Security Center provides unified security management and protection for your cloud assets. It builds an automated security operations system by integrating asset management, risk discovery, security hardening, real-time defense, and incident response. Security Center protects workloads such as hosts, containers, and virtual machines deployed on Alibaba Cloud, other cloud platforms, or in on-premises data centers. It defends against threats such as ransomware, cryptomining, and vulnerability exploits, and helps you meet compliance requirements.
Product architecture
Security Center uses the following core components to complete a closed-loop security operations cycle, from asset discovery to incident response:
Asset inventory: Provides a unified inventory and management of all assets (including servers, containers, and cloud-native products) in multi-cloud environments. This enhances asset visibility, creating a foundation for risk assessment and policy development.
Risk discovery: Proactively identifies potential security risks, including operating system (OS) and application vulnerabilities, cloud product misconfigurations, and identity risks such as leaked AccessKeys.
Security hardening: Offers risk remediation capabilities, such as patching system vulnerabilities, correcting misconfigurations, and enabling web tamper proofing and anti-ransomware data backups to enhance asset security.
Real-time protection: Delivers continuous protection for host and container runtime environments. It uses technologies like virus signatures, behavioral analysis, and Runtime Application Self-Protection (RASP) to detect and automatically block attacks such as viruses, trojans, unauthorized logins, and malicious files in real time.
Proactive detection and response: Uses cloud honeypots to lure attackers, reconstructs attack chains with Cloud Threat Detection and Response (CTDR), and uses a large AI security model for alert correlation analysis. This process enables automated incident handling through Security Orchestration, Automation, and Response (SOAR).
Use cases
Compliance support
To meet compliance requirements such as the Multi-Level Protection Scheme (MLPS) 2.0, Security Center provides a range of security capabilities that closely align with compliance clauses. Features like baseline checks and remediation, vulnerability management, security auditing, and intrusion prevention help you implement the necessary technical and administrative security measures, simplifying the compliance process and enabling your organization to meet requirements efficiently.
Unified host security for hybrid and multi-cloud environments
For complex environments with workloads deployed across Alibaba Cloud, other cloud providers, and on-premises data centers, Security Center offers a unified security management solution. By deploying an agent on all servers, it provides centralized security control for hosts across different platforms and regions. This enables unified virus scanning, vulnerability assessments, and policy configuration, reducing operational complexity and strengthening your overall security posture.
Secure the full container lifecycle
To address security challenges in containerized environments, Security Center provides protection across the entire container lifecycle, from build and deployment to runtime. It offers features such as container image scanning, runtime intrusion detection and prevention, and Kubernetes cluster threat detection to effectively secure cloud-native applications.
Advantages
As a security product designed natively for the cloud, Security Center offers the following advantages over traditional server antivirus software:
Unified management: Provides unified protection and management for hosts and containers across Alibaba Cloud, other cloud providers, and on-premises data centers.
Lightweight and efficient: Uses a cloud-based detection and endpoint-based response architecture. The agent consumes minimal server resources (CPU usage does not exceed 10% of a single core in low-consumption mode) and does not affect business performance.
Deep integration: Deeply integrated with the cloud platform to detect configuration risks in cloud products. It interoperates with other security services, such as Cloud Firewall, to enable automated threat response, completing the security operations loop.
Comprehensive threat detection: Provides end-to-end threat detection capabilities with over 380 threat detection models and eight protection engines to quickly identify and defend against the latest risks.
Billing
Security Center supports two billing methods: Subscription and Pay-as-you-go. Each method determines your charges and available features.
Regardless of the billing method you choose, you have access to the features of the Basic Edition. For more information, see Introduction to the Basic Edition of Security Center.
Item | Subscription | Pay-as-you-go |
Billing characteristics | Pay a single fee for a monthly or yearly term. The fixed cost makes budgeting simple. | Pay only for what you use, offering flexibility with no upfront investment. |
Cost | Fee = Edition fee + Value-added service fee (optional).
Note For more details, see Subscription billable items. | Fee = Basic service fee + Feature usage fee.
Note For more details, see Pay-as-you-go billable items. |
Use cases | Suitable for scenarios with stable, long-term business needs and a fixed budget. | Ideal for scenarios with elastic, short-term, or frequently changing business demands. |
Service regions and data centers
Security Center operates two global service centers to ensure data compliance and provide low-latency service. Data and configurations are isolated between the two centers. You can select the region matching your asset's location in the top navigation bar of the Security Center console.
Chinese mainland data center: Provides security detection and protection for assets in the Chinese Mainland region.
Singapore data center: Provides security detection and protection for assets in regions Outside Chinese Mainland.
Region | Data center | Asset locations protected |
Chinese Mainland | Chinese mainland data center |
|
Outside Chinese Mainland | Singapore data center |
|
Get started
Onboard your assets: Choose the appropriate method to onboard your assets based on your needs.
Manage your assets by type.
Configure features: Refer to Features to learn about the available features, then follow the corresponding documentation to configure them.
For a quick start, see Quickly master your ECS security posture and Quick start for threat analysis and response.
FAQ
Editions, trials, and billing
How do I choose the right Security Center edition?
The choice of edition depends on your core security needs, asset types, budget, and other factors. For more information, see Purchase Security Center.
Can I apply for the free trial more than once?
No. Each Alibaba Cloud account is eligible for only one free trial of the Enterprise Edition.
What is the difference between the Basic Edition and the Enterprise Edition Free Trial?
Characteristic
Basic Edition
Enterprise Edition Free Trial
Eligible accounts
All Alibaba Cloud accounts that have completed real-name registration.
Accounts that have not activated a trial or paid version of the Enterprise Edition.
Protection capabilities
Provides basic security capabilities permanently.
Provides temporary access to all features of the paid Enterprise Edition.
Duration
Permanent
7 days
Core capabilities
Scanning for unusual logons, cryptomining and DDoS trojans, and major vulnerabilities.
Includes all Enterprise Edition capabilities, such as virus scanning, advanced threat detection, and vulnerability remediation.
How to obtain
Activated automatically, no application required.
Each account can apply only once.
How can I get Security Center for free?
Basic Edition: Automatically activated after you complete real-name registration for your Alibaba Cloud account. For more information, see Introduction to the Basic Edition of Security Center.
Enterprise Edition Free Trial: Activate a 7-day free trial.
Core features and use cases
Does Security Center comply with international security standards?
Yes. Security Center is certified for ISO 9001, ISO 20000, ISO 22301, ISO 27001, ISO 27017, ISO 27018, ISO 29151, ISO 27701, BS 10012, CSA STAR, PCI DSS, and many other international standards.
Does Security Center support virus scanning and removal?
Yes. The Anti-virus, Advanced, Enterprise, and Ultimate editions of Security Center detect and remove common network viruses.
Can Security Center automatically quarantine infected files?
It does not support automatic quarantine, but it does support automatic blocking.
Automatic blocking: Refers to the real-time detection and prevention of malicious processes and behaviors when a virus attempts to intrude, preventing system infection. Security Center can automatically block various network viruses, including ransomware, cryptominers, and trojans.
File quarantine: This action moves an infected file to a quarantine area. Because quarantining a system or business file could cause a service interruption, an administrator must manually perform this action after assessing the risk to ensure business continuity.
In a cyberattack scenario, how does Security Center provide end-to-end security?
Security Center provides systematic detection and response capabilities by covering every stage of the attack chain:
Before an attack (assessment and hardening): It comprehensively discovers system security risks and configuration weaknesses through asset inventory, vulnerability assessments, and baseline checks. It also provides features such as one-click remediation, baseline hardening, and permission optimization to reduce the attack surface.
During an attack (detection and defense): When an attack occurs, it effectively detects and blocks various attack behaviors, such as web shells, unusual outbound connections, brute-force attacks, ransomware, and cryptomining programs.
After an incident (response and forensics): It correlates cloud-based threat intelligence with host behavior anomalies to generate alerts and trace security incidents. This helps you identify the cause of an intrusion and develop an emergency response strategy.
Asset coverage
Can Security Center be used for non-Alibaba Cloud servers, such as those in on-premises data centers or from other cloud providers?
Yes. You can install the agent on non-Alibaba Cloud servers to protect them with Security Center. The methods are as follows:
Server type
Onboarding method
Alibaba Cloud ECS instances
If you select "Security Hardening" when purchasing an ECS instance, the agent is automatically installed and the Basic Edition is activated. To install or upgrade manually, you can follow the instructions in the console after purchasing a paid edition.
Servers in data centers or from other cloud providers
Install the agent on your servers and onboard them over the internet or through a proxy by following the instructions in the console. For more information, see Onboard an IDC server to Security Center through a proxy cluster and Onboard third-party cloud assets.
My server assets are not in the Chinese mainland. Can I still use Security Center? How is my data handled?
Yes, you can. Security Center has a Singapore data center for assets located Outside Chinese Mainland. After you select the Outside Chinese Mainland region in the Security Center console, all your security data will be processed and stored in the Singapore data center. This ensures that no data is transferred across borders, in compliance with data sovereignty requirements.