Security Center is a cloud platform that can help you manage security risks. Security Center can continuously monitor the security status and provides in-depth threat defense, comprehensive analysis, and quick response capabilities.

Security Center uses a cloud-native architecture to provide multiple features such as cloud asset management, baseline check, proactive defense, security hardening, configuration assessment, and security status visualization. The features can efficiently detect and block risks such as virus spreading, attacks, encryption ransomware, vulnerability exploits, and AccessKey pair leaks. Security Center is an end-to-end and automated system for security operations. Security Center helps you protect workloads on hosts, containers, and virtual machines that are deployed on hybrid clouds and helps you meet regulatory compliance requirements.

Security Center provides core features such as detection and analysis of risks on hosts, containers, and configurations of cloud services. The features are developed based on years of practices in cloud security and experiences in attack and defense scenarios. Security Center uses a large amount of logs that are stored on the cloud, analysis models, and superior computing power to provide comprehensive capabilities for monitoring the status of cloud security. You can use Security Center to protect servers in data centers and servers that are deployed on Alibaba Cloud, hybrid clouds, and third-party clouds.

Architecture

Security Center builds an in-depth protection system that covers the network layer, host layer, and application layer. The system protects networks, hosts, and web applications against intrusions, detects web application vulnerabilities, and scans for trojans. The system uses big data analysis to provide a more precise algorithm and rule support for the protection system at each layer.

Protection at the network layer

Security Center detects threats by capturing packets at the network layer. You can check and analyze each inbound and outbound packet of the base on which your workloads and cloud services are deployed based on traffic mirroring.

Protection at the application layer

Security Center scans for web application vulnerabilities, detects web attacks, and analyzes the access records at the application layer. Then, Security Center reports the information found at the application layer to the data analysis cluster of Security Center. The report operation does not affect the performance of applications.

Protection at the host layer

Security Center monitors your hosts in real time to identify suspicious processes, ports, and network connections at the earliest opportunity. Security Center also periodically scans for host vulnerabilities and configuration risks. This protects your hosts in a comprehensive manner.

Security Center is integrated with the big data security analytics platform to detect potential intrusion attempts and threats based on machine learning and data models. A Security Center-based threat detection system is built. Security Center analyzes a large amount of user data in real time and traces the sources of attacks based on security events. Then, Security Center uses the analysis and tracing results to detect suspicious behavior in the networks and business systems of users and generate alerts for threats. If Security Center detects penetration from attackers, social engineering attacks, network attacks, and phishing attacks, Security Center delivers quick response and generates threat intelligence. You can make security decisions based on the threat intelligence.

Editions

Security Center is available in the Basic, Anti-virus, Advanced, Enterprise, and Ultimate editions. The Basic edition is free of charge.

Kubernetes cluster
Edition Overview
Basic edition

Security Center Basic provides basic security hardening capabilities free of charge. You can use the capabilities to detect unusual logons to your servers, DDoS attacks, common vulnerabilities on your servers, and configuration risks of cloud services. If you select Security Enhancement when you purchase an Elastic Compute Service (ECS) instance, Security Center Basic is automatically activated.

Security Center offers a 7-day free trial of the Ultimate edition. Only users who have purchased an ECS instance and have never tried Security Center can apply for the free trial. If you are qualified for a 7-day free trial, the Security Center console displays a message that offers the free trial after you log on.

Anti-virus edition

Security Center Anti-virus uses the subscription billing method and provides security features, such as alerting and antivirus.

Advanced edition

Security Center Advanced uses the subscription billing method and provides security features, such as alerting, antivirus, vulnerability detection and fixing, and security reports.

Enterprise edition

Security Center Enterprise uses the subscription billing method and provides a wide array of security features. The features include alerting, antivirus, vulnerability detection and fixing, baseline check, asset fingerprints, and attack analysis.

Ultimate edition

Security Center Ultimate uses the subscription billing method and provides a wide array of security features. The features include container image scan, threat detection on Kubernetes containers, network topology of containers, alerting, antivirus, vulnerability detection and fixing, baseline check, asset fingerprints, and attack analysis.

Features

Precaution

Vulnerability scan and fixing

Security Center scans for common system and software vulnerabilities and allows you to fix vulnerabilities with a few clicks.

Configuration assessment

Security Center implements a closed-loop security check based on the security practices and features of cloud services.

Baseline check

Security Center performs baseline checks by using the baselines of Alibaba Cloud best configurations. This reduces risks due to improper configurations.

Proactive defense

Anti-ransomware and antivirus

Security Center intercepts seven types of known viruses such as ransomware, mining viruses, worms, and DDoS trojans in real time.

Web tamper proofing

Security Center prevents your websites from being inserted with hidden links, webshells, and content that involves politics and terrorism.

Threat detection

More than 250 threat detection models

The threat detection models provide end-to-end threat detection capabilities to detect attacks at the earliest opportunity.

Automatic alert correlation analysis

Security Center automatically aggregates alerts and identifies intrusions that are caused by low-risk exceptions. This improves the efficiency of security operations.

Container security

Image vulnerability scan

Security Center thoroughly scans container images for vulnerabilities and provides solutions to fix vulnerabilities.

Threat detection on containers

Security Center supports threat detection on Kubernetes containers and during container runtime.

Container firewall

Security Center provides the container firewall feature that delivers integrated firewall capabilities in container environments. The feature intelligently learns access control policies, generates alerts, and blocks abnormal traffic.

Investigation and response

Attack source tracing

Security Center automatically traces the sources and causes of attacks. You can view the information about attacks and make quick response.

Log analysis and audit

Security Center provides the log audit and log analysis features. Security Center also provides a platform on which you can meet compliance requirements and trace the sources of attacks.

References

Compliance certifications

Security Center complies with the standards of ISO 9001, ISO 20000, ISO 22301, ISO 27001, ISO 27017, ISO 27018, ISO 29151, ISO 27701, and BS 10012. It also obtains the Security, Trust, Assurance and Risk (STAR) certificate from Cloud Security Alliance (CSA) and complies with Payment Card Industry Data Security Standard (PCI DSS).