Overview - Security Center - Alibaba Cloud Documentation Center

Security Center displays the security operations information about your cloud assets, which can help you monitor the security of your cloud assets. The information includes the status of the cloud assets, security evaluation results, and real-time monitoring and alerting data on various security events. This topic describes how to view the security overview in the Security Center console.

Overview page

The Overview page displays the security data of cloud assets from various dimensions, including the security score, security risk overview, security operations trend, and asset information overview. Security Center also provides entry points to upgrade, renewal, and asset quota increase. This allows you to manage cloud assets in a centralized manner.

Page introduction

Log on to the Security Center console . The Overview page appears by default. You can click the Overview tab to view the security information about your cloud assets.

Section	Description
Secure Score (marked 1 in the preceding figure)	Secure score displays the security score of your assets. The security score is calculated based on the deduction items such as alerts and configuration risks. The security score ranges from 0 to 100. A higher score indicates fewer risks in your assets. The following list describes how the security score is calculated: If the security score is greater than 60 after penalty points are endorsed but unhandled alerts are detected, the final score is still 60. If the security score is greater than 80 after penalty points are endorsed but unhandled alerts or vulnerabilities are detected, the final score is still 80. If the security score is greater than 90 after penalty points are endorsed but unhandled baseline risks are detected, the final score is still 90. To improve the security of your cloud assets, you must handle alerts at the earliest opportunity. This helps improve the security score. For more information, see Improve the security score.
Edition overview (marked 2 in the preceding figure)	This section displays the edition of your Security Center, the expiration time of your Security Center, and the statistics of protected assets. You can perform the following operations in this section: Note The data displayed on the Overview page varies based on the edition of Security Center. If you use Security Center Basic and meet specific requirements, click Try Now to start the free trial of Security Center Enterprise or Ultimate. For more information, see Apply for a 7-day free trial of Security Center. If you use Security Center Basic, click Immediate purchase to purchase a paid edition of Security Center. For more information, see Purchase Security Center. If you use Security Center Anti-virus, Advanced, Enterprise, or Ultimate, click Upgrade Now to upgrade the edition of Security Center, increase the number of servers that can be protected, increase the quota for cores of servers that can be protected, purchase value-added features, or increase the quotas for value-added features. For more information, see Upgrade and downgrade Security Center. If you use Security Center Anti-virus, Multi-edition, Advanced, Enterprise, Ultimate, or Value-added Plan, click Renewal to renew your Security Center before it expires. For more information, see Renew the subscription to Security Center. Click Install now below Unprotected assets (ECS) to install the Security Center agent on the unprotected assets. For more information, see Install the Security Center agent. If the Remaining Anti-ransomware Capacity or Remaining Log Storage Capacity is less than 10%, click Expand to purchase additional anti-ransomware capacity or log storage capacity.
Security risk (marked 3 in the preceding figure)	This section displays the statistics of security risks that are detected on your cloud assets. Unhandled Alerts: the total number of unhandled alerts on your assets and the numbers of alerts at different risk levels. You can click the number below Unhandled Alerts to view and handle alerts. For more information, see View and handle alert events. Unfixed Vul: the total number of unfixed vulnerabilities that are detected on your assets. You can click the number below Unfixed Vul to view and handle vulnerabilities. For more information, see Vulnerability fixes. Baseline Risks: the total number of baseline risks that are detected on your assets. You can click the number below Baseline Risks to view and handle baseline risks. For more information, see View baseline check results and handle baseline risks. Cloud Platform Configuration Assessment: the number of risks in the configurations of your cloud services. You can click the number below Config Assessment to view and handle the detected risks in the configurations of your cloud services. For more information, see Configuration assessment. AccessKey Leak Detection: the total number of unhandled AccessKey pair leaks in your assets. You can click the number below AccessKey Leak Detection to view and handle AccessKey pair leaks. For more information, see Detection of AccessKey pair leaks. Image security scan: the total number of unhandled vulnerabilities in your images. You can click the number below Image security scan to view and handle the vulnerabilities in your images. For more information, see Scan images. Tamper Protection: the total number of tampered web pages in your assets. You can click the number below Tamper Protection to view and handle the tampering risks. For more information, see Web tamper proofing.
Security Information (marked 4 in the preceding figure)	This section displays the latest information about vulnerabilities.
Security Operations Trend (marked 5 in the preceding figure)	This section displays the trends of the numbers of alerts, vulnerabilities, and baseline risks within a specific time range in a column chart. This section also displays the trends of Newly Detected Risks and Handled Risks in the current day in a line chart. Risks that are ignored, handled, or added to a whitelist are considered handled risks.
Help Center (marked 6 in the preceding figure)	This section displays the links to Security Center documentation. You can click a link to view details.

Improve the security score

The risks of cloud assets are classified into the following levels based on the security score: High risk (below 69), Medium risk (70 to 84), Risks (85 to 94), and Security (95 to 100). We recommend that you handle risks and alerts at the earliest opportunity to improve the security score. This helps ensure the security of your cloud assets.

In the Secure Score section, click Process Now.
In the Security Risk panel, view the penalty point for each risk item. If you want to handle a risk item, you can click Process Now to the right of the risk item to go to the page on which you can view the risk item. You can handle the risk item based on the risk details or the solutions that are provided on the page.
The Security Risk panel displays the following types of risks that you must handle at the earliest opportunity:
Note
The risks displayed in the panel vary based on the edition of Security Center because different editions support different features that are used to detect risks.
- Configuration risks of core features: Create an anti-ransomware policy. For more information, see Anti-ransomware overview.
- Unhandled alert events: Handle the alert events. For more information, see View and handle alert events.
- Unfixed vulnerabilities: Fix the vulnerabilities. For more information, see View and handle vulnerabilities.
- Baseline risks: Handle the baseline risks. For more information, see Baseline check.
- AccessKey pair leaks: Handle the leak events on AccessKey pairs. For more information, see Detection of AccessKey pair leaks.
- Configuration risks of cloud services: Handle the configuration risks of cloud services. For more information, see Configuration assessment.

Custom security score

By default, Security Center specifies a penalty point for each deduction item. You can customize the penalty points based on your business requirements.

In the upper-right corner of the Secure Score section, click Custom Security Score.
In the Custom Security Score panel, specify a penalty point for each deduction item and click OK.
- The security score feature supports deduction modules such as Key function configure, Unhandled Alerts, and Unfixed Vul. The deduction threshold of each deduction module ranges from 0 to 100. The sum of the deduction thresholds of all deduction modules cannot exceed 100.
- Each deduction module contains different deduction items. The penalty point of each deduction item ranges from 0 to the deduction threshold of the deduction module to which the deduction item belongs.
Note
If you have modified the security score settings, Restore to Default Settings is displayed in the Custom Security Score panel. You can click Restore to Default Settings to restore default settings.

FAQ

How do I view the version of the virus library of Security Center?

The update time of the virus library that is displayed in the Security Center console indicates the version of the virus library. You can view the update time of the virus library on the Overview page.

Security Center dynamically updates the virus library and the characteristics of viruses in the virus library based on the analysis results of engines. The engines include lexical analysis engines, virus detection engines, machine learning engines, deep learning engines, big data-based threat detection engines, threat intelligence engines, and abnormal behavior analysis engines. We recommend that you use Security Center to scan for vulnerabilities and viruses on a regular basis to protect your servers from viruses. For more information, see Scan for vulnerabilities and Use the virus detection and removal feature.

After I install the Security Center agent on my ECS instances, will the virus library of Security Center be installed on the instances?

No,

Security Center does not install the virus library on your Elastic Compute Service (ECS) instances or download the virus library to your ECS instances. The virus library is stored on and is updated by Security Center. Security Center updates the virus library in real time. Security Center checks whether your ECS instances are exposed to viruses based on the virus library.

What are the priorities to handle security events that I can access in the Secure Score section?

The following table describes the priorities to handle security events that you can access in the Security Score section. A smaller number indicates a higher priority. The number 1 indicates the highest priority.

Priority	Event handling
1	Configure or enable core features. Enable web tamper proofing. Configure rules to protect against brute-force attacks. Authorize quick installation of the Security Center agent. Grant Security Center the permissions to run configuration checks on cloud services. Enable log analysis. Enable malicious behavior defense. Create an anti-ransomware policy. Enable periodic virus detection. Specify the container images that can be scanned. Enable Kubernetes threat detection.
2	Handle AccessKey pair leaks.
3	Handle configuration risks in cloud services.
4	Handle baseline risks.
5	Handle security alerts.
6	Fix vulnerabilities.

How does the vulnerability scan level affect the security score?

If you focus only on high- and medium-level vulnerabilities and ignore low-level vulnerabilities, you can exclude the low-level vulnerabilities from the scope of the security score.

To exclude low-level vulnerabilities from the scope of the security score, perform the following operations: Choose Risk Management > Vulnerabilities in the Security Center console. In the upper-right corner of the Vulnerability page, click Settings. In the Settings panel, configure the Vul scan level parameter. For more information, see Scan for vulnerabilities.

How does the baseline check level affect the security score?

If you focus only on high- and medium-level baseline checks and ignore low-level baseline checks, you can exclude the low-level baseline checks from the scope of the security score.

To exclude low-level baseline checks from the scope of the security score, perform the following operations: Choose Risk Management > Baseline Check in the Security Center console. In the upper-right corner of the Baseline Check page, click Manage Policies. In the Manage Policies panel, configure the Baseline level parameter. For more information, see Baseline check.