All Products
Search
Document Center

Security Center:Purchase Security Center

Last Updated:Jun 23, 2026

Security Center protects your servers, containers, and cloud assets against viruses, intrusions, and ransomware. This topic describes how to choose an edition and billing model that fits your security requirements and budget.

Quick selection guide

Use case

Recommended solution

Core value and features

First-time use or evaluation

Experience comprehensive host security, including vulnerability management and intrusion prevention.

Hybrid cloud host security

Subscription:

  • Edition: Enterprise

  • Add-ons:Anti-ransomware, Log Analysis, CSPM,Agentic SOC

Unified security management that provides consistent protection policies and visual management for cloud and on-premises hosts, enabling centralized governance across environments.

Container security protection

Subscription:

  • Edition: Ultimate

  • Add-ons: Anti-ransomware, Log Analysis, Agentic SOC, CSPM

Full-stack protection from hosts to container runtime. Adding image scanning enables shift-left security in the CI/CD phase for lifecycle security.

Major event support

Subscription:

  • Edition: Enterprise/Ultimate

  • Add-ons:Application Protection, File Tamper-Proofing, Cloud Honeypot

Beyond comprehensive protection, provides application runtime self-protection (RASP) and tamper-proofing capabilities—critical for defending against advanced threats and ensuring core business stability.

Security incident response

Pay-as-you-go: For detailed plans, see Pay-as-you-go boarding policies and billing.

For urgent security intrusions such as servers infected with crypto-miners, viruses, or trojans, or incidents like website defacement and ransomware.

Billing methods

Security Center supports subscription and pay-as-you-go billing. Regardless of the method you choose, you have access to the features of the Free Edition.

Important

For details on Free Edition capabilities, see Introduction to the Free Edition of Security Center.

Item

Subscription

Pay-as-you-go

Payment model

Single upfront fee for a monthly or yearly term. Fixed cost simplifies budgeting.

Pay only for what you use. No upfront investment.

Fee breakdown

Fees = Edition fee + Value-added service fee (optional).

  • Edition fee: Editions such as Anti-virus,Advanced,Enterprise,Ultimate and Value-added Plan are available. Higher-tier editions include more comprehensive features.

  • Value-added service fee: You can purchase additional value-added services, such as anti-ransomware and Agentic SOC.

Note

For more information about fees, see Billing description.

Fees = Basic service fee + Feature usage fee.

  • Basic service fee: Charged when you enable any pay-as-you-go feature. It includes services such as DingTalk Robot, security reports, and Task Hub (requires purchase or activation of vulnerability fixing).

  • Feature usage fee: You are charged for the specific features you purchase and enable. Each feature can be enabled and billed separately.

Note

For more information about fees, see Billing description.

Best for

Stable, long-term workloads with a fixed budget.

Elastic scaling, short-term projects, or frequently changing demands.

Feature details

Subscription

  • Editions:. You can choose Anti-virus, Advanced, Enterprise, Ultimate. Each edition provides different integrated protection and detection capabilities.

  • Add-ons: Based on business needs, you can also purchase the following add-ons separately:Anti-ransomware, Application Protection(RASP).

Editions

Edition

Description

Cost

Basic

Only basic security detection capabilities (such as detecting abnormal server logins,DDoS, mainstream server vulnerabilities, and configuration security issues for some cloud products), with no active protection features.

Free

Anti-virus

Provides detection and removal capabilities for common host viruses.

USD 1 per core per month

Advanced

Provides host virus detection, virus removal, vulnerability detection and remediation, and security reports.

USD 9.5 per instance per month

Enterprise

Meets host security requirements in intrusion prevention, identity authentication, and security auditing.

USD 23.5 per instance per month

Ultimate

Provides full-stack security protection covering hosts, containers, and Intelligent Computing Lingjun servers, includingK8sthreat detection, a comprehensive view of container assets, security alerts, virus removal, vulnerability detection, asset fingerprinting, and attack chain analysis.

USD 23.5 per instance per month + USD 1 per core per month

Comparison of main protection capabilities across editions:

Protection capability

Basic

Anti-virus

Advanced

Enterprise

Ultimate

Partial malware and cloud product threat detection

Supported

Supported

Supported

Supported

Supported

Virus removal and host intrusion detection

Unsupported

Supported

Supported

Supported

Supported

Brute-force attack prevention

Unsupported

Unsupported

Supported

Supported

Supported

Host behavior defense

Unsupported

Supported

Note

Supports only malicious MD5 process blocking.

Supported

Supported

Supported

System vulnerability check and remediation

Unsupported

Unsupported

Supported

Supported

Supported

Malicious network behavior prevention

Unsupported

Unsupported

Unsupported

Supported

Supported

Attack tracing

Unsupported

Unsupported

Unsupported

Supported

Supported

Application vulnerability detection

Unsupported

Unsupported

Unsupported

Supported

Supported

Baseline check and remediation

Unsupported

Unsupported

Supported

Note

Supports only weak password checks.

Supported

Supported

Container security

Unsupported

Unsupported

Unsupported

Unsupported

Supported

Add-ons

Anti-ransomware

  • Description: Provides anti-ransomware backup and recovery. After a ransomware attack, you can use backup files to restore servers and databases.

  • Purchase instructions:

    • The purchase quantity determines the anti-ransomware capacity, which depends on the size of files to back up and the backup retention period, not the number of servers.

    • Supported only in specific regions. Set the protection data volume as needed. For supported regions, see Supported regions.

    • If you select Set Recommended Policy, important file paths on existing servers are automatically backed up regularly. To adjust, go to the Anti-ransomware page to modify the policy. For details, see Modify server anti-ransomware policies.

CSPM

  • Description: Provides identity permission management, automated compliance inspection, and cloud product configuration baseline detection for unified multi-cloud risk management.

  • Purchase instructions:Billed by service authorization count. Service authorization count =scan count (number of cloud products×number of asset instances×number of check items) + verification count + successful remediation count.

    Warning

    Unused quota is cleared at the end of each month. For more billing information, see Subscription - CSPM.

Agentic SOC

  • Description:

    • Agentic SOC: Supports unified log ingestion across clouds, accounts, and products (such as WAF, Cloud Firewall, and VPC). Provides closed-loop detection and response for security alerts and events, improving security operations and meeting MLPS compliance log audit requirements.

    • Security Operations Agent: An advanced intelligent add-on based on Agentic SOC. Powered by Agentic AI, it integrates Alibaba Cloud native security data and infrastructure, using autonomous perception-reasoning-execution capabilities for independent security event analysis and rapid incident response.

  • Purchase instructions:

    • Uses modular billing. Billing items vary based on purchase options. For details, see Agentic SOC - Subscription.

      • Agentic SOC: Billed by Log Ingestion Traffic and Log Storage Capacity separately. You can purchase them based on actual needs.

        Log ingestion traffic (GB/day)

        • Purpose: Used for core security operations such as real-time threat detection, attack tracing, and alert analysis. After purchase, you can use most Agentic SOC core features including threat detection and incident response.

        • Estimate capacity :

          • Estimate based on existing logs

            Daily traffic (GB) = Total log storage capacity (GB) / Log retention days (TTL).

            Example: If you have 10,000 GB of logs retained for 90 days, daily traffic is approximately 10000 / 90 ≈ 111 GB. We recommend purchasing 200 GB/day.

          • Estimate based on log generation rate (EPS)

            Daily traffic (GB) = EPS (logs per second) × 86400 × Average log size (KB) / 1024

            • EPS: Number of logs generated per second.

            • Average log size: Typically between 3 KB and 7 KB.

        Log storage capacity (GB)

        • Purpose: Used for long-term log storage for query and audit, meeting the Cybersecurity Law and MLPS 2.0 requirements that logs must be retained for at least 180 days, and supports retrospective analysis of historical events.

        • Estimate capacity:

          • Estimate by server count: We recommend configuring 120GB of log storage capacity per server.

          • Estimate based on existing capacity: Set the capacity to 3 times your current Security Center - Log Analysis purchase amount.

      • Security Operations Agent: In addition to purchasing Agentic SOC, you also need to purchase Intelligent Usage Analysis and Number of Managed Instances.

        • Intelligent Usage Analysis: Security Operations Agent Analysis usage for alert analysis, incident investigation, tracing, attribution, and security report generation. The purchase quantity cannot be auto-filled and must match Log Ingestion Traffic.

          Note

          Intelligent Usage Analysis Cleared daily. The system automatically throttles after exceeding the limit.

        • Number of Managed Instances: Security Operations Agent Supports cross-instance security operations and automated handling. Billed by managed instance count. Each invoked instance (ECS, WAF, ALB, cross-cloud products, on-premises security vendor products, etc.) counts as one.

          Note

          Cleared monthly. Each instance is counted only once with automatic deduplication.

    • If you select Access Policy, automatically connect to the current Alibaba Cloud account's Security Center, WAF, Cloud Firewall and ActionTrail log sources.

Vulnerability Fixing

  • Description: Provides one-click remediation of Linux Software Vulnerability and Windows System Vulnerability.

  • Purchase instructions: Enter the number of vulnerability remediation attempts based on monthly needs.

    Note

    The remediation count equals the total number of vulnerabilities remediated across all servers. For example, if 10 servers have the same vulnerability and you use Security Center to fix them, 10 remediation attempts are consumed.

Container Image Scan

  • Description: One-click scanning of images for system vulnerabilities, application vulnerabilities, viruses, and malicious samples, with remediation recommendations.

  • Purchase instructions:

    • Enter the scan authorization count to purchase based on monthly needs.

      Note

      scan authorization count One authorization is consumed when an image digest is first scanned. Repeated scans of the same digest do not consume additional authorizations. If the digest changes, a new authorization is required.

    • Available only when the edition is Advanced, Enterprise Edition, Ultimate Enterprise or Value-added Plan.

File Tamper-Proofing

  • Description: File tamper-proofing uses real-time monitoring to track file system activities, automatically intercept unauthorized write and delete operations, and record all access for a complete audit trail, ensuring critical file integrity.

  • Purchase instructions : Select the purchase quantity based on the number of servers to protect.

Malicious File Detection

  • Description: Detects hidden malware, web shells, viruses, and other risk files in server file systems through deep scanning.

  • Purchase instructions: Set the purchase quantity to the number of files to scan per month.

Application Protection(RASP)

  • Description: Application protection uses RASP (Runtime Application Self-Protection) technology to enable real-time attack detection and blocking.

  • Purchase instructions: We recommend setting the purchase quantity to the total number of Java processes to protect.

    Note

    Example: 2 servers × 3 Java applications each = 6 authorizations.

Cloud Honeypot

  • Description: Provides efficient threat honeypot trapping against attackers, improving detection and protection of core assets.

  • Purchase instructions: Cloud honeypots are billed by probe count. Minimum 20 probes, maximum 500.

    Note

    If you need more than 500, contact technical support for expansion.

Log Analysis

  • Description: Aggregates security logs from cloud assets, provides powerful SQL search and visual reports for event tracing, attack analysis, and compliance audit.

    Important

    If you also purchased Log Management pay-as-you-go service, Security Center logs store two copies of data. To avoid duplicate billing, go to the Security Center console to disable Log Analysis log delivery switches in the module after evaluation.

  • Purchase instructions: Per the Cybersecurity Law, logs must be stored for at least 180 days. We recommend at least 50 GB per server.

Pay-as-you-go

  • Default features: When any pay-as-you-go feature is activated, a base service fee is charged and the following features are supported by default:DingTalk Chatbot, Security Report, Playbook features.

  • Billable features: Purchase specific protection features separately. All features are independently billed and activated on demand.

Default features

  • DingTalk Chatbot: After configuring a DingTalk robot, receive real-time threat alerts in a DingTalk group.

  • Security Report: Customize security data to monitor and periodically email it to security personnel for real-time asset security monitoring.

  • Playbook: Provides automated response orchestration that turns repetitive incident response tasks into automated policies for efficient security hardening.

    Note

    You must first activate or purchase the vulnerability remediation feature.

Billable features

Host and Container Security

Important

If you have purchased Anti-virus, Advanced, Enterprise, Ultimate subscription service, you cannot activate Host and Container Security pay-as-you-go service.

  • Description: Provides comprehensive detection and protection for host and container assets. After purchase, bind assets to a protection level. Protection levels:

    Protection level

    Description

    Monthly cost (30-day reference price)

    Unprotected

    Only basic security detection capabilities (such as detecting abnormal server logins,DDoS, mainstream server vulnerabilities, and configuration security issues for some cloud products), with no active protection features.

    Free

    Antivirus

    Provides detection and removal capabilities for common host viruses.

    USD 1.5 per core per month

    Advanced

    New purchases and changes discontinued.

    USD 14.25 per core per month

    Host Protection

    Meets host security requirements in intrusion prevention, identity authentication, and security auditing.

    USD 35.25 per instance per month

    Hosts and Container Protection

    Provides full-stack security protection covering hosts, containers, and Intelligent Computing Lingjun servers, includingK8sthreat detection, a comprehensive view of container assets, security alerts, virus removal, vulnerability detection, asset fingerprinting, and attack chain analysis.

    USD 35.25 per instance per month + USD 1.5 per core per month

    Main protection capabilities for each level:

    Protection capability

    Unprotected

    Antivirus

    Host Protection

    Hosts and Container Protection

    Partial malware and cloud product threat detection

    Supported

    Supported

    Supported

    Supported

    Virus removal and host intrusion detection

    Unsupported

    Supported

    Supported

    Supported

    Brute-force attack prevention

    Unsupported

    Unsupported

    Supported

    Supported

    Host behavior defense

    Unsupported

    Supported

    Note

    Supports only malicious MD5 process blocking.

    Supported

    Supported

    Malicious network behavior prevention

    Unsupported

    Unsupported

    Supported

    Supported

    Attack tracing

    Unsupported

    Unsupported

    Supported

    Supported

    Application vulnerability detection

    Unsupported

    Unsupported

    Supported

    Supported

    Container security

    Unsupported

    Unsupported

    Unsupported

    Supported

  • Purchase instructions: must be authorized and applied to specific assets to take effect after activation. You can custom-bind assets.

    Important

    Default binding rules:

    • Server assets running container environments (Alibaba Cloud ACK nodes, Lingjun, self-managed K8s servers): Hosts and Container Protection.

    • Other assets: Host Protection.

    • Newly added servers: Host Protection.

CSPM(CSPM)

  • Description: Provides identity permission management, automated compliance inspection, and cloud product configuration baseline detection for unified multi-cloud risk management.

  • Purchase instructions:Billed by service authorization count. Service authorization count =scan count (number of cloud products×number of asset instances×number of check items) + verification count + successful remediation count.

Vulnerability Fixing

  • Description: Provides one-click remediation of Linux Software Vulnerability and Windows System Vulnerability.

  • Purchase instructions: Enter the number of vulnerability remediation attempts based on monthly needs.

    Note

    The remediation count equals the total number of vulnerabilities remediated across all servers. For example, if 10 servers have the same vulnerability and you use Security Center to fix them, 10 remediation attempts are consumed.

Agentic SOC

  • Description:

    • Agentic SOC: Supports unified log ingestion across clouds, accounts, and products (such as WAF, Cloud Firewall, and VPC). Provides closed-loop detection and response for security alerts and events, improving security operations and meeting MLPS compliance log audit requirements.

    • Security Operations Agent: An advanced intelligent add-on based on Agentic SOC. Powered by Agentic AI, it integrates Alibaba Cloud native security data and infrastructure, using autonomous perception-reasoning-execution capabilities for independent security event analysis and rapid incident response.

  • Purchase instructions:

    • Based on purchase options, billing items also differ. For billing details, see Agentic SOC - Pay-as-you-go.

      • Agentic SOC: Billed on a tiered basis for Log Ingestion Traffic. The higher the usage, the lower the unit price.

        Important

        In pay-as-you-go mode, you cannot purchase Log Storage Capacity. Therefore, you cannot store logs for queries and audits.

      • Security Operations Agent: In addition to the basic charge for Log Ingestion Traffic from Agentic SOC, you are also charged for Intelligent Usage Analysis and Number of Managed Instances.

        • Intelligent Usage Analysis: The analysis usage consumed by Security Operations Agent to analyze alerts for risk events, investigate events, perform traceability and attribution, and generate security reports.

        • Number of Managed Instances: Security Operations Agent supports security operations and automated handling across instances. Billing is based on the number of managed instances, and each invoked instance is billed. Instances can include ECS, WAF, ALB, multicloud products, and third-party security vendor products.

          Note

          Each instance is counted only once, and duplicates are automatically removed.

    • If you select Access Policy, automatically connect to the current Alibaba Cloud account's Security Center, WAF, Cloud Firewall and ActionTrail log sources.

Anti-ransomware

  • Description: Provides anti-ransomware backup and recovery. After a ransomware attack, you can use backup files to restore servers and databases.

  • Purchase instructions:

    • Billed by backup file size and storage duration. For details, see Anti-ransomware - Pay-as-you-go.

    • Supported only in specific regions. Set the protection data volume as needed. For supported regions, see Supported regions.

    • If you select Set Recommended Policy, important file paths on existing servers are automatically backed up regularly. To adjust, go to the Anti-ransomware page to modify the policy. For details, see Modify server anti-ransomware policies.

File Tamper-Proofing

  • Description: File tamper-proofing uses real-time monitoring to track file system activities, automatically intercept unauthorized write and delete operations, and record all access for a complete audit trail, ensuring critical file integrity.

  • Purchase instructions: Billed by actual protection duration (seconds) × number of protected servers. Hosts meeting these conditions are automatically counted:

    • Servers bound with block rules.

    • Servers bound with alert rules where the server edition is below Enterprise Edition or the Host Protection.

Application Protection(RASP)

  • Description: Application protection uses RASP (Runtime Application Self-Protection) technology to enable real-time attack detection and blocking.

  • Purchase instructions: After activation, you must authorize the feature for specific assets. You can custom-bind assets.

    Important

    Full protection by default with slow access mode.

Agentless Detection

  • Description: Lightweight vulnerability scanning and risk assessment without installing an agent on servers.

  • Purchase instructions: Billed by scanned data volume.

Serverless Asset Protection

  • Description: Provides intrusion detection and vulnerability scanning for Serverless assets (such as ECI). For more, see Serverless container security.

  • Purchase instructions: After activation, you must authorize the feature for specific assets. You can custom-bind assets.

    Important

    By default, all Serverless assets are enabled with Serverless Asset Protection protection.

Malicious File Detection

  • Description: Detects hidden malware, web shells, viruses, and other risk files in server file systems through deep scanning.

  • Purchase instructions: Billed by scanned file count. For details, see Malicious file detection - Pay-as-you-go.

Log Management

  • Description: Log management based on Alibaba Cloud Log Service (SLS), providing unified log audit, built-in security reports, SQL analysis for tracing, and flexible storage policies.

    Important

    If you also purchased Log Analysis subscription service, Security Center logs store two copies of data. To avoid duplicate billing, go to the Security Center console to disable Log Analysis log delivery switches in the module after evaluation.

  • Purchase instructions: Configure the log storage region.

Prerequisites

Before purchasing Security Center, complete these preparations:

  • Real-name verification: Ensure your Alibaba Cloud account has completed real-name verification. Without it, you cannot purchase services.

  • Evaluate protection needs: Estimate the number of servers to protect and your budget range in advance to choose the right edition and configuration.

Purchase procedure

Subscription

  1. Log on and go to the purchase page

    Use your Alibaba Cloud account to visit the Security Center purchase page.

  2. Select an edition

    Important

    If you have activated Host and Container Security pay-as-you-go service, you can only Value-added Plan.

    • Billing Method: Select Subscription.

    • Protection Scenario: The system automatically generates recommended editions and add-on configurations based on the selected scenario.

    • Edition: For basic protection capabilities of each edition, see Feature details - Subscription - Editions.

    • Protected Servers: Specify the total number of servers to protect. Default shows ECS and connected non-Alibaba Cloud servers.

      Note

      When the edition is Anti-virus, Value-added Plan, no need to configure this parameter.

    • Cores: Compute cores = vCPU count. Default shows total ECS and connected non-Alibaba Cloud servers.

      Note

      Only when the edition is Anti-virus, Value-added Plan, you need to configure this parameter.

  3. ConfigureProtection Quota

    Apply the purchased edition to specific servers for protection to take effect.

    • System automatic binding (default):

      The system auto-allocates authorizations to unbound servers. For unbinding or rebinding, see Bind or unbind authorization.

    • Custom binding:

      1. Click Custom Quota Binding, select the server region.

      2. In the server list, select servers to bind, and in the Edition column, select the edition. For feature details, see Editions.

        If selecting multiple servers, click Update Version below the list to uniformly bind the same edition.

      3. (Optional) Select Automatically Add New Servers to Security Center. New servers will auto-bind to the current edition to enable protection.

        Warning

        If not selected, you must manually bind. Otherwise, new servers will not receive protection. See Bind or unbind authorization.

  4. Purchase add-ons

    Based on your needs, find the add-on module and set Purchase or Not to Yes, and complete the configuration. For feature descriptions, see Feature details - Subscription - Add-ons.

  5. Confirm and pay

    Carefully read and select Security Center Terms of Service , and click Order Now to complete the payment.

  6. View purchased services

    After purchase, log on to the console. In Overview page Subscription section view current services.

Pay-as-you-go

  1. Log on and go to the purchase page

    Use your Alibaba Cloud account to visit the Security Center purchase page.

  2. Select services

    Based on your needs, find the add-on module and set Purchase or Not to Yes, and complete configuration. For feature details, see Feature details - Pay-as-you-go - Billable features.

  3. Authorization and binding logic

    For some services, you must authorize for specific assets after activation. Steps:

    • Host and Container Security: Supports custom host binding. Steps:

      Important

      If not configured, the system uses default binding rules:

      • Server assets running container environments (Alibaba Cloud ACK nodes, Lingjun, self-managed K8s servers): Hosts and Container Protection.

      • Other assets:Host Protection.

      • Newly added servers: Hosts and Container Protection.

      1. On the purchase page, click Custom Quota Binding, select the server region.

      2. In the server list, select servers to bind, and in the Protection Level column, select the protection level.

        After selecting multiple servers, click Change Protection Level to batch-modify protection levels for servers.

      3. In Automatically Add New Servers to Security Center section, set the protection level for new servers.

    • Serverless Asset Protection: Supports custom asset binding. Steps:

      Important

      If not configured, the system enables Serverless Asset Protection protection.

      1. Click Custom Quota Binding, select the region and corresponding assets.

      2. select Automatically Add New Assets. New Serverless assets auto-enable Serverless Asset Protection protection.

        Warning

        If not selected, you must manually bind. Otherwise, new Serverless assets will not receive protection. See Bind or unbind authorized assets.

    • Application Protection: Supports custom asset binding. Steps:

      Important
      • If not configured, defaults to full protection with slow access mode.

      • You can also configure after purchase in theApplication Protection > Application Configurations's Access Management as needed.

      1. Click Security Center Terms of Service, select the server region.

      2. After selecting the corresponding assets, click OK.

  4. Confirm and pay

    Carefully read and select Security Center Terms of Service, and click Order Now to complete the payment.

  5. View purchased services

    After purchase, log on to the console. In Overview page Pay-as-you-go section view current services.

Rules and limitations

Billing model restrictions

  • Subscription: Each account can purchase only one edition. You can upgrade at any time.

  • Pay-as-you-go: You can select different protection levels for different assets and purchase multiple add-ons.

  • Billing model switching: To change a billing model, first unsubscribe or disable the current service before activating another.

Feature billing restrictions

  • Feature exclusivity

    • Subscription editions (Anti-virus, Advanced, Enterprise, Ultimate) and pay-as-you-go Host and Container Security service—choose only one, not both.

    • Subscription add-ons (such as Agentic SOC) and Pay-as-you-go with the same features cannot be purchased simultaneously.

  • Cross-module flexibility

    The same account can use different billing models for different modules.

    Note

    For example, use subscription for "Vulnerability Remediation" and pay-as-you-go for "Agentic SOC".

Edition restrictions (container protection)

Container environment servers (ACK nodes, self-managed K8s, Lingjun, etc.) require specific editions for protection:

  • Subscription: Purchase Ultimate, and bind the asset to protection edition Ultimate.

  • Pay-as-you-go: Purchase Host and Container Security, and bind the asset to protection level Hosts and Container Protection.

Edition change restrictions

From September 11, 2025, Security Center no longer supports new purchases or changes to Advanced Edition for servers. Existing users are unaffected.

Unsubscription

If you no longer need Security Center services, follow the instructions below based on your billing model.

  • Subscription service

    • Unsubscribe from a single add-on

      On the Overview page, in the Subscription section, click Change > Downgrade.On the order upgrade or downgrade page, go to the Order Downgrade tab and set the Purchase or Not of the relevant service to No. For details, see Upgrade or downgrade an add-on.

      Important

      The refund amount is shown on the downgrade page. For fund flow after refund, see Refund instructions.

    • Full unsubscription

      Visit theUnsubscription management page to apply for unsubscription. For details, see Unsubscription instructions.

  • Pay-as-you-go service

    After disabling pay-as-you-go services, no more fees will be incurred. Steps:

    1. Log on to Security Center console.

    2. In the left-side navigation pane, select Overview, and go to the Overview page.

    3. In the upper-right corner, in the Pay-as-you-go section, you can:

      • Disable specific services: Toggle the switch to disable only that service's charges.

      • Disable all services at once: Click Disable All Pay-as-you-go Services in the upper-right corner to disable all pay-as-you-go features.

    Important

    After disabling pay-as-you-go services,charges incurred today are settled tomorrow. No data retention—data is immediately cleared.

    Note

    If you claimed or purchased a trial resource package,the system auto-switches to pay-as-you-go after the package is exhausted. To stop charges, disable pay-as-you-go after the package is exhausted or when no longer needed.

FAQ

Billing model questions

  • Will subscription and pay-as-you-go services be billed twice?

    No. Security Center has an anti-double-billing mechanism:

    • Single-billing principle: Each add-on supports only one billing model at a time. See Feature exclusivity.

    • Automatic switching: When purchasing subscription, if the selected Editions includes Default features that overlap with pay-as-you-go services, the system auto-disables the pay-as-you-go mode and uses the new subscription.

      Note

      Example: If you purchased vulnerability remediation pay-as-you-go and then buy Advanced Edition or above, Security Center auto-disables the pay-as-you-go mode, and no additional charges apply.

  • Can pay-as-you-go be converted to subscription?

    No. First disable the services, then refer to the subscription purchase steps for a new purchase.

  • Can subscription and pay-as-you-go be used simultaneously?

    Yes. The same account can mix both billing models based on asset importance and lifecycle.

  • Why am I charged after the trial resource package is exhausted?

    Trial packages only cover specific billing items and quotas.After exhaustion, the pay-as-you-go features continue and incur charges. To avoid unexpected charges:

  • How do I view Security Center bills?

    View cost details as follows:

    1. Log on to Billing details page.

    2. In filters, set Product Name to Security Center to view usage and costs.

    For multi-product bills, view resource package consumption on the management page. See Query resource package usage.

  • Why is the purchase page amount higher than product pricing?

    The final amount has multiple components. The base price is per server per month. Factors:

    • Number of protected assets: The final cost is multiplied by the total protected servers (ECS and non-Alibaba Cloud servers with agent).

    • Add-on options: The system may preselect add-ons like log analysis and anti-ransomware. If not needed, set capacity to0.

Free services and trial

  • How do I get free services?

  • Differences between Free Edition and Enterprise Edition free trial?

    Feature

    Free Edition

    Enterprise Edition free trial

    Applicable accounts

    All accounts with real-name verification.

    Accounts without Enterprise Edition trial or paid edition.

    Protection capability

    Provides permanent basic security capabilities.

    Short-term experience of full Enterprise Edition features.

    Duration

    Permanent.

    7 days.

    Core capabilities

    Abnormal logins, crypto-miner/DDoS trojans, mainstream vulnerability scanning, etc.

    All Enterprise Edition capabilities: virus removal, advanced threat detection, vulnerability remediation, etc.

    Acquisition limits

    Auto-activated, no application needed.

    One-time opportunity per account.

  • Can the Enterprise Edition free trial be canceled and reapplied?

    Yes. On the Overview page, click Release Trial to cancel the free trial. One-time opportunity per account; cannot reapply after canceling.

  • Are configurations retained after trial expires?

    After trial expires, configurations and data are retained for 7 days then cleared.

  • Why is there no "Free Trial" entry?

    • Reason 1: The account has already applied for the 7-day free trial.

    • Reason 2: The account has already purchased a paid edition.