Security Center displays the security operations information about your cloud assets, which can help you monitor the security of your cloud assets. The information includes the status of the cloud assets, security evaluation results, and real-time monitoring and alerting data on various security events. This topic describes how to view the security overview in the Security Center console.
Overview page
The Overview page displays the security data of cloud assets from various dimensions, including the security score, security risk overview, security operations trend, and asset information overview. Security Center also provides entry points to upgrade, renewal, and asset quota increase. This allows you to manage cloud assets in a centralized manner.
Page introduction
Log on to the Security Center console. The Overview page appears by default. You can click the Overview tab to view the security information about your cloud assets.
Section | Description |
Security Score (marked 1 in the preceding figure) | Security Score displays the security score of your assets. The security score is calculated based on the deduction items such as alerts and configuration risks. The security score ranges from 0 to 100. A higher score indicates fewer risks in your assets. The following list describes how the security score is calculated:
The security score feature utilizes cloud security big data to analyze and evaluate various security events related to your assets on Alibaba Cloud and generates a security score. This helps you quickly assess the network security status of your assets, identify potential risks, and take timely measures. To improve the security of your cloud assets, you must handle alerts at the earliest opportunity. This helps improve the security score. For more information, see Improve the security score. |
Edition overview (marked 2 in the preceding figure) | This section displays the subscription edition of your Security Center, the expiration time of your Security Center, the statistics of protected assets, and the services purchased based on the pay-as-you-go billing method. You can perform the following operations in this section: Note The data displayed on the Overview page varies based on the edition of Security Center.
|
Risk (marked 3 in the preceding figure) | This section displays the statistics of security risks that are detected on your cloud assets.
|
Security Information (marked 4 in the preceding figure) | This section displays the most recent information about vulnerabilities on the Security Information tab and Security Center announcements on the Announcement tab. |
Security Operations Trend (marked 5 in the preceding figure) | This section displays the trends of the numbers of alerts, vulnerabilities, and baseline risks within a specific time range in a column chart. This section also displays the trends of Newly Detected Risks and Handled Risks in the current day in a line chart. Risks that are ignored, handled, or added to a whitelist are considered handled risks. |
Help Center (marked 6 in the preceding figure) | This section displays the links to Security Center documentation. You can click a link to view details. |
Improve the security score
The risks of cloud assets are classified into the following levels based on the security score: High risk (below 69), Medium risk (70 to 84), At Risk (85 to 94), and Secure (95 to 100). We recommend that you handle risks and alerts at the earliest opportunity to improve the security score. This helps ensure the security of your cloud assets.
In the Security Score section, click Process Now.
In the Security Risk Handling panel, view the penalty point for each risk item. If you want to handle a risk item, you can click Process Now to the right of the risk item to go to the page on which you can view the risk item. You can handle the risk item based on the risk details or the solutions that are provided on the page.
The Security Risk panel displays the following types of risks that you must handle at the earliest opportunity:
NoteThe risks displayed in the panel vary based on the edition of Security Center because different editions support different features that are used to detect risks.
Configuration risks detected by core features: Create an anti-ransomware policy. For more information, see Anti-ransomware overview.
Unhandled alerts: Handle the alerts. For more information, see View and handle alerts.
Unfixed vulnerabilities: Fix the vulnerabilities. For more information, see View and handle vulnerabilities.
Baseline risks: Handle the baseline risks. For more information, see Baseline check.
AccessKey pair leaks: Handle the leak events on AccessKey pairs. For more information, see Detection of AccessKey pair leaks.
Configuration risks of cloud services: Handle the configuration risks of cloud services. For more information, see Overview.
Custom security score
By default, Security Center specifies a penalty point for each deduction item. You can customize the penalty points based on your business requirements.
In the upper-right corner of the Security Score section, click Custom Security Score.
In the Custom Security Score panel, specify a penalty point for each deduction item and click OK.
The security score feature supports deduction modules such as Core Feature Configurations, Unhandled Alerts, and Unfixed Vulnerabilities. The deduction threshold of each deduction module ranges from 0 to 100. The sum of the deduction thresholds of all deduction modules cannot exceed 100.
Each deduction module contains different deduction items. The penalty point of each deduction item ranges from 0 to the deduction threshold of the deduction module to which the deduction item belongs. The sum of penalty points of all deduction items in a deduction module cannot exceed the deduction threshold of the deduction module.
NoteIf you have modified the security score settings, Restore to Default Settings is displayed in the Custom Security Score panel. You can click Restore to Default Settings to restore default settings.
FAQ
How do I view the version of the virus library of Security Center?
The update time of the virus library that is displayed in the Security Center console indicates the version of the virus library. You can view the update time of the virus library on the Overview page.
Security Center dynamically updates the virus library and the characteristics of viruses in the virus library based on the analysis results of engines. The engines include lexical analysis engines, virus detection engines, machine learning engines, deep learning engines, big data-based threat detection engines, threat intelligence engines, and abnormal behavior analysis engines. We recommend that you use Security Center to scan for vulnerabilities and viruses on a regular basis to protect your servers from viruses. For more information, see Scan for vulnerabilities and Use the virus detection and removal feature.
After I install the Security Center agent on my ECS instances, will the virus library of Security Center be installed on the instances?
No, Security Center cannot automatically verify the fix of a vulnerability that requires a system restart.
Security Center does not install the virus library on your Elastic Compute Service (ECS) instances or download the virus library to your ECS instances. The virus library is stored on and is updated by Security Center. Security Center updates the virus library in real time. Security Center checks whether your ECS instances are exposed to viruses based on the virus library.
What are the priorities to handle security events that I can access in the Secure Score section?
The following table describes the priorities to handle security events that you can access in the Security Score section. A smaller number indicates a higher priority. The number 1 indicates the highest priority.
Priority | Event handling |
1 | Configure or enable core features.
|
2 | Handle AccessKey pair leaks. |
3 | Handle configuration risks in cloud services. |
4 | Handle baseline risks. |
5 | Handle alerts. |
6 | Fix vulnerabilities. |
How does the vulnerability scan level affect the security score?
If you focus only on high- and medium-level vulnerabilities and ignore low-level vulnerabilities, you can exclude the low-level vulnerabilities from the scope of the security score.
To exclude low-level vulnerabilities from the scope of the security score, perform the following operations: In the left-side navigation pane of the Security Center console, choose Risk Governance Vulnerabilities. In the upper-right corner of the Vulnerabilities page, click Settings. In the Settings panel, configure the Vulnerability Scan Level parameter. For more information, see Scan for vulnerabilities.
How does the baseline check level affect the security score?
If you focus only on high- and medium-level baseline checks and ignore low-level baseline checks, you can exclude the low-level baseline checks from the scope of the security score.
To exclude low-level baseline checks from the scope of the security score, perform the following operations: In the left-side navigation pane of the Security Center console, choose Risk Governance Baseline Check. In the upper-right corner of the Baseline Check page, click Policy Management. In the Policy Management panel, configure the Baseline Check Item Level parameter. For more information, see Baseline check.