All Products
Search
Document Center

Security Center:Overview

Last Updated:Dec 13, 2024

Security Center displays the security operations information about your cloud assets, which can help you monitor the security of your cloud assets. The information includes the status of the cloud assets, security evaluation results, and real-time monitoring and alerting data on various security events. This topic describes how to view the security overview in the Security Center console.

Overview page

The Overview page displays the security data of cloud assets from various dimensions, including the security score, security risk overview, security operations trend, and asset information overview. Security Center also provides entry points to upgrade, renewal, and asset quota increase. This allows you to manage cloud assets in a centralized manner.

Page introduction

Log on to the Security Center console. The Overview page appears by default. You can click the Overview tab to view the security information about your cloud assets.

image.png

Section

Description

Security Score (marked 1 in the preceding figure)

Security Score displays the security score of your assets. The security score is calculated based on the deduction items such as alerts and configuration risks. The security score ranges from 0 to 100. A higher score indicates fewer risks in your assets. The following list describes how the security score is calculated:

  • If the security score is greater than 60 after penalty points are endorsed but unhandled alerts are detected, the final score is still 60.

  • If the security score is greater than 80 after penalty points are endorsed but unhandled alerts or vulnerabilities are detected, the final score is still 80.

  • If the security score is greater than 90 after penalty points are endorsed but unhandled baseline risks are detected, the final score is still 90.

The security score feature utilizes cloud security big data to analyze and evaluate various security events related to your assets on Alibaba Cloud and generates a security score. This helps you quickly assess the network security status of your assets, identify potential risks, and take timely measures. To improve the security of your cloud assets, you must handle alerts at the earliest opportunity. This helps improve the security score. For more information, see Improve the security score.

Edition overview (marked 2 in the preceding figure)

This section displays the subscription edition of your Security Center, the expiration time of your Security Center, the statistics of protected assets, and the services purchased based on the pay-as-you-go billing method. You can perform the following operations in this section:

Note

The data displayed on the Overview page varies based on the edition of Security Center.

  • If you use Security Center Basic and your account meets specific requirements, click Try Now to start the free trial of Security Center Enterprise or Ultimate. For more information, see Apply for a 7-day free trial of Security Center.

  • If you use Security Center Basic, click Immediate purchase to purchase a paid edition of Security Center. For more information, see Purchase Security Center.

  • If you use Security Center Anti-virus, Advanced, Enterprise, or Ultimate, click Upgrade Now to upgrade the edition of Security Center, increase the number of servers that can be protected, increase the quota for cores of servers that can be protected, purchase value-added features, or increase the quotas for value-added features. For more information, see Upgrade and downgrade Security Center.

  • If you use Security Center Anti-virus, Multi-edition, Advanced, Enterprise, Ultimate, or Value-added Plan, click Renewal to renew your Security Center before it expires. For more information, see Renew the subscription to Security Center.

  • If you purchase the Security Center quotas in partial protection mode, click Manage in the Remaining Quota area to bind your quotas to a specified server. For more information, see Manage quotas.

  • Click Install Now below Unprotected Assets to install the Security Center agent on the unprotected assets. For more information, see Install the Security Center agent.

  • If the Remaining Anti-ransomware Capacity or Remaining Log Storage Capacity is less than 10%, click Upgrade to purchase additional anti-ransomware capacity or log storage capacity.

Risk (marked 3 in the preceding figure)

This section displays the statistics of security risks that are detected on your cloud assets.

  • Unhandled Alerts: the total number of unhandled alerts on your assets and the numbers of alerts at different risk levels.

    You can click the number below Unhandled Alerts to view and handle alerts. For more information, see View and handle alerts.

  • Unfixed Vulnerabilities: the total number of unfixed vulnerabilities that are detected on your assets.

    You can click the number below Unfixed Vulnerabilities to view and handle vulnerabilities. For more information, see Overview.

  • Baseline Risks: the total number of baseline risks that are detected on your assets.

    You can click the number below Baseline Risks to view and handle baseline risks. For more information, see View baseline check results and handle baseline risks.

  • Cloud Security Posture Management: the number of risks in the configurations of your cloud services.

    You can click the number below Cloud Security Posture Management to view and handle the detected risks in the configurations of your cloud services. For more information, see Overview.

  • AccessKey Leak Detection: the total number of unhandled AccessKey pair leaks in your assets.

    You can click the number below AccessKey Leak Detection to view and handle AccessKey pair leaks. For more information, see Detection of AccessKey pair leaks.

  • Container Image Scan: the total number of unhandled vulnerabilities in your images.

    You can click the number below Container Image Scan to view and handle the vulnerabilities in your images. For more information, see Scan images.

  • Web Tamper Proofing: the total number of tampered web pages in your assets.

    You can click the number below Web Tamper Proofing to view and handle the tampering risks. For more information, see Web tamper proofing.

Security Information (marked 4 in the preceding figure)

This section displays the most recent information about vulnerabilities on the Security Information tab and Security Center announcements on the Announcement tab.

Security Operations Trend (marked 5 in the preceding figure)

This section displays the trends of the numbers of alerts, vulnerabilities, and baseline risks within a specific time range in a column chart.

This section also displays the trends of Newly Detected Risks and Handled Risks in the current day in a line chart. Risks that are ignored, handled, or added to a whitelist are considered handled risks.

Help Center (marked 6 in the preceding figure)

This section displays the links to Security Center documentation. You can click a link to view details.

Improve the security score

The risks of cloud assets are classified into the following levels based on the security score: High risk (below 69), Medium risk (70 to 84), At Risk (85 to 94), and Secure (95 to 100). We recommend that you handle risks and alerts at the earliest opportunity to improve the security score. This helps ensure the security of your cloud assets.

  1. In the Security Score section, click Process Now.

    image.png

  2. In the Security Risk Handling panel, view the penalty point for each risk item. If you want to handle a risk item, you can click Process Now to the right of the risk item to go to the page on which you can view the risk item. You can handle the risk item based on the risk details or the solutions that are provided on the page.

    The Security Risk panel displays the following types of risks that you must handle at the earliest opportunity:

    Note

    The risks displayed in the panel vary based on the edition of Security Center because different editions support different features that are used to detect risks.

    • Configuration risks detected by core features: Create an anti-ransomware policy. For more information, see Anti-ransomware overview.

    • Unhandled alerts: Handle the alerts. For more information, see View and handle alerts.

    • Unfixed vulnerabilities: Fix the vulnerabilities. For more information, see View and handle vulnerabilities.

    • Baseline risks: Handle the baseline risks. For more information, see Baseline check.

    • AccessKey pair leaks: Handle the leak events on AccessKey pairs. For more information, see Detection of AccessKey pair leaks.

    • Configuration risks of cloud services: Handle the configuration risks of cloud services. For more information, see Overview.

Custom security score

By default, Security Center specifies a penalty point for each deduction item. You can customize the penalty points based on your business requirements.

  1. In the upper-right corner of the Security Score section, click Custom Security Score.

  2. In the Custom Security Score panel, specify a penalty point for each deduction item and click OK.

    • The security score feature supports deduction modules such as Core Feature Configurations, Unhandled Alerts, and Unfixed Vulnerabilities. The deduction threshold of each deduction module ranges from 0 to 100. The sum of the deduction thresholds of all deduction modules cannot exceed 100.

    • Each deduction module contains different deduction items. The penalty point of each deduction item ranges from 0 to the deduction threshold of the deduction module to which the deduction item belongs. The sum of penalty points of all deduction items in a deduction module cannot exceed the deduction threshold of the deduction module.

    Note

    If you have modified the security score settings, Restore to Default Settings is displayed in the Custom Security Score panel. You can click Restore to Default Settings to restore default settings.

    image.png

FAQ

How do I view the version of the virus library of Security Center?

The update time of the virus library that is displayed in the Security Center console indicates the version of the virus library. You can view the update time of the virus library on the Overview page.

image.png

Security Center dynamically updates the virus library and the characteristics of viruses in the virus library based on the analysis results of engines. The engines include lexical analysis engines, virus detection engines, machine learning engines, deep learning engines, big data-based threat detection engines, threat intelligence engines, and abnormal behavior analysis engines. We recommend that you use Security Center to scan for vulnerabilities and viruses on a regular basis to protect your servers from viruses. For more information, see Scan for vulnerabilities and Use the virus detection and removal feature.

After I install the Security Center agent on my ECS instances, will the virus library of Security Center be installed on the instances?

No, Security Center cannot automatically verify the fix of a vulnerability that requires a system restart.

Security Center does not install the virus library on your Elastic Compute Service (ECS) instances or download the virus library to your ECS instances. The virus library is stored on and is updated by Security Center. Security Center updates the virus library in real time. Security Center checks whether your ECS instances are exposed to viruses based on the virus library.

What are the priorities to handle security events that I can access in the Secure Score section?

The following table describes the priorities to handle security events that you can access in the Security Score section. A smaller number indicates a higher priority. The number 1 indicates the highest priority.

Priority

Event handling

1

Configure or enable core features.

  • Enable web tamper proofing.

  • Configure rules to protect against brute-force attacks.

  • Authorize quick installation of the Security Center agent.

  • Grant Security Center the permissions to run configuration checks on cloud services.

  • Enable log analysis.

  • Enable malicious host behavior defense.

  • Create an anti-ransomware policy.

  • Enable periodic virus detection.

  • Specify the container images that can be scanned.

  • Enable Kubernetes threat detection.

2

Handle AccessKey pair leaks.

3

Handle configuration risks in cloud services.

4

Handle baseline risks.

5

Handle alerts.

6

Fix vulnerabilities.

How does the vulnerability scan level affect the security score?

If you focus only on high- and medium-level vulnerabilities and ignore low-level vulnerabilities, you can exclude the low-level vulnerabilities from the scope of the security score.

To exclude low-level vulnerabilities from the scope of the security score, perform the following operations: In the left-side navigation pane of the Security Center console, choose Risk Governance Vulnerabilities. In the upper-right corner of the Vulnerabilities page, click Settings. In the Settings panel, configure the Vulnerability Scan Level parameter. For more information, see Scan for vulnerabilities.

How does the baseline check level affect the security score?

If you focus only on high- and medium-level baseline checks and ignore low-level baseline checks, you can exclude the low-level baseline checks from the scope of the security score.

To exclude low-level baseline checks from the scope of the security score, perform the following operations: In the left-side navigation pane of the Security Center console, choose Risk Governance Baseline Check. In the upper-right corner of the Baseline Check page, click Policy Management. In the Policy Management panel, configure the Baseline Check Item Level parameter. For more information, see Baseline check.