Provides training on WAF product capabilities and best practices. | WAF product training. | Provides training on WAF product access, features, and usage. | As needed (once a year). | |
HTTP flood protection training. | Provides training on best practices for WAF or Anti-DDoS HTTP flood protection. | |||
Summary and reporting | Standard security reports and meetings. | Standard security reports and meetings. | Provides standard monthly and quarterly security reports and quarterly meetings. | Monthly and quarterly reports, quarterly meetings. |
Anti-DDoS Pro and Anti-DDoS Premium hosting
Service classification | Service content | Delivery details | Deliverables | SLA |
Security consultation | Provides consulting services for Anti-DDoS security product configuration issues, policy anomaly analysis, and anomalous activity handling. | Troubleshooting of Anti-DDoS data anomalies. |
| During 5 × 8 business hours, we respond to consultations within 30 minutes and close consultation tickets within 72 hours. |
Guidance on Anti-DDoS policy tuning. | ||||
Consultation on Anti-DDoS product issues. | ||||
Access and upgrade | Provides an Anti-DDoS asset access service and helps you configure security policies to meet your business needs. | Deployment and access for protected assets. | Push notifications through DingTalk groups. | During 5 × 8 business hours, we respond to consultations within 30 minutes and close consultation tickets within 72 hours. |
Security monitoring |
| Periodic Anti-DDoS inspection and security monitoring. | Push alerts and alert analysis through DingTalk groups. |
|
Security hardening | Helps you quickly perform security hardening after a security event occurs, based on alerts and relevant industry standards. | Anti-DDoS security product configuration service: Helps you perform security analysis and configure security policies based on alerts and abnormal log data. | Security hardening configuration checklist. | Yes. |
Major event support | Provides support services for major business events, including periodic inspections and security event responses during the event. | Support for major business events. | Major event support daily report. | Major business event support service (5 × 8 business hours). |
Emergency response | Provides emergency response services for Anti-DDoS emergency security events. | Security event emergency response. | After the emergency response is complete, an Emergency Response Report is provided. Trigger conditions include the following scenarios:
|
|
Summary and reporting | Standard security reports and meetings. | Standard security reports and meetings. | Provides standard monthly and quarterly security reports and quarterly meetings. | Monthly and quarterly reports, quarterly meetings. |
Cloud Firewall hosting
Service classification | Service content | Delivery details | Deliverables | SLA |
Create a dedicated communication group | Creates a dedicated DingTalk communication group. All subsequent hosting-related issues are communicated and receive feedback within the group. Information, such as alert configurations, is pushed to the group through a DingTalk robot. | Provides a dedicated communication group to answer questions about hosted products, handle alert events, and analyze issues. | Dedicated communication group. | Within 24 hours after the first purchase. |
Grant permissions | You need to grant the necessary permissions based on the service scope. This includes, but is not limited to, permissions for console logon SSO, STS roles, and AccessKey pairs. These permissions are used to support subsequent operational work. | Obtain service permissions for monitoring, operation, and handling. | Permission Request Checklist | None. |
Service kickoff meeting | The hosting service team initiates a kickoff meeting with your participation. This meeting is for initial communication to confirm contact persons, subsequent work arrangements, and any non-standard deliverables. | The project kickoff meeting is used to confirm stakeholders for subsequent plan implementation and communication. | Project Kickoff Meeting - Meeting Minutes | Within 72 hours after the first purchase. |
Update group announcement information | Based on the communication, information such as contact persons, service hours, and service scope is publicized. | Delivery personnel synchronize project information and refresh group information. | Update group announcement information. | Within 72 hours after the first purchase. |
Update subsequent service plan | A work plan schedule is created based on the results of your communication at the kickoff meeting and the standard deliverables of the hosting service. | Establish a follow-up plan for subsequent service updates. | Work Plan | Within 1 month after the first purchase. |
Hosted product risk assessment | Based on the service experience of the MSS team, a risk assessment of the products covered by the hosting service is conducted. It identifies issues such as ineffective policy configurations and product configurations and provides a risk assessment report as a basis for subsequent rectification. | Protection status. | Risk Assessment Report | The assessment output is completed within 2 weeks of your onboarding. |
Product status assessment. | ||||
Control border policy assessment. | ||||
IPS policy assessment. | ||||
Security alert inspection | Performs daily alert inspections. Responds to and analyzes alerts generated by Cloud Firewall's Detection and Response features, such as Intrusion Prevention, Vulnerability Prevention, Breach Awareness, and Data Breach. Provides an alert handling and results checklist. | Internet protection security alert event analysis (notification for high-risk alert analysis results). | Alert Handling Checklist | Product inspection every 15 minutes. Alerts are handled within 30 minutes of occurrence. |
Vulnerability prevention alert event analysis. | ||||
Breach awareness event analysis. | ||||
Data breach (service must be enabled). | ||||
Product inspection | Inspects the basic status of Cloud Firewall, such as the expiration date, edition in use, and protection scope coverage, to ensure its availability. | Inspect the daily operational status of the product. | Daily Inspection Notification | Daily. |
Policy maintenance | Helps you configure or change policies within an agreed time frame based on your production needs and Alibaba Cloud best practices. The impact is assessed before the change and the effect is verified after the change. | Internet firewall protection status maintenance. | Policy Configuration Change Checklist | Respond as needed. |
Internet border control policy maintenance (inbound and outbound). | ||||
Access control engine management policy configuration adjustment. | ||||
IPS Configuration rule - Threat engine running mode feature adjustment maintenance. | ||||
IPS Configuration rule - Basic patch maintenance for features such as enable, disable, and observe. | ||||
IPS Configuration rule - Virtual patch policy maintenance for features such as enable, disable, and observe. | ||||
IPS Configuration rule - Threat intelligence maintenance for features such as enable, disable, and observe. | ||||
IPS Configuration rule - Intelligent defense maintenance for features such as enable, disable, and observe. | ||||
IPS Configuration rule - Data breach maintenance for features such as enable, disable, and observe. | ||||
IPS Configuration rule - Internal network protection maintenance for features such as enable, disable, and observe. | ||||
Protection whitelist maintenance (add, delete, modify) status adjustment. | ||||
IPv4 address book configuration maintenance. | ||||
IPv6 address book configuration maintenance. | ||||
Port address book configuration maintenance. | ||||
Domain name address book configuration maintenance. | ||||
ACK address book configuration maintenance. | ||||
Alert notification (overall alert configuration) feature maintenance. | ||||
Product consultation | Answers your questions about policy configurations, product features, and optimization suggestions within the scope of the Cloud Firewall hosting service. | Troubleshoot abnormal data. | Product consultation ticket. | Respond as needed. |
Provide guidance on policy tuning. | ||||
Provide consultation on product issues. | ||||
Deploy and access assets. | ||||
Security event investigation support | When a security event occurs, this service helps you complete event investigation and analysis based on the logs of Cloud Firewall. | Analyze various logs of Cloud Firewall based on event requirements. | Security Event Investigation Support Report | Respond as needed. |
Issue policies based on event conclusions. | ||||
Regular communication meeting | The hosting service provides quarterly communication meetings to review the work of the current quarter and plan for the next quarter's security. | Standard security reports and meetings. | Quarterly Meeting Minutes | Every quarter. |
Output regular delivery reports | Provides monthly reports in various formats based on your needs. The report content is standard. If custom content is required, it must be agreed upon by both parties. | Standard security monthly report. | Monthly Report | Every month. |
Summary report | Provides a summary report one week before the end of the hosting service that summarizes all service content and future plans for the period. | Service summary report. | Service Summary Report | One week before the end of the service. |
Summary meeting | Organizes a review meeting one week before the end of the hosting service to summarize the issues handled and remaining risks during the service period. | Service summary meeting. | Service Summary Meeting - Meeting Minutes | One week before the end of the service. |
Security Center hosting
Service classification | Service content | Delivery details | Deliverables | SLA |
Create a dedicated communication group | Creates a dedicated DingTalk communication group. All subsequent hosting-related issues are communicated and receive feedback within the group. Information, such as alert configurations, is pushed to the group through a robot. | Provides a dedicated communication group to answer questions about hosted products, handle alert events, and analyze issues. | Dedicated communication group. | Within 24 hours after the first purchase. |
Grant permissions | You need to grant the necessary permissions based on the service scope. This includes, but is not limited to, permissions for console logon SSO, STS roles, and AccessKey pairs. These permissions are used to support subsequent operational work. | Obtain service permissions for monitoring, operation, and handling. | Permission Request Checklist | None. |
Service kickoff meeting | The hosting service team initiates a kickoff meeting with your participation. This meeting is for initial communication to confirm contact persons, subsequent work arrangements, and any non-standard deliverables. | The project kickoff meeting is used to confirm stakeholders for subsequent plan implementation and communication. | Project Kickoff Meeting - Meeting Minutes | Within 72 hours after the first purchase. |
Update group announcement information | Based on the communication, information such as contact persons, service hours, and service scope is publicized. | Delivery personnel synchronize project information and refresh group information. | Update group announcement information. | Within 72 hours after the first purchase. |
Update subsequent service plan | A work plan schedule is created based on the results of your communication at the kickoff meeting and the standard deliverables of the hosting service. | Establish a follow-up plan for subsequent service updates. | Work Plan | Within 1 month after the first purchase. |
Hosted product risk assessment | Based on the service experience of the MSS team, a risk assessment of the products covered by the hosting service is conducted. It identifies issues such as ineffective policy configurations and product configurations and provides a risk assessment report as a basis for subsequent rectification. | Protection status assessment. | Risk Assessment Report | The assessment output is completed within 2 weeks of your onboarding. |
Product status assessment. | ||||
Mitigation capabilities assessment. | ||||
Alert handling assessment. | ||||
Vulnerability management assessment. | ||||
Exposure analysis assessment. | ||||
AccessKey pair leak assessment. | ||||
Security alert inspection | Performs daily security alert inspections. Alerts are pushed to the service group through a DingTalk robot. The inspection scope includes the response and analysis of high-risk events, such as those from the Detection and Response - Cloud Workload Protection Platform (CWPP). Provides a noise-reduced alert handling and results checklist. | Cloud Workload Protection Platform (CWPP). | Alert Handling Checklist | Product inspection every 15 minutes. Alerts are handled within 30 minutes of occurrence. |
AccessKey pair leak. | ||||
Product inspection | Inspects the basic status of Security Center, such as the expiration date, edition in use, and protection scope coverage, to ensure product availability. | Inspect the daily operational status of the product. | Daily Inspection Notification | Daily. |
Policy maintenance | Helps you configure or change policies within an agreed time frame based on your production needs and Alibaba Cloud best practices. The impact is assessed before the change and the effect is verified after the change. | Host authorization and deployment. | Policy Configuration Change Checklist | Respond as needed. |
Host asset synchronization, | ||||
Security Center client deployment (excluding off-cloud). | ||||
Basic Information - Logon security settings, vulnerability detection, protection status enable and disable. | ||||
Latest product asset synchronization. | ||||
Risk verification, whitelisting status. | ||||
One-click scan status synchronization. | ||||
Linux software vulnerability whitelisting and fixing. | ||||
Windows system vulnerability whitelisting and fixing. | ||||
Web-CMS vulnerability whitelisting. | ||||
Application vulnerability whitelisting. | ||||
Emergency vulnerability whitelisting. | ||||
Vulnerability management module - Vulnerability whitelist configuration settings, add, delete. | ||||
Vulnerability management module - Vulnerability management settings, add, delete. | ||||
Alert notification (overall alert configuration) feature maintenance. | ||||
Log record alert type enable, disable. | ||||
Log storage clear, adjust expiration time. | ||||
Host Protection - Virus scan configuration. | ||||
Host Protection - Host rule management enable, disable, policy adjustment. | ||||
Host Protection - Core file monitoring rule configuration. | ||||
Feature Settings - Host protection, container protection, client capabilities, other features enable/disable adjustment. | ||||
Feature Settings - Web shell scan feature enable/disable adjustment. | ||||
Feature Settings - Adaptive threat detection capability feature enable/disable adjustment. | ||||
Feature Settings - Alert settings feature enable/disable adjustment. | ||||
Host vulnerability fixing | Can assist you in fixing vulnerabilities and restarting hosts in the Security Center console during a provided window. (Host vulnerability fixing requires a snapshot backup, which will incur additional costs that you must bear). You need to verify business availability. | Host vulnerability fixing. | Vulnerability Fixing Checklist | Respond as needed. |
Product consultation | Answers your questions about policy configurations, product features, and optimization suggestions within the scope of the Security Center hosting service. | Troubleshoot abnormal data. | Product Consultation Ticket | Respond as needed. |
Provide guidance on policy tuning. | ||||
Provide consultation on product issues. | ||||
Deploy and access assets. | ||||
Security event investigation support | Analyze various logs of Security Center based on event requirements. | Analyze various logs of Security Center based on event requirements. | Security Event Investigation Support Report | Respond as needed. |
Issue policies based on event conclusions. | ||||
Regular communication meeting | The hosting service provides quarterly communication meetings to review the work of the current quarter and plan for the next quarter's security. | Standard security reports and meetings. | Quarterly Meeting Minutes | Every quarter. |
Output regular delivery reports | Provides monthly reports in various formats based on your needs. The report content is standard. If custom content is required, it must be agreed upon by both parties. | Standard security monthly report. | Monthly Report | Every month. |
Summary report | Provides a summary report one week before the end of the hosting service that summarizes all service content and future plans for the period. | Service summary report. | Service Summary Report | One week before the end of the service. |
Summary meeting | Organizes a review meeting one week before the end of the hosting service to summarize the issues handled and remaining risks during the service period. | Service summary meeting. | Service Summary Meeting - Meeting Minutes | One week before the end of the service. |
Anti-Bot hosting
Service classification | Service content | Delivery details | Deliverables | SLA |
Security consultation | Provides consulting services for WAF security product configuration issues, policy anomaly analysis, and anomalous activity handling. | Troubleshooting of WAF data anomalies. | Push notifications through DingTalk groups. | During 5 × 8 business hours, we respond to consultations within 30 minutes and close consultation tickets within 72 hours. |
Guidance on WAF policy tuning. | ||||
Consultation on WAF product issues. | ||||
Access and upgrade | Provides a WAF asset access service and helps you configure security policies to meet your business needs. | Deployment and access for WAF assets. | Push notifications through DingTalk groups. | During 5 × 8 business hours, we respond to consultations within 30 minutes and close consultation tickets within 72 hours. |
Assists with WAF product upgrades and handles WAF upgrade-related anomalies (bot management hosting only supports WAF 3.0). | Assistance with standardized WAF migration. | Push notifications through DingTalk groups, WAF product upgrade meeting. | Yes. | |
Anti-bot measures | Customizes anti-bot protection policies, analyzes bot protection data, and optimizes bot protection policies (requires business access to risk control products). | Communication and collection of information on business scenarios, core anti-crawling API sequences, SDK integration status, business risk control product status, and more. | Anti-bot background investigation checklist. | Dedicated anti-bot measures, 5 × 8 service, 30-minute response for analysis, and optimization suggestions provided within 2 hours. |
Customize WAF scenario-based protection policies. | Anti-bot scenario-based protection policy checklist. | |||
Anti-bot protection policy tuning. | Optimization configuration checklist. | |||
Analysis of anti-bot access and protection data from various dimensions. | Anti-bot daily data analysis report. | |||
Bot management product feature assessment and requirement follow-up. | Push notifications through DingTalk groups, reflected in daily reports. | |||
Security monitoring | Customized anti-bot security monitoring. | Based on WAF anti-bot log analysis, configure customized business bot monitoring. | Customized security monitoring list. | Yes. |
| Periodic WAF inspection and security monitoring. | Push alerts and alert analysis through DingTalk groups. |
| |
Major event support | Provides support services for major business events, including periodic inspections and security event responses during the event. | Support for major business events. | Major event support daily report. | Major business event support service (5 × 8 business hours). |
Emergency response | Provides emergency response services for WAF emergency security events. | Security event emergency response. | After the emergency response is complete, an Emergency Response Report is provided. Trigger conditions include the following scenarios:
|
|
Summary and reporting | Standard security reports and meetings. | Standard security reports and meetings. | Provides anti-bot protection monthly reports and analysis communication meetings. | Monthly report, monthly meeting. |
Security Assessment Service
Service classification | Service content | Delivery details | Deliverables | SLA |
Security assessment | Assesses your overall cloud security posture. Helps you discover comprehensive security risks in the cloud by analyzing cloud risks and attack surfaces. | Security operation capability assessment: Assesses security maturity through interviews and surveys and provides suggestions for security improvements. | Security Assessment Report. | None. |
Network architecture risk assessment: Checks the validity of network access control policies and proposes optimization suggestions for ineffective policies. | ||||
Cloud product security assessment: Performs baseline checks and risk management for cloud hosts and provides remediation suggestions and risk management best practices, including system vulnerability checks. | ||||
Exposure and attack surface risk assessment: Systematically provides periodic asset exposure analysis, vulnerability detection, and management services for cloud hosts and businesses. Manually analyzes report content and provides remediation guidance and risk management best practices, including analysis of Internet exposure risks, vulnerable port scanning, and web vulnerability scanning. | ||||
Account security risk assessment: Detects and assesses risks related to AccessKey pair leaks. | ||||
Application system security risk assessment. | ||||
Cloud security product configuration risk assessment. |
Emergency Response Service
Remote emergency handling and analysis services provided by security technicians. These services include the following:
Investigating whether a host has been compromised by a hacker.
Handling ongoing attacks and preventing further attacks from hackers.
Finding and removing malicious programs such as mining programs, viruses, worms, and trojans.
Finding and removing web shells, hidden links, and trojanized pages from websites.
Handling anomalies caused by intrusions to help you quickly restore your business.
Analyzing the hacker's intrusion methods and locating the cause of the intrusion.
Analyzing the hacker's behavior after the intrusion to determine the impact.
This is a one-time service. It provides a security emergency service report, offers remediation suggestions, and guides you on security hardening to prevent future intrusions.
References
MSS offers multiple service types with different billing methods. For more information, see Billing.
For instructions on how to activate and use MSS, see Quick Start.
For a description of the security services and service procedures provided by MSS, see Managed Security Service procedures.