All Products
Search
Document Center

Security Center:What is Security Center?

Last Updated:Dec 10, 2024

Alibaba Cloud Security Center is a multifunctional security service that leverages cloud-native technology, years of cloud security and defense experience, and cutting-edge technology. Security Center provides various features such as cloud asset management, baseline check, proactive defense, security hardening, configuration assessment, and security status visualization.

Security Center uses cloud logs, analysis models, and superior computing power to monitor the security posture in the cloud. Security Center efficiently detects and blocks risks such as viruses, attacks, encryption ransomware, vulnerability exploits, AccessKey pair leaks, and mining. In the form of an end-to-end and automated operations system, Security Center protects workloads on hosts, containers, and virtual machines that are deployed on hybrid clouds. Security Center helps you meet regulatory and compliance requirements.

Architecture

Security Center provides a complete security operations system in the cloud to protect cloud services of multiple types, including computing, networking, storage, database, big data, large model, and identity authentication.

Security Center can detect risks in real time such as configuration risks, compliance risks, vulnerabilities, AccessKey pair leaks, and identity and permission management risks. Security Center can also defend against malicious behavior such as ransomware, mining viruses, trojans, and webshells, and attacks such as web page tampering. Security Center can aggregate and analyze logs and alerts across cloud platforms, cloud accounts, and cloud services to generate reports of security events. Security Center can allow you to enable Security Orchestration Automation Response (SOAR) to handle threat sources in collaboration with related Alibaba Cloud services. The handling operation includes blocking and quarantine. This helps accelerate the handling of security events.

Asset management

Security Center provides centralized asset management that improves the visibility of cloud assets across full-stack cloud services. This helps you identify and manage security risks, and improves the efficiency of responding to security events.

Security Center supports Alibaba Cloud assets and assets deployed on third-party cloud platforms. Alibaba Cloud assets include assets of services such as Elastic Compute Service (ECS), Container Service for Kubernetes (ACK), Object Storage Service (OSS), Elastic Container Instance, and Resource Access Management (RAM), applications, and websites. Third-party cloud platforms include Huawei Cloud, Tencent Cloud, and Amazon Web Services (AWS). This allows you to manage security across cloud platforms in a centralized manner and protect multiple types of cloud resources in a comprehensive manner.

Risk management

Security Center provides comprehensive risk management to help you detect security risks and compliance risks before issues occur, and provides automated fixing capabilities to improve the overall security and prevent exceptions. Security Center can detect the following risks:

  • Vulnerabilities: including operating system vulnerabilities detected on hosts and application vulnerabilities such as the Log4j vulnerability detected in websites and applications.

  • Internet exposure risks of cloud services: including vulnerabilities and weak passwords that are exposed to the Internet.

  • Configuration risks of cloud services: For example, the access control list (ACL) of an OSS bucket is public read.

  • AccessKey pair leaks: For example, an AccessKey pair is leaked to GitHub.

Defense, detection, and response

Security Center provides the default defense capability for hosts and containers and aggregates and analyzes alerts from security services such as Web Application Firewall (WAF) and Cloud Firewall, and from logs of cloud services to detect global security events, generate complete attack chains, and perform automated response to security events by using SOAR.

Investigation, tracing, and reinforcement

The security AI model is integrated into Security Center to automatically analyze alerts. This helps you trace alerts and security events. You can refer to the risk fixing suggestions provided by Security Center to strengthen the security of the cloud environment, implement closed-loop security operations, and continuously improve the efficiency of operations.

image

Benefits

  • Centralized security management

    Security Center protects servers, containers, and cloud services that are deployed on Alibaba Cloud, data centers, and other cloud platforms in a centralized manner.

  • Comprehensive detection of attacks

    Security Center provides more than 250 threat detection models and 8 protection engines to identify threats to your assets in a comprehensive manner. This way, you can handle risks at the earliest opportunity.

  • Stability and reliability

    Security Center uses the Security Center agent installed on your server to detect threats. You can handle the detected threats on the server. This process consumes only a small number of resources on your server. Security Center can protect millions of servers. If you enable the low consumption mode for the Security Center agent, the agent consumes up to 10% of an individual CPU core. Normal workloads are not affected.

  • Cloud-native security operations

    Security Center provides multiple features such as host security, container security, serverless asset protection, vulnerability management, configuration assessment, baseline check, and threat analysis and response. The security model is integrated into Security Center to help you establish closed-loop security operations.

Scenarios

Classified protection compliance

Description

Security Center helps enterprises pass the classified protection compliance check and meet industrial regulatory requirements. It also helps enterprises clarify their security goals, systemically construct secure information systems, and reduce security risks and the possibility of being attacked. Security Center ensures the security of information systems and improves the confidence of customers, partners, and stakeholders. To meet the requirements of specific check items in the classified protection compliance check, you must use a suitable product to implement security measures.

MLPS 2.0

Level 2 in Multi-Level Protection Scheme (MLPS) 2.0 outlines requirements for server security based on intrusion prevention, identity authentication, and security audit performance. Security Center can perform baseline checks for more than 15 MLPS 2.0 Level 2 requirements and fix the baseline risks that are detected. This helps your servers meet the compliance assessment requirements. For important websites that require special security assurance, you can use Security Center to harden the website security to prevent attacks and tampering.

Recommended editions

Enterprise and Ultimate

image

Protection for servers in hybrid clouds

Description

To handle various security threats in the cloud, different platforms provide different security capabilities for business in hybrid clouds. This makes business systems vulnerable to attacks. The process of monitoring and managing the security status of different types of servers at the same time is difficult. In hybrid-cloud scenarios, the following issues can occur: system bottleneck issues, high O&M difficulties, and security risks.

Protection solutions for servers in hybrid clouds and multi-cloud environments

Security Center can protect servers that are deployed on Alibaba Cloud, data centers, and third-party clouds. You can use Security Center to protect all types of servers and carry out centralized O&M in the Security Center console. This helps reduce the costs of security management and improve the overall system security. Security Center provides features such as virus detection and removal, vulnerability scan, and anti-ransomware for protection.

Recommended editions

Enterprise, Ultimate, and Advanced

Container protection

Description

An increasing number of enterprises are deploying cloud-based containerized solutions, but attacks are also evolving to target containers. Containers are vulnerable during the building stage, deployment stage, and running stage, and attacks on containers can disrupt your business. Enterprises that use the container architecture must focus on container security and choose suitable products to harden the security of the containers and ensure the stable running of the business.

Protection solutions for containers

Security Center protects containers throughout their lifecycle based on the Alibaba Cloud Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) framework. Security Center uses the cloud-native technology to deliver a full suite of security capabilities for containers and provide comprehensive support for enterprises to deploy containerized solutions in the cloud.

Recommended editions

Enterprise and Ultimate

image

Supported regions

Security Center supports the Hangzhou and Singapore service centers, which separately correspond to the China and Outside China data management centers. In the Hangzhou service center, Security Center provides protection capabilities for assets that are deployed in the regions covered by the China data management center. In the Singapore service center, Security Center provides protection capabilities for assets that are deployed in the regions covered by the Outside China data management center. The assets and security risks displayed in the Security Center console vary based on the data management center. Before you use a feature in the Security Center console, you must select a data management center based on the region where your assets reside.

regionbar

The following table describes supported regions for each data management center.

Data management center

Region

China

  • China (Qingdao), China (Beijing), China (Zhangjiakou), China (Hohhot), and China (Ulanqab)

  • China (Shenzhen), China (Heyuan), and China (Guangzhou)

  • China (Hangzhou), China (Shanghai), and China (Nanjing)

  • China (Chengdu)

  • China (Hong Kong)

Outside China

  • Japan (Tokyo), South Korea (Seoul), Singapore, Malaysia (Kuala Lumpur), Indonesia (Jakarta), Philippines (Manila), Thailand (Bangkok)

  • Germany (Frankfurt), UK (London), US (Virginia), and US (Silicon Valley)

  • SAU (Riyadh - Partner Region) and UAE (Dubai)

Editions

Edition

Description

Basic edition

Security Center Basic provides basic security hardening capabilities free of charge. You can use the capabilities to detect unusual logons to your servers, DDoS attacks, common vulnerabilities on your servers, and configuration risks of cloud services.

Anti-virus edition

Security Center Anti-virus provides features such as detection and removal of common viruses.

Advanced edition

Security Center Advanced provides features such as virus detection and removal, vulnerability detection and fixing, and security reports.

Enterprise edition

Security Center Enterprise provides comprehensive security features such as virus detection and removal, vulnerability detection and fixing, baseline check, asset fingerprints, and attack analysis. The features help your servers meet the requirements of classified protection.

Ultimate edition

Security Center Ultimate provides security features for servers and container assets. The features include container image scan, threat detection on Kubernetes containers, container asset overview, alerting, virus detection and removal, vulnerability detection and fixing, baseline check, asset fingerprints, and attack analysis.

Compliance certifications

Security Center complies with the standards of ISO 9001, ISO 20000, ISO 22301, ISO 27001, ISO 27017, ISO 27018, ISO 29151, ISO 27701, and BS 10012. It also obtains the Security, Trust, Assurance and Risk (STAR) certificate from Cloud Security Alliance (CSA) and complies with Payment Card Industry Data Security Standard (PCI DSS).

References