This topic provides a brief introduction to the Overview tab of the Security Center console. The Overview tab is a security operations center for your Alibaba Cloud services. The tab displays the information about your assets, including the security score, risks, security trends, and brief asset information. The tab also provides entry points to upgrade and renew Security Center, and increase related quotas. You can perform security operations on your assets in a centralized manner on the Overview tab.
Background information
Secure score
The Secure Score section displays the security score of your assets and the number of risks that are detected on your assets. For more information about how to improve the security score, see Improve the security score of your assets.
Click Fix Now to go to the Security Risk panel. In the panel, you can view the penalty point for each risk. If you want to handle a risk, you can click Process Now to the right of the risk to go to the page on which you can view the related risk. You can handle the risk based on the risk details or the solutions that are provided on the page.
- Risks that must be handled at the earliest opportunity by using the Security Center protection features
- Configuration risks of core features
- Unhandled alerts
- Unfixed vulnerabilities
- Baseline risks
- AccessKey pair leaks
- Configuration risks of cloud services
- Attacks and other types of risks
Security scores
This following table describes the ranges of scores and deduction items.
| Security score | Description | Font color |
|---|---|---|
| 95 to 100 | Your assets are secure. | Green |
| 85 to 94 | Your assets are exposed to a few of security risks. We recommend that you reinforce the security of your system at the earliest opportunity. | Yellow |
| 70 to 84 | Your assets are exposed to a large number of security risks. We recommend that you reinforce the security of your system at the earliest opportunity. | Yellow |
| 69 or lower | Your assets are at high risk. We recommend that you reinforce the security of your system at the earliest opportunity. | Red |
Deduction items
- The maximum security score is 100, and the minimum security score is 10.
- If the security score is greater than 60 after penalty points are endorsed but unhandled alerts are detected, the final score is still 60.
- If the security score is greater than 80 after penalty points are endorsed but unhandled alerts or vulnerabilities are detected, the final score is still 80.
- If the security score is greater than 90 after penalty points are endorsed but unhandled baseline risks are detected, the final score is still 90.
- All paid editions in the following table indicate the Anti-virus, Advanced, Enterprise, and Ultimate editions of Security Center.
| Category | Edition | Deduction item | Penalty point | Suggestion |
|---|---|---|---|---|
| Configuration risks of core features | All paid editions | Web tamper proofing is disabled. | 5 | Enable web tamper proofing |
| Basic | No rules are configured to prevent brute-force attacks. | 2 | Configure alert settings | |
| Basic | Quick installation of the Security Center agent is not authorized. | 2 | If this is the first time that you use this feature, obtain the required permissions. | |
| Advanced, Enterprise, and Ultimate | Configuration assessment is not authorized. | 2 | If this is the first time that you use this feature, obtain the required permissions. | |
| All paid editions | Log analysis is disabled. | 2 | Enable log analysis | |
| All paid editions | Antivirus is disabled. | 2 | Use proactive defense | |
| All paid editions | No anti-ransomware policies are created. | 15 | Create an anti-ransomware policy | |
| All paid editions | Periodic virus detection is disabled. | 5 | Use the antivirus feature | |
| Advanced, Enterprise, and Ultimate | Container images that can be scanned are not specified. | 5 | Scan images | |
| Ultimate | Kubernetes threat detection is disabled. | 5 | Use threat detection on Kubernetes containers | |
| Unhandled alerts | All paid editions | Unhandled high-risk alerts are detected. | 20 | View and handle alerts |
| All paid editions | Unhandled medium-risk alerts are detected. | 20 | View and handle alerts | |
| All paid editions | Unhandled low-risk alerts are detected. | 20 | View and handle alerts | |
| Unfixed vulnerabilities | Advanced, Enterprise, and Ultimate | Unfixed Web-CMS vulnerabilities are detected. | 2 | View and handle Web-CMS vulnerabilities |
| Advanced, Enterprise, and Ultimate | Unfixed Windows system vulnerabilities are detected. | 2 | View and handle Windows system vulnerabilities | |
| Advanced, Enterprise, and Ultimate | Unfixed Linux software vulnerabilities are detected. | 2 | View and handle Linux software vulnerabilities | |
| Advanced, Enterprise, and Ultimate | Unfixed urgent vulnerabilities are detected. | 5 | View and handle urgent vulnerabilities | |
| Advanced, Enterprise, and Ultimate | Urgent vulnerabilities exist but are not detected. If no Elastic Compute Service (ECS) instances are used, no penalty points are endorsed. | 3 | View and handle urgent vulnerabilities | |
| Baseline risks | Enterprise and Ultimate | Baseline risks are detected. | 1 | View baseline check results and handle baseline risks |
| Config Assessment Risks | Advanced, Enterprise, and Ultimate | Anti-DDoS Pro and Anti-DDoS Premium fail the back-to-origin configuration check. |
|
Overview |
| Advanced, Enterprise, and Ultimate | Two-factor authentication is disabled for your Alibaba Cloud account. |
|
||
| Advanced, Enterprise, and Ultimate | ApsaraDB RDS fails the security policy check. |
|
||
| Advanced, Enterprise, and Ultimate | High risks are detected in cloud service configurations. | 2 | ||
| Advanced, Enterprise, and Ultimate | Low and medium risks are detected in cloud service configurations. | 1 | ||
| AccessKey pair leaks | All editions | AccessKey pair leaks are detected. | 30 | Detection of AccessKey pair leaks |
| Others | Enterprise and Ultimate | Attack events are detected. | 5 | Improve the security score of your assets |
Edition and protection details
The section in the upper-right corner of the Overview tab displays the Security Center edition that you use, the date on which Security Center expires, and the statistics about your assets. The following statistics are displayed: Purchased Quota, Total Cores, Unprotected assets (ECS), Remaining Anti-ransomware Capacity, Remaining Log Storage Capacity, Security capability enabled, Virus Library Version, and System Vul scan time.
- Purchase Security Center: If you use Security Center Basic and you meet the requirements to apply for a free trial, you can click Try Now to start the free trial of Security Center Ultimate. For more information, see Apply for a free trial of Security Center Ultimate. If you want to continue using Security Center after the trial period ends, you can click Try Now to purchase Security Center. For more information about the features that each edition supports, see Functions and features. For more information about how to purchase Security Center, see Purchase Security Center.
- Upgrade Security Center: If you use the Anti-virus, Advanced, Enterprise, or Ultimate edition of Security Center and want to upgrade Security Center or increase the number of protected servers, the quota for cores of servers that you want to protect, or the purchased quota of a value-added feature, you can click Upgrade Now. You can also click Upgrade Now to separately purchase value-added features. For more information, see Upgrade and downgrade Security Center.
- Renew Security Center: If you use the Anti-virus, Multi-edition, Advanced, Enterprise, Ultimate, or Value-added Plan edition of Security Center and want to renew Security Center before it expires, you can click Renewal. For more information, see Renew the subscription to Security Center.
- Install the Security Center agent: If you want to install the Security Center agent on unprotected servers, you can click Install now below Unprotected assets (ECS) to go to the Agent tab of the Settings page. Then, install the Security Center agent on the servers to protect the servers. For more information, see Install the Security Center agent.
- Purchase additional capacity: If the available anti-ransomware capacity or log storage capacity is less than 10%, you can click Upgrade to purchase more anti-ransomware capacity or log storage capacity.
Security risks
The following table describes the details.
| Type | Description |
|---|---|
| Unhandled Alerts | This section displays the total number of unhandled alerts on your assets and the
numbers of alerts at different risk levels.
The alerts generated by Security Center are classified into the following risk levels:
You can click the number below Unhandled Alerts to go to the Alerts page to view and handle alerts. For more information, see View and handle alerts. |
| Unfixed Vul | This section displays the total number of unfixed vulnerabilities in your assets.
You can click the number below Unfixed Vul to go to the Vulnerabilities page to view and handle vulnerabilities. For more information, see Vulnerability fixes. |
| Baseline Risks | This section displays the number of baseline risks in your assets.
You can click the number below Baseline Risks to go to the Baseline Check page to view and handle baseline risks. For more information, see View baseline check results and handle baseline risks. |
| Config Assessment | This section displays the risks in the baseline configurations of your cloud services.
You can click the number below Config Assessment to go to the Cloud Platform Configuration Assessment page to view and handle the detected risks in the configurations of your cloud services. For more information, see Overview. |
| AccessKey Leak | This section displays the total number of unhandled AccessKey pair leaks on your assets.
You can click the number below AccessKey Leak to go to the AK leak detection page to view and handle AccessKey pair leaks. For more information, see Detection of AccessKey pair leaks. |
| Image security scan | This section displays the total number of unhandled risks and vulnerabilities in your
images.
You can click the number below Image security scan to go to the Image Security page to view and handle image risks and vulnerabilities. For more information, see Scan images. |
| Tamper Protection | This section displays the total number of tampered web pages in your assets.
You can click the number below Tamper Protection to go to the Tamper Protection page to view and handle the tampering risks. For more information, see Overview. |
Security operations trend
Recommended information
- On the Security Information tab, you can view security information such as information about high-risk vulnerabilities that are detected in the last six months.
- On the Classified Protection Compliance tab, you can click Check Now to go to the Compliance page to view the results of classified protection compliance checks and ISO 27001 compliance checks. Security Center provides the feature of classified protection compliance check at no cost to assess the security of your communication networks, compute environments, zone boundaries, management centers, and system construction management. You can use the feature to check whether your system meets the MLPS 2.0 baseline requirements.
- On the Website tab, you can click Check Now to go the Website Security Report page to check your websites for vulnerabilities and risks in website configurations with a few clicks.
- On the Security Group tab, you can click Check Now to go to the Policy Assistant page of the Cloud Firewall console to check your security group configurations for risks with a few clicks.
Entry points to Security Center documentation
