Security Center provides all-round security checks and protection capabilities to your assets deployed on Alibaba Cloud, multi-cloud environments, and data centers. Security Center provides the following editions: Basic, Anti-virus, Advanced, Enterprise, and Ultimate. This topic describes the features provided by Security Center and the differences in the features among these editions.
- If you require only the value-added features instead of the basic protection capabilities of Security Center, you can purchase the Value-added Plan edition of Security Center. Then, you can configure value-added features, such as web tamper proofing and anti-ransomware. You are charged only for the selected value-added features when you use the Value-added Plan edition. This edition provides the same features as the Basic edition, except log analysis.
- The following symbols are used in the tables of this topic:
: indicates that the feature is not supported.
: indicates that the feature is supported.
- Value-added: indicates a value-added feature. You can use value-added features by enabling them when you purchase or upgrade Security Center.
- Application required: indicates that the feature is available only when you successfully apply for the feature from Security Center.
Pricing
Billable item | Basic | Anti-virus | Advanced | Enterprise | Ultimate | Value-added Plan | |
---|---|---|---|---|---|---|---|
Basic fees | Free | USD 1 per core per month | USD 9.5 per server per month | USD 23.5 per server per month | USD 23.5 per server per month + USD 1 per core per month | Free | |
Fees of value-added features | Web Tamper Protection | Not supported | USD 165 per server per month | USD 165 per server per month | USD 165 per server per month | USD 165 per server per month | USD 165 per server per month |
Anti-ransomware | Not supported | USD 0.045 per GB per month | USD 0.045 per GB per month | USD 0.045 per GB per month | USD 0.045 per GB per month | USD 0.045 per GB per month | |
Log Analysis | Not supported | USD 0.1 per GB per month | USD 0.1 per GB per month | USD 0.1 per GB per month | USD 0.1 per GB per month | Not supported | |
Container image scan | Not supported | Not supported | USD 0.3 per image | USD 0.3 per image | USD 0.3 per image | USD 0.3 per image | |
Cloud honeypot | Not supported | USD 333.33 per honeypot per month | USD 333.33 per honeypot per month | USD 333.33 per honeypot per month | USD 333.33 per honeypot per month | USD 333.33 per honeypot per month | |
Subscription duration | Unlimited | Monthly subscription supported | Monthly subscription supported | Monthly subscription supported | Monthly subscription supported | Monthly subscription supported |
- On July 21, 2022, the basic fees for Security Center Ultimate is changed from USD 3 per core per month to USD 23.5 per server per month + USD 1 per core per month. You can no longer purchase the product expert service but you can still renew the product expert service that you purchased.
- If you purchase Security Center Ultimate before July 21, 2022, you are charged when you renew, upgrade, or downgrade Security Center based on the original prices.
- Starting from July 21, 2022, you are charged the basic fees for Security Center Ultimate in scenarios when you purchase Security Center Ultimate or upgrade Security Center to the Ultimate edition.Basic fees = USD 23.5 per server per month + USD 1 per core per month.
Overview
Feature | Description | Basic | Anti-virus | Advanced | Enterprise | Ultimate |
---|---|---|---|---|---|---|
Secure Score | Security Center evaluates your assets for vulnerabilities and assigns a security score which provides a reference on the security of your assets. | ![]() |
![]() |
![]() |
![]() |
![]() |
Assets
Feature | Description | Basic | Anti-virus | Advanced | Enterprise | Ultimate |
---|---|---|---|---|---|---|
View information on the Cloud Asset Overview tab | Security Center provides an overview of your cloud assets, and allows you to view network topology, security score, and security risks. Security Center also provides a unified console where you can manage your cloud assets. | ![]() |
![]() |
![]() |
![]() |
![]() |
Use the feature of container network topology | Security Center provides a GUI that simplifies the management of your assets such as clusters, containers, images, and applications. Security Center also displays the network topology of your container assets. This gives you a birds-eye view of the security status of your containers and the network connections between them. | ![]() |
![]() |
![]() |
![]() |
![]() |
Host | Security Center displays security information about each protected server. This information includes the risk status, group, region, and virtual private cloud (VPC). | ![]() |
![]() |
![]() |
![]() |
![]() |
Use the asset fingerprints feature | Security Center collects the following types of server fingerprints:
|
![]() |
![]() |
![]() |
![]() |
![]() |
Use the security check feature | After you perform a quick check task, Security Center runs the following tasks at a time to obtain the latest security information: vulnerability detection, baseline checks, webshell detection, and asset fingerprint collection. | ![]() |
![]() |
![]() |
![]() |
![]() |
Container security | Security Center provides the security statistics of your clusters, pods, containers, and images. | ![]() |
![]() |
![]() |
![]() |
![]() |
Cloud product security | Security Center displays the security information about cloud services. The information includes at-risk cloud services and their service types. The service types include Server Load Balancer (SLB) and ApsaraDB RDS. | ![]() |
![]() |
![]() |
![]() |
![]() |
Website security | Security Center displays security information about each protected website. The information includes the root domain, subdomains, risk status, and alerts. | ![]() |
![]() |
![]() |
![]() |
![]() |
Risk Management
Exposure Analysis
Feature | Description | Basic | Anti-virus | Advanced | Enterprise | Ultimate |
---|---|---|---|---|---|---|
Asset exposure analysis | Security Center visualizes the communication links between your Elastic Compute Service (ECS) instances and the Internet. Security Center also provides a central location that displays the vulnerabilities of your ECS instances as well as suggestions for handling them. You can quickly identify the exposures of your assets on the Internet. | ![]() |
![]() |
![]() |
![]() |
![]() |
Vulnerabilities
Feature | Description | Basic | Anti-virus | Advanced | Enterprise | Ultimate |
---|---|---|---|---|---|---|
Linux software vulnerability management | Security Center compares software versions by using the matching engine of Open Vulnerability and Assessment Language (OVAL). Security Center generates alerts when the vulnerabilities that are recorded in the Common Vulnerabilities and Exposures (CVE) database are detected in the current version. | ![]() |
![]() |
![]() |
![]() |
![]() |
Security Center supports the automatic fixing of system vulnerabilities and automatic creation of snapshots. This allows you to undo fixes by using snapshots. | ![]() |
![]() |
![]() |
![]() |
![]() |
|
Windows system vulnerability management | Security Center obtains Microsoft updates for Windows operating systems, detects high-risk vulnerabilities, and generates alerts for these vulnerabilities. | ![]() |
![]() |
![]() |
![]() |
![]() |
Security Center automatically identifies pre-patches that are used to fix vulnerabilities to prevent failures caused by the lack of the required pre-patches. This allows you to fix Windows vulnerabilities with a few clicks. Security Center also generates alerts for vulnerabilities that require a system restart after the vulnerabilities are fixed. This allows you to fix Windows system vulnerabilities in an efficient manner. | ![]() |
![]() |
![]() |
![]() |
![]() |
|
Web-CMS vulnerability management | Security Center monitors web directories, recognizes common website builders, and checks the vulnerability database to identify vulnerabilities in website builders. | ![]() |
![]() |
![]() |
![]() |
![]() |
Security Center uses patches developed by Alibaba Cloud to replace and modify source code. This allows you to fix vulnerabilities with a few clicks. | ![]() |
![]() |
![]() |
![]() |
![]() |
|
Urgent vulnerability management | Security Center detects urgent vulnerabilities when they are made public. Security Center does not support automatic fixing of urgent vulnerabilities. You must follow the instructions provided by Security Center to manually fix the vulnerabilities. | ![]() |
![]() |
![]() |
![]() |
![]() |
Application vulnerability management | Security Center detects weak passwords for system services and vulnerabilities in system services and applications. | ![]() |
![]() |
![]() |
![]() |
![]() |
Scan for vulnerabilities | Security Center allows you to run quick scan tasks on your assets to detect vulnerabilities in real time. | ![]() |
![]() |
![]() |
![]() |
![]() |
Display of vulnerabilities that require immediate fixing | Security Center provides a unified page for you to view and fix all urgent vulnerabilities. | ![]() |
![]() |
![]() |
![]() |
![]() |
YUM and APT source configuration | Security Center allows you to preferentially use YUM or APT sources maintained by Alibaba Cloud to fix vulnerabilities. After you turn on YUM/APT Source Configuration, Security Center automatically selects YUM or APT sources maintained by Alibaba Cloud. This improves the success rate of vulnerability fixing.
Note Before you fix a Linux software vulnerability, you must specify a valid YUM or APT source. If the YUM or APT source is invalid, the vulnerability fix may fail.
|
![]() |
![]() |
![]() |
![]() |
![]() |
Baseline Check
Feature | Description | Basic | Anti-virus | Advanced | Enterprise | Ultimate |
---|---|---|---|---|---|---|
Server baseline check | Security Center dispatches tasks to check server configurations. Security Center generates alerts when configuration risks are detected. Security Center allows you to specify check items, detection intervals, and servers to customize check policies. Custom check scripts are not supported. Security Center allows you to customize weak password rules. Security Center checks the configurations of your cloud services by using a custom check policy. Security Center generates alerts when weak passwords are detected.
Security Center performs baseline checks on the following items:
|
![]() |
![]() |
![]() |
![]() |
![]() |
container baseline checks | Security Center performs security checks on the baseline configurations of containers. It also generates alerts for the detected risks. Security Center detects the following items:
|
![]() |
![]() |
![]() |
![]() |
![]() |
Baseline risk fixing | Security Center mitigates risks that are detected from the baseline checks of Alibaba Cloud security and classified protection compliance. | ![]() |
![]() |
![]() |
![]() |
![]() |
Configuration assessment
Feature | Description | Basic | Anti-virus | Advanced | Enterprise | Ultimate |
---|---|---|---|---|---|---|
Configuration assessment | Security Center detects risks in the configurations of Alibaba Cloud services, such as ECS and ApsaraDB RDS.
Security Center performs the following detection:
|
![]() |
![]() |
![]() |
![]() |
![]() |
AccessKey pair leaks
Feature | Description | Basic | Anti-virus | Advanced | Enterprise | Ultimate |
---|---|---|---|---|---|---|
Detection of AccessKey pair leaks | Security Center monitors code hosting platforms such as GitHub to detect AccessKey pair leaks in source code that may have been accidentally uploaded. | ![]() |
![]() |
![]() |
![]() |
![]() |
Alerts generated by cloud honeypot
Feature | Description | Basic | Anti-virus | Advanced | Enterprise | Ultimate |
---|---|---|---|---|---|---|
Cloud honeypot | Security Center provides capabilities such as attack discovery and defense within and outside the cloud. You can create honeypots in VPCs and servers that are protected by Security Center. This protects the servers from attacks that are launched within and outside the cloud and reinforces the security of the servers. | ![]() |
Value-added | Value-added | Value-added | Value-added |
Detection and Response
Alerts
Feature | Description | Basic | Anti-virus | Advanced | Enterprise | Ultimate |
---|---|---|---|---|---|---|
Suspicious process | Security Center traces intrusion sources based on real attack-defense scenarios in the cloud and creates a process whitelist. Security Center generates alerts when unauthorized processes or intrusion attacks are detected. Security Center builds approximately 1,000 process patterns for hundreds of processes and compares the processes against these patterns to detect suspicious processes.
Security Center performs the following detection:
|
![]() |
![]() |
![]() |
![]() |
![]() |
Webshell | Security Center supports detection of website script files, such as PHP, ASP, and JSP files, based on both servers and networks. Security Center performs the following detection:
|
![]() |
![]() |
![]() |
![]() |
![]() |
Security Center also provides webshell removal to quarantine detected webshell files. You can restore files that are quarantined within the last 30 days. | ![]() |
![]() |
![]() |
![]() |
![]() |
|
Unusual logon | Security Center provides basic detection services. Security Center performs the following detection:
|
![]() |
![]() |
![]() |
![]() |
![]() |
Security Center provides advanced detection services. Security Center performs the following detection:
|
![]() |
![]() |
![]() |
![]() |
![]() |
|
Tampering of sensitive files | Security Center monitors sensitive directories and files, and generates alerts if suspicious read, write, or delete operations are detected.
Security Center performs the following detection:
|
![]() |
![]() |
![]() |
![]() |
![]() |
Malicious processes | Security Center scans processes on a regular basis, monitors process startups, and detects viruses and trojans by using the cloud antivirus mechanism. You can terminate malicious processes and quarantine malicious files with a few clicks in the Security Center console.
The virus library that is used for cloud antivirus has the following characteristics:
Security Center performs the following detection:
|
![]() |
![]() |
![]() |
![]() |
![]() |
Unusual network connection | Security Center monitors connections on servers and networks. Security Center generates alerts when suspicious connections are detected.
Security Center performs the following detection:
|
![]() |
![]() |
![]() |
![]() |
![]() |
Other features | Security Center performs the following detection:
|
![]() |
![]() |
![]() |
![]() |
![]() |
Suspicious Account | Security Center detects suspicious accounts that attempt to log on to your system based on user behavior analysis. | ![]() |
![]() |
![]() |
![]() |
![]() |
Intrusion into applications | Security Center detects intrusion into applications, such as SQL Server. | ![]() |
![]() |
![]() |
![]() |
![]() |
Cloud threat detection | Security Center detects unusual use of cloud services based on user behavior analysis. For example, an attacker uses your AccessKey pair to purchase a large number of ECS instances to mine data. | ![]() |
![]() |
![]() |
![]() |
![]() |
Alerts of the Precision defense type | Security Center automatically blocks common Internet viruses, such as ransomware, DDoS trojans, mining and trojan programs, malicious programs, webshells, and computer worms. Alibaba Cloud security experts test and verify all the automatically blocked viruses to minimize false positive rates. | ![]() |
![]() |
![]() |
![]() |
![]() |
Persistent webshells | Security Center detects persistent webshells on servers. After an attacker gains control over a server, the attacker typically places webshells, such as scripts, processes, and links, to persistently exploit the intrusion. Common persistent webshells include crontab jobs, automatic tasks, and system replacement files. |
![]() |
![]() |
![]() |
![]() |
![]() |
Threats to web applications | Security Center detects intrusion activities that use web applications. | ![]() |
![]() |
![]() |
![]() |
![]() |
Malicious script | Security Center detects malicious scripts on servers. Malicious scripts are classified into file-based scripts and fileless scripts. After an attacker gains control over a server, the attacker uses scripts to carry out the actual attack. For example, the attacker may insert mining programs and webshells, and add administrator accounts to your system. Languages of malicious scripts include Bash, Python, Perl, PowerShell, Batch, and VBScript. |
![]() |
![]() |
![]() |
![]() |
![]() |
Malicious Network Activity | Security Center identifies unusual network behavior based on logs, such as communication content and host behavior logs. Malicious network behavior includes intrusion into hosts over open network services and unusual behavior of cracked hosts. | ![]() |
![]() |
![]() |
![]() |
![]() |
Threat detection during container runtime | Security Center detects threats to Container Service for Kubernetes in real time. The threats include viruses and malicious programs in containers or on hosts, intrusion into containers, and container escapes. Security Center also generates alerts for these threats and warnings for high-risk operations. Security Center detects the following threats for containers during container runtime and generates alerts for detected threats:
|
![]() |
![]() |
![]() |
![]() |
![]() |
Alert archiving | This feature archives the alert events that are handled prior to 30 days ago and allows you to download the archived alert events. This facilitates event tracing and audit. | ![]() |
![]() |
![]() |
![]() |
![]() |
Attack Awareness
Feature | Description | Basic | Anti-virus | Advanced | Enterprise | Ultimate |
---|---|---|---|---|---|---|
Attack awareness | Security Center displays the details of web attacks and brute-force attacks on your server. Security Center traces the attacker IP addresses and finds the flaws of the attacks. | ![]() |
![]() |
![]() |
![]() |
![]() |
Log Analysis
Feature | Description | Basic | Anti-virus | Advanced | Enterprise | Ultimate |
---|---|---|---|---|---|---|
Log analysis | Security Center allows you to retrieve and analyze raw log data. The data includes data related to process startup events, external network connections, system logon events, five tuples, DNS queries, security logs, and alert logs.
Note
Only users of the Security Center Enterprise and Ultimate editions can view network logs. Users of the Security Center Anti-virus or Advanced edition cannot view network logs. On the Log Analysis page of the Security Center console, users of the Anti-virus or Advanced edition can view only security and host logs.
|
![]() |
Value-added | Value-added | Value-added | Value-added |
Host Protection
Feature | Description | Basic | Anti-virus | Advanced | Enterprise | Ultimate |
---|---|---|---|---|---|---|
Agentless detection (Public preview) | The agentless detection feature adopts the agentless technology to scan and then detect security risks on ECS instances, precluding the need to install the Security Center agent. | ![]() |
![]() |
![]() |
![]() |
![]() |
Anti-ransomware | The anti-ransomware feature allows you to back up and restore data on your servers and databases. This protects your servers and databases from ransomware. | ![]() |
Value-added | Value-added | Value-added | Value-added |
Use the antivirus feature | The security experts of Security Center conduct automated analysis on attack methods based on a large number of persistent virus samples. Then, the security experts release an engine that can detect and remove viruses based on machine learning results. You can use the engine to detect and remove viruses with a few clicks. | ![]() |
![]() |
![]() |
![]() |
![]() |
Use the feature of web tamper proofing | Security Center monitors website directories and restores maliciously modified files or directories by using backups. Security Center protects websites from malicious modification, trojans, hidden links, and insertion of violence or pornography content. | ![]() |
Value-added | Value-added | Value-added | Value-added |
Use the malicious behavior defense feature | The malicious behavior defense feature provides system rules and allows you to create custom defense rules. This helps you enhance the security of your servers. | ![]() |
![]() |
![]() |
![]() |
![]() |
Container Protection
Feature | Description | Basic | Anti-virus | Advanced | Enterprise | Ultimate |
---|---|---|---|---|---|---|
Container image scan | Security Center detects the following image baseline risks, image vulnerabilities, and malicious image samples:
Note Only image system vulnerabilities can be fixed with a few clicks. Image application vulnerabilities, image baseline risks, malicious image samples, and sensitive image files can only be detected.
|
![]() |
![]() |
Value-added | Value-added | Value-added |
Use the feature of proactive defense for containers | Security Center provides the feature of proactive defense for containers. The feature allows you to detect risks on an image when you use the image to create resources in a cluster. The feature also allows you to create a container defense policy for a cluster. If an image hits the container defense policy, Security Center handles the image that is started in the cluster based on the action of the policy. The action can be Block, Alert, or Allow. This ensures that the image does not affect your business. | ![]() |
![]() |
![]() |
![]() |
![]() |
Use container escape prevention | The feature of container escape prevention detects high-risk operations from multiple dimensions such as processes, files, and system calls, and establishes protection barriers between containers and hosts. This effectively blocks escape behavior and ensures the runtime security of containers. | ![]() |
![]() |
![]() |
![]() |
![]() |
Container firewall | Security Center provides the container firewall feature. The feature delivers firewall capabilities to protect containers. If attackers exploit vulnerabilities or malicious images to intrude into clusters, the container firewall feature generates alerts or blocks attacks. | ![]() |
![]() |
![]() |
![]() |
![]() |
Use the container signature feature | Security Center signs trusted container images and verifies the signatures to ensure that only trusted images are deployed. This prevents unauthorized container images from being started and improves asset security.
Note Only Kubernetes clusters that are deployed in the China (Hong Kong) region support the image signature feature.
|
![]() |
![]() |
![]() |
![]() |
![]() |
CI/CD-based container image scan | Security Center detects image risks during the project building stage on Jenkins and GitHub in an efficient manner and provides solutions to detected image risks. The image risks include high-risk system vulnerabilities, application vulnerabilities, viruses, webshells, execution of malicious scripts, configuration risks, and sensitive data. | ![]() |
![]() |
![]() |
![]() |
![]() |
Application Protection
Feature | Description | Basic | Anti-virus | Advanced | Enterprise | Ultimate |
---|---|---|---|---|---|---|
Application protection (Public preview) | The application protection feature is developed based on the Runtime Application Self Protection (RASP) technology. This feature can detect attacks and protects applications during application runtime. | ![]() |
![]() |
![]() |
![]() |
![]() |
System Configuration
Playbook
Feature | Description | Basic | Anti-virus | Advanced | Enterprise | Ultimate |
---|---|---|---|---|---|---|
Use the playbook feature | Security Center provides the task management feature. You can run tasks to enable automatic fixing of vulnerabilities in multiple servers at a time. | ![]() |
![]() |
![]() |
![]() |
![]() |
Reports
Feature | Description | Basic | Anti-virus | Advanced | Enterprise | Ultimate |
---|---|---|---|---|---|---|
Create a security report | Security Center allows you to specify report information. After you enable this feature, Security Center sends emails that contain security statistics to the specified recipients. | ![]() |
![]() |
![]() |
![]() |
![]() |
Feature Settings
Feature | Description | Basic | Anti-virus | Advanced | Enterprise | Ultimate |
---|---|---|---|---|---|---|
Enable features on the Host Protection Settings tab | Proactive Defense - Anti-Virus This feature automatically blocks common network viruses, such as common ransomware, DDoS trojans, mining programs, trojans, malicious programs, webshells, and computer worms. |
![]() |
![]() |
![]() |
![]() |
![]() |
Proactive Defense - Anti-ransomware (Bait Capture) This feature uses bait to capture the new types of ransomware and analyzes the patterns of the new types of ransomware to protect your assets. |
![]() |
![]() |
![]() |
![]() |
![]() |
|
Proactive Defense - Webshell Protection This feature automatically intercepts abnormal connections that are initiated by attackers based on known webshells and quarantines related files. |
![]() |
![]() |
![]() |
![]() |
![]() |
|
Proactive Defense - Behavior prevention This feature intercepts the abnormal network behavior between your servers and disclosed malicious access sources, which reinforces the security of your servers. |
![]() |
![]() |
![]() |
![]() |
![]() |
|
Proactive Defense - Active defense experience optimization If your server unexpectedly shuts down or the defense capability is unavailable, Security Center collects server data by using the kdump service for protection analysis. This enhances the protection capability of Security Center on an ongoing basis. |
![]() |
![]() |
![]() |
![]() |
![]() |
|
Webshell detection Security Center periodically scans web directories to detect webshells and trojans on your servers. |
![]() |
![]() |
![]() |
![]() |
![]() |
|
Adaptive threat detection If a high-risk intrusion is detected on your server after the adaptive threat detection feature is enabled, the Security Center agent on your server automatically runs in Safeguard Mode For Major Activities mode. This mode helps detect intrusions in a faster and more comprehensive manner. |
![]() |
![]() |
![]() |
![]() |
![]() |
|
Protection modes
Security Center provides multiple modes to protect your server in different scenarios. You can configure the following protection modes to protect your server:
|
![]() |
![]() |
![]() |
![]() |
![]() |
|
Enable features on the Container Protection Settings tab | Kubernetes threat detection
Security Center monitors the status of running containers in a Kubernetes cluster. This allows you to detect security risks and attacker intrusions at the earliest opportunity. Security Center detects the following items:
|
![]() |
![]() |
![]() |
![]() |
![]() |
Container escape prevention The feature of container escape prevention detects high-risk operations from multiple dimensions such as processes, files, and system calls, and establishes protection barriers between containers and hosts. This effectively blocks escape behavior and ensures the runtime security of containers. |
![]() |
![]() |
![]() |
![]() |
![]() |
|
Enable features on the Agent Settings tab | Client protection After you enable the client protection feature, Security Center automatically intercepts unauthorized agent uninstallation. This feature prevents the agent from being uninstalled by attackers or terminated by other software. |
![]() |
![]() |
![]() |
![]() |
![]() |
Local file detection The local file detection engine performs security checks on new script files and binary files on your server. If threats are detected, the engine reports alerts. |
![]() |
![]() |
![]() |
![]() |
![]() |
|
Enable features on the Other Settings tab | Global log filtering The global log filtering feature ensures security, and helps you effectively use your log storage and improve operational efficiency. |
![]() |
(The feature is supported after you purchase log storage capacity.) | (The feature is supported after you purchase log storage capacity.) | (The feature is supported after you purchase log storage capacity.) | (The feature is supported after you purchase log storage capacity.) |
Security control Security control allows you to configure the IP address whitelist. Requests initiated from IP addresses in the whitelist are directly forwarded to destination servers. This prevents normal network traffic from being blocked. |
![]() |
![]() |
![]() |
![]() |
![]() |
|
Access control Resource Access Management (RAM) allows you to create and manage RAM users, such as individuals, system administrators, and application administrators. You can manage RAM user permissions to control access to Alibaba Cloud resources. |
![]() |
![]() |
![]() |
![]() |
![]() |
|
Installation and uninstallation of the Security Center agent | Security Center allows you to install and uninstall the Security Center agent. | ![]() |
![]() |
![]() |
![]() |
![]() |
Use the proxy access feature | ECS instances that reside in a VPC and are inaccessible over the Internet can be added to Security Center by using the proxy access feature. You can also use the feature to manage the uplink traffic of the ECS instances. The uplink traffic refers to the traffic from ECS instances to Security Center. | ![]() |
![]() |
![]() |
![]() |
![]() |
Multi-cloud asset access | This feature allows you to add third-party cloud servers and servers in data centers to Security Center for protection and management. | ![]() |
![]() |
![]() |
![]() |
![]() |
IDC probe | Security Center allows you to create IDC probes to scan servers and identify the servers that have the Security Center agent installed in a data center. Then, you can synchronize the information about the identified servers to the Assets module of the Security Center console. This way, Security Center can manage the servers in a centralized manner. | ![]() |
![]() |
![]() |
![]() |
![]() |
Use the feature of asset management rules | The asset management rules feature lets you configure rule conditions. You can manage servers that meet the specified rule condition by group or tag in a simple and efficient manner. | ![]() |
![]() |
![]() |
![]() |
![]() |
Notification Settings
Feature | Description | Basic | Anti-virus | Advanced | Enterprise | Ultimate |
---|---|---|---|---|---|---|
Use the notification feature | Security Center allows you to customize notification methods and alert severities of alert notifications. Security Center sends alert notifications by using text messages, emails, internal messages, or DingTalk chatbots.
Note Only the
Enterprise and Ultimate editions of Security Center support DingTalk chatbots.
|
![]() |
![]() |
![]() |
![]() |
![]() |
Multi-account Control
Feature | Description | Basic | Anti-virus | Advanced | Enterprise | Ultimate |
---|---|---|---|---|---|---|
Use the multi-account control feature | Security Center allows you to manage multiple Alibaba Cloud accounts and resource accounts in an enterprise. You can monitor the security status of accounts in a resource directory. | ![]() |
![]() |
![]() |
![]() |
![]() |
Compliance
Feature | Description | Basic | Anti-virus | Advanced | Enterprise | Ultimate |
---|---|---|---|---|---|---|
Security compliance check | Security Center checks whether your assets comply with classified protection regulations, including those on communication networks, region borders, computing environments, and management centers. Security Center also generates compliance reports. | ![]() |
![]() |
![]() |
![]() |
![]() |
ISO 27001 compliance check | Security Center checks whether your system meets ISO 27001 requirements from the aspects, such as asset management, access control, cryptography, and operation security. | ![]() |
![]() |
![]() |
![]() |
![]() |
Threat detection limits
When Security Center detects risks, it sends security alerts to you without delay. You can manage security alerts, scan for vulnerabilities, analyze attacks, and perform configuration assessment in the Security Center console. Security Center can also analyze alerts and automatically trace attacks. This reinforces the security of your assets. To protect your assets against attacks, we recommend that you regularly install the latest security patches on your server, and use other security services along with Security Center, such as Cloud Firewall and Web Application Firewall (WAF).