Security Center:Purchase Security Center

Procedure

Purchase Security Center

1. Go to the Security Center buy page and log on with your Alibaba Cloud account.

2. Configure the parameters. The following table describes the parameters on the buy page.

   Parameter	Description
   Billing Method	The billing method of Security Center. Select Subscription.
   Protection Scenario	The protection scenario. The system displays the recommended editions and value-added features based on the scenario that you select.
   Edition	The edition that you want to purchase. For more information about the features that are supported by different editions, see Functions and features. Note Security Center provides the Value-added Plan edition. This edition allows you to separately enable the value-added features, such as anti-ransomware, container image scan, cloud honeypot, web tamper proofing, and application protection, for the Basic edition.
   Protected Servers	The number of servers that you want to protect by using Security Center. The default value is the total number of ECS instances plus the servers that are not deployed on Alibaba Cloud but have the Security Center agent installed within your Alibaba Cloud account. You can also specify a value for the parameter based on the number of servers that you want to protect by using Security Center. Note If you specify Anti-virus or Value-added Plan as the edition, you do not need to configure this parameter.
   Cores	The number of virtual CPUs (vCPUs) of servers that you want to protect by using Security Center. The default value is the total number of vCPUs of ECS instances and the servers that are not deployed on Alibaba Cloud but have the Security Center agent installed within your Alibaba Cloud account. Note This parameter is required only if you set the Edition parameter to Anti-virus or Ultimate.
   Quota for Protected Servers	You can click Specify Server Now to bind the quotas for Protected Servers and Cores to servers in the Quota Management dialog box. Before you select a server for binding, you must select the China or Outside China region where the server resides. If you do not bind the quotas to servers, Security Center automatically binds the quotas to random servers to prevent quota waste. After the purchase, you can unbind the quotas that have been automatically bound to servers and rebind the quotas to servers. For more information, see Manage quotas.
   Vulnerability Fixing	A value-added feature. This feature is not supported for the Anti-virus and Value-added Plan editions. If you want to use the feature by using your Alibaba Cloud account, you must purchase the feature. You can use this feature to fix Linux software vulnerabilities and Windows system vulnerabilities that are detected on your servers with a few clicks. We recommend that you set the vulnerability fixing quota to the total number of vulnerabilities that you want to fix each month. Important If you want to fix a large number of vulnerabilities, we recommend that you purchase the Advanced, Enterprise, or Ultimate edition. These editions provide an unlimited quota for vulnerability fixing. If you want to fix a small number of vulnerabilities, you can purchase the vulnerability fixing feature based on the pay-as-you-go billing method. To purchase the vulnerability fixing feature based on the pay-as-you-go billing method, go to the Vulnerabilities page and click Purchase. Pay-as-you-go bills are not affected by the subscription duration of your Security Center. You can use resources before you pay for them.
   Application Protection	A value-added feature. You can use the feature to identify and block attacks on applications during application runtime and provide self-protection. We recommend that you set the application protection quota to the number of Java application processes that you want to protect each month on your hosts. A larger quota provides protection at a lower unit price.
   Anti-ransomware	Important Before you purchase this feature, make sure that the servers that you want to protect are deployed in a supported region of anti-ransomware. For more information about the supported regions, see Overview. A value-added feature. This feature backs up data on your servers and databases. This protects your servers and databases from ransomware. We recommend that you set the anti-ransomware quota to the amount of data that you want to use the feature to back up.
   Container Image Scan	A value-added feature. This feature scans images for system vulnerabilities, application vulnerabilities, viruses, and malicious samples, and provides fixing suggestions. We recommend that you set the quota for container image scan to the number of images that you want to scan each month. Security Center identifies an image based on a unique digest value. If the digest value of an image does not change, the quota specified by the Container Image Scan parameter decreases by one only for the first scan. If the digest value of an image changes and the image is scanned again, the scan on the image is deducted from the quota specified by the Container Image Scan parameter again. The quota decreases by one each time the digest value changes. For example, if you want to scan 10 images within one month and the estimated total number of times the digest values of the images change is 20 within the subscription, set the quota for container image scan to 30. This indicates that the quota for container image scan is equal to the number of images that you want to scan plus the number of times the digest values change. Note This parameter is available only if you set the Edition parameter to Advanced, Enterprise, Ultimate, or Value-added Plan.
   Log Analysis	A value-added feature. The feature retrieves data from all logs, including host logs, security logs, and network logs. This allows you to trace and analyze security events. Security Center Enterprise and Security Center Ultimate support network logs.
   Cloud Honeypot	A value-added feature. The feature can capture attacks at the earliest opportunity. You can use this feature to detect attacks and protect your core assets in an efficient manner in attack and defense scenarios.
   Quota for Web Tamper Proofing	A value-added feature. The feature monitors web directories in real time and can restore files or directories that are tampered with based on the backup files. This prevents important website information from being tampered with. You can specify the quota for web tamper proofing based on the number of servers that you want to protect.
   Threat Analysis and Response	A value-added feature. The feature allows you to access logs across cloud platforms, accounts, and services such as WAF, Cloud Firewall, and VPC. The feature enables you to detect, respond to, and handle alerts and events in a closed-loop manner. This helps improve the efficiency of security operations and log audit to meet the requirements of MLPS. If you want to purchase the feature, select Yes for Threat Analysis and Response. Then, you must configure the following parameters: Log Data to Add: required. Specify the amount of logs that you want to add to the threat analysis and response feature for analysis each day. Unit: GB-day. You can use one of the following methods to evaluate the value of the Log Data to Add parameter: Evaluate the value based on the log storage capacity that you purchased. Value of the Log Data to Add parameter (GB-day) = Log storage capacity/TTL × 4 The log storage capacity specifies the storage capacity used by logs that you want to add to the threat analysis and response feature. Time to live (TTL) specifies the log retention period. 4 represents the log compression ratio, which is the ratio of log access traffic to the log storage capacity of the disk. The log compression ratio ranges from 3 to 6. We recommend that you set the ratio to 4. Evaluate the value based on the Event Per Second (EPS) of logs that you want to add to the threat analysis and response feature. Value of the Log Data to Add parameter (GB-day) = EPS × 86,400s × SIZE/(1,024 × 1,024) EPS specifies the number of raw logs that are added to the threat analysis and response feature within one day. SIZE specifies the size of each log. In most cases, the size ranges from 3 KB to 7 KB. Log Storage Capacity: optional. Specify the amount of logs that you want to store in hot storage. The threat analysis and response feature stores logs in hot storage and cold storage. If you use the feature to store logs only in hot storage, we recommend that you purchase 120 GB of log storage capacity for each server. If you purchased the log storage capacity for the log analysis feature, we recommend that you set the Log Storage Capacity parameter of the threat analysis and response feature to a value that is three times the purchased log storage capacity for the log analysis feature. For more information, see Manage logs.
   Configuration Assessment	A value-added feature. If you want to purchase the feature, select Yes and configure the Quota for Configuration Assessment parameter. This feature can detect configuration errors and security risks in your cloud services and provide a secure environment for cloud services. We recommend that you set the configuration assessment quota to the number of times that you want to perform configuration assessment on your cloud resources each month.
   Malicious Object Detection	A value-added feature. If you want to purchase the feature, select Yes and configure the Quota for Malicious File Detection parameter. We recommend that you set the quota for malicious file detection to the number of files that you want to scan each month. The feature uses a large number of file libraries in the cloud and multiple detection engines to detect webshell files, malicious scripts, binary programs, and macro viruses in a precise manner. The feature can also scan a large number of files for malicious files in various scenarios.
   Subscription Duration	The subscription duration. Note If you select Monthly, 3-month, or Semiannual for Duration, automatic renewal is enabled by month, quarter, or half year. For example, if you select 3-month when you purchase Security Center, Security Center is automatically renewed for another three months before it expires. For more information, see Automatic renewal.

   Important

   • If you use Security Center Basic, you can purchase basic protection features or value-added features that are supported by other editions of Security Center. If you do not need to purchase basic protection features, you can purchase the Value-added Plan edition to separately purchase value-added features.

   • If you purchased the threat analysis and response feature before April 26, 2024, you are charged based on the original price of USD 0.44 per GB-month for log storage capacity.

   • On July 21, 2022, the basic service fees for Security Center Ultimate are changed from USD 3 per core-month to USD 23.5 per server-month + USD 1 per core-month.

   • If you purchased Security Center Ultimate before July 21, 2022, you are charged based on the original prices when you renew, upgrade, or downgrade Security Center.

   • Starting from July 21, 2022, you are charged the basic service fees for Security Center Ultimate in scenarios when you purchase Security Center Ultimate or upgrade Security Center to the Ultimate edition. Basic service fees = USD 23.5 per server-month + USD 1 per core-month.

3. Read Security Center Terms of Service, select I have read and agree to Security Center Terms of Service, click Order Now, and then complete the payment.