All Products
Search
Document Center

Security Center:FAQ

Last Updated:Aug 02, 2024

Security Center is a cloud platform that can be used to handle security risks. Security Center can continuously monitor the security status and provides in-depth threat defense, comprehensive analysis, and quick response capabilities. To meet the security requirements in different scenarios, Security Center provides multiple editions and value-added features. This topic provides answers to some frequently asked questions before the purchase of Security Center.

I purchased ECS instances from Alibaba Cloud, but vulnerabilities are detected on the instances, and the instances are infected by viruses such as mining viruses and ransomware. Why?

If you purchase Elastic Compute Service (ECS) instances from Alibaba Cloud, Alibaba Cloud ensures the physical security of the computing infrastructure and the integrity of the network infrastructure, and provides basic cloud security capabilities. You are responsible for the security of your business system that is deployed on the ECS instances, including the installation, configuration, maintenance, and security management of operating systems and applications. Alibaba Cloud provides only the computing infrastructure, which is irrelevant to your business system. Therefore, you must separately conduct measures to protect your business system.

image

If your ECS instance is exposed to risks such as vulnerabilities, weak passwords, data leaks, or insecure network configurations, attackers can exploit the risks to inject malicious programs such as viruses, ransomware, or mining software into your ECS instance. This causes your ECS instance to be infected or illegally used. Security Center provides basic security capabilities. You can install the Security Center agent on your ECS instance to ensure security. For more information, see Install the Security Center agent.

I used the free trial of Security Center Ultimate before. Can I apply for the free trial again?

No, you cannot apply for the free trial again. Each Alibaba Cloud account is limited to one free trial of Security Center Ultimate.

How do I apply for a free trial of Security Center?

Security Center offers free trials of multiple editions. If your account meets the required conditions, you can apply for a free trial of Security Center.

Edition

Trial duration

Condition

Reference

Basic

Unlimited

Your Alibaba Cloud account passes real-name verification.

Introduction to Security Center Basic

Ultimate

Seven days

You have not used a paid edition of Security Center, and your Alibaba Cloud account passes real-name verification. The paid editions of Security Center are the Anti-virus, Advanced, Enterprise, and Ultimate editions.

Apply for a 7-day free trial of Security Center

How do I enable application vulnerability detection after I enable a free trial?

After you enable the free trial of the Enterprise or Ultimate edition, you can use manual quick scan or configure an automated periodic scan to detect application vulnerabilities. The following list describes the methods:

  • Manual quick scan.

    1. Log on to the Security Center console. In the top navigation bar, select the region of the asset that you want to manage. You can select China or Outside China.

    2. In the left-side navigation pane, choose Risk Governance > Vulnerabilities.

    3. On the Vulnerabilities page, click Scan now.

    4. In the Vulnerability Scan dialog box, select Application Vulnerability and click OK.

  • Automated periodic scan: The scan period is from 00:00:00 to 07:00:00.

    1. Log on to the Security Center console. In the top navigation bar, select the region of the asset that you want to manage. You can select China or Outside China.

    2. In the left-side navigation pane, choose Risk Governance > Vulnerabilities.

    3. In the upper-right corner of the Vulnerabilities page, click Vulnerability Settings.

    4. In the Vulnerability Settings panel, specify a value for the Application Vul(s) Scan Cycle parameter.

What are the differences between the Basic edition of Security Center and a free trial of Security Center?

A free trial of Security Center is different from the Basic edition of Security Center.

The Basic edition of Security Center is provided for all Alibaba Cloud users free of charge. The Basic edition supports basic security hardening capabilities, including the detection of unusual logons to servers, DDoS trojan detection, mining virus detection, and vulnerability detection on common types of servers. The Basic edition can be used with an unlimited duration and is available to all Alibaba Cloud users. For more information, see Introduction to Security Center Basic.

A free trial allows you to try the Enterprise or Ultimate edition of Security Center within a limited period. The Enterprise and Ultimate editions are paid editions. When you use a free trial of the Enterprise or Ultimate edition, you can use the security hardening capabilities that are supported by the edition, including virus detection and removal, and threat detection. You can also use specific value-added features such as application protection, vulnerability fixing, and log analysis. For more information about a free trial, see Apply for a 7-day free trial of Security Center.

What do I do if the Overview page does not provide an entry point to a free trial of Security Center?

If the Overview page in the Security Center console does not provide an entry point to a free trial of Security Center, you have used a free trial or purchased Security Center. In this case, you cannot apply for a free trial of Security Center. If you want to use the protection capabilities of Security Center, you can purchase Security Center. For more information, see Purchase Security Center.

Are the configurations of Security Center retained after a free trial of Security Center ends?

Yes, all feature configurations and historical data are retained for seven days after a free trial of Security Center ends. The configurations and data are automatically cleared after the seven days.

Can I cancel the free trial of Security Center?

Yes, you can cancel the free trial of Security Center. To cancel the free trial, go to the Overview page and click Release Trial. Each Alibaba Cloud account is limited to one free trial for Security Center. After you cancel the free trial, you cannot re-apply for the free trial.

How does Security Center detect and respond to attacks from end to end in attack and defense scenarios?

Attack and defense drills are systematic, large-scale, and normalized step by step. The drills cover key business systems across all industries. However, attack methods, including phishing, supply chains, and puddles, become more stealthy. Middleware and software deployed on the cloud are exposed on the Internet, which causes them to be prone to attacks. To detect and respond to attacks, Security Center provides the following capabilities:

  • Defense: Security Center records threats to operating systems and system business applications, and detects and blocks events in attack and defense scenarios, such as webshells, abnormal outbound connections, brute-force attacks, ransomware programs, mining programs, account risks, vulnerability exploits, and SQL injections.

  • Assessment: Security Center discovers assets and performs vulnerability and baseline assessment to detect vulnerabilities on your system. This way, you can understand the status of your assets.

  • Reinforcement: Security Center provides a protection mode for major activities. The protection mode involves tuning for vulnerability fixing, security baseline reinforcement, and permission and protection policy configuration to minimize the risk surface.

  • Alert: Security Center uses Alibaba Cloud threat intelligence and analyzes the abnormal behavior of servers to identify and respond to security risks.

  • Tracing: Security Center uses a big data analysis engine to process data to implement automated risk tracing. This way, you can identify the causes of risks and make decisions for emergency response.

If I have 100 ECS instances, can I activate Security Center only for 10 ECS instances?

Yes, you can activate Security Center only for specific ECS instances.

When you purchase Security Center by using the subscription billing method, you can purchase quotas based on your business requirements. During the purchase, you can bind quotas to specific servers. You can also bind quotas to servers after the purchase. For more information, see Manage quotas.

Can I purchase Security Center on a monthly basis?

Yes,

you can purchase and renew Security Center on a monthly basis. For more information, see Billing overview.

After I purchase Security Center by using the pay-as-you-go billing method, can I receive alerts by email and DingTalk chatbot?

No, you cannot receive alerts by email or DingTalk chatbot.

If you purchase Security Center by using the pay-as-you-go billing method, at least one of the following features is purchased: vulnerability fixing, configuration assessment, and agentless detection. The other security capabilities that you can use are supported by the Basic edition of Security Center, which indicates that alerts are sent only by internal message. If you want to use advanced security capabilities, you can purchase the Anti-virus, Advanced, Enterprise, or Ultimate edition of Security Center. For more information, see Purchase Security Center.

Why is the price of the Advanced edition on the buy page higher than the list price?

The price on the buy page is based on the following two factors:

  • Protected Servers

    The Protected Servers parameter specifies the total number of assets that are protected by Security Center. The assets include Alibaba Cloud ECS instances and third-party servers on which the Security Center agent is installed. The default value is the total number of ECS instances and third-party servers on which the Security Center agent is installed within your Alibaba Cloud account. If the number of protected servers is greater than 1, the price on the buy page is higher than USD 9.5 per month.

  • Enabled value-added features

    Security Center provides value-added features, such as web tamper proofing, log analysis, and anti-ransomware. When you purchase Security Center, the default values of the Log Analysis and Anti-ransomware parameters are used. If you do not require log analysis or anti-ransomware, set the Log Analysis and Anti-ransomware parameters to 0 GB when you purchase the Anti-virus edition.

Are there differences among the editions of Security Center?

Yes, different editions of Security Center provide different features.

Security Center provides multiple editions such as Basic, Anti-virus, Advanced, Enterprise, and Ultimate. For more information about the features supported by each edition of Security Center, see Functions and features.

Which edition of Security Center provides the quick vulnerability fixing feature?

All editions of Security Center provide the quick vulnerability fixing feature when specific conditions are met.

  • If you use the Advanced, Enterprise, or Ultimate edition, you do not need to separately purchase the vulnerability fixing feature. You can directly use the feature to fix vulnerabilities for the protected servers. The quota for vulnerability fixing is not limited.

  • If you use the Basic, Value-added Plan, or Anti-virus edition, you must purchase the vulnerability fixing feature based on the pay-as-you-go or subscription billing method.

    Note

    If you purchase the vulnerability fixing feature by using the pay-as-you-go billing method or purchase a quota for the feature, you can use the feature to fix only Linux software vulnerabilities and Windows system vulnerabilities.

Which edition of Security Center is required if I want to meet the testing and evaluation requirements for classified protection?

You must purchase the Enterprise or Ultimate edition of Security Center and separately enable log analysis, which is a value-added feature. For more information about how to enable log analysis, see Enable log analysis.

Note

The Enterprise and Ultimate editions of Security Center support the baseline check feature that is required to meet the requirements for classified protection. You can use the baseline check feature along with log analysis to meet the testing and evaluation requirements for classified protection. Log data is retained for 180 days.

How do I obtain the Basic edition of Security Center?

By default, the Basic edition of Security Center is activated for all Alibaba Cloud users. If you have not purchased Security Center, you can view the identifier of Security Center Basic on the Overview page of the Security Center console. If you use the Basic edition, you can use security capabilities such as vulnerability detection, unusual logon detection, AccessKey pair leak detection, and compliance check. Before you can use the capabilities, you must install the Security Center agent on your server. For more information, see Introduction to Security Center Basic.

Which Alibaba Cloud services can I install the Security Center agent?

You can install the Security Center agent on ECS instances, ECS bare metal instances, and simple application servers. You cannot install the agent on resources of Alibaba Cloud services, such as Server Load Balancer (SLB), Object Storage Service (OSS), and Elastic Desktop Service (EDS).

How do I check whether an ECS instance that I purchased is protected by Security Center?

If the status of the Security Center agent that is installed on your ECS instance is 已防护图标.png, the instance is protected by Security Center. You can view the status on the Host page. If you do not purchase an edition of Security Center, your ECS instance is protected by the Basic edition of Security Center. The Basic edition provides only basic security capabilities, such as vulnerability detection and mining virus detection. For more information, see Introduction to Security Center Basic. After you purchase an edition of Security Center, your ECS instance is protected by the features provided by the edition.

Can I use Security Center to protect servers in data centers?

Yes,

you can use Security Center to protect Alibaba Cloud ECS instances, servers in data centers, and third-party cloud servers. To use Security Center to protect your servers, you need to only install the Security Center agent on the servers. For more information, see Install the Security Center agent and Add servers in a data center to Security Center by using a proxy cluster.

Can Security Center protect third-party cloud servers?

Yes,

Security Center can protect cloud servers of third-party service providers, such as Amazon Web Services (AWS), Tencent Cloud, QingCloud, and UCloud. To use Security Center to protect your servers, you must install the Security Center agent on the servers. For more information, see Add a third-party asset to Security Center and Manually install the Security Center agent.

How do I use Security Center to protect servers in data centers and third-party cloud servers?

To use Security Center to protect servers in data centers and third-party cloud servers, you must first install the Security Center agent on the servers. For more information, see the following table.

Server type

How to use Security Center to protect the servers

Alibaba Cloud ECS instances

If you select Security Hardening when you purchase an ECS instance, the Security Center agent is automatically installed on the instance, and Security Center Basic is automatically activated.

Note

Security Center Basic detects only unusual logons to servers and urgent vulnerabilities. The Basic edition is suitable for individual users.

If you do not select Security Hardening when you purchase an ECS instance or Security Center notifies you that the Security Center agent is offline, perform the following steps to enable Security Center to protect the ECS instance:

  1. Upgrade Security Center to the Anti-virus, Advanced, Enterprise, or Ultimate edition. For more information, see Purchase Security Center.

  2. Log on to the Security Center console.

  3. Install the Security Center agent on the ECS instance. For more information, see Manually install the Security Center agent.

Third-party cloud servers

If you want to use Security Center to protect the servers in data centers and third-party cloud servers, perform the following steps:

  1. Upgrade Security Center to the Anti-virus, Advanced, Enterprise, or Ultimate edition. For more information, see Purchase Security Center.

  2. Log on to the Security Center console.

  3. Install the Security Center agent on the ECS instance. For more information, see Manually install the Security Center agent.

Servers in data centers

Does Security Center remove viruses?

Yes,

the Anti-virus, Advanced, Enterprise, and Ultimate editions of Security Center detect and automatically remove common viruses. For more information, see Description.

Does Security Center automatically quarantine viruses?

No, Security Center does not automatically quarantine viruses. Security Center can automatically block malicious programs, but cannot automatically quarantine infected files.

  • Automatic blocking: When virus intrusion is detected, Security Center identifies the virus and blocks the virus-related programs and processes. Security Center can automatically block common Internet viruses, such as ransomware, DDoS trojans, mining and trojan programs, malicious programs, webshells, and computer worms.

  • Automatic quarantine: After a system is intruded by viruses, infected files are moved to the quarantine to prevent the infected files from running again. An infected file can be a system- or business-related file. If the file is quarantined, your business may fail to run as expected. Security Center cannot automatically quarantine viruses. If you confirm that the impact of infected files on your business can be controlled, you can manually quarantine infected files. For more information, see View and handle alerts.