Server Guard is a host security software system. It provides functions such as host vulnerability detection, baseline check, virus scan and removal, and unified asset management.
- Unified Security Management
Allows you to manage the security status of all hosts in the console.
- Low Resource Consumption
Server Guard typically only consumes 1% of the CPU time and less than 50 MB memory.
- Real-time Security Monitoring
Automatically scans the asset security status to detect asset changes, vulnerabilities, and intrusions.
- Quick Event Handling
Detects security issues, quickly fixes vulnerabilities, and quarantines viruses to protect your assets.
Detect and Fix Host Vulnerabilities
Comprehensive vulnerability management largely reduces the security risks on your assets.
CVE Vulnerabilities in System Software
Detects and reports vulnerabilities that are listed in Common Vulnerabilities and Exposures (CVE) on your server, for example, SSH, OpenSSL, and MySQL.
Windows System Vulnerabilities
Sends you Microsoft patches for critical vulnerabilities on your server, for example, the SMB RCE vulnerability. Manual operations are required to update the security system and fix low-risk vulnerabilities.
Web CMS Vulnerabilities
Detects web CMS vulnerabilities by scanning directories and files based on Alibaba Cloud security information, and provides patches developed by Alibaba Cloud Security. Fixes vulnerabilities in software such as WordPress and Discuz!.
Other Critical Vulnerabilities
Detects vulnerabilities in the software configurations and components, including vulnerabilities that cannot be detected by checking the version information or files, for example, the Redis unauthorized access vulnerability.
Configuration Baseline Check
Checks all security configurations to enable targeted protection.
Suspicious Account Detection
Detects and reports hidden accounts and cloned accounts that are created by attackers on your servers.
Weak Password Detection
Detects weak passwords of servers such as SSH and RDP, based on common weak password dictionaries.
Configuration Risk Detection
Checks whether the logon configurations, process configurations, and registry configurations on your servers comply with the security standards of servers in an enterprise.
Attacker Intrusion Detection (Cloud Virus Removal Included)
Alerts you about attacker intrusions in real time, enabling a quick response to security events.
Unusual Logon Alerts
Audits all logons and alerts you about unusual logons. You can set the usual logon locations.
Brute-force Attack Prevention
Detects brute-force attacks and reports to Alibaba Cloud to prevent password cracking.
Webshell Detection and Removal
Provides an Alibaba engine for detecting and removing webshells such as PHP webshells and JSP webshells, both on-premises and in the cloud. Supports both regular and real-time webshell detection and removal.
Suspicious Host Detection
Detects and alerts you about reverse shells, DDoS attacks on other hosts, mining processes, botnets used for CC attacks, and downloads from malicious sources.
Cloud Virus Removal
Integrates major cloud virus removal engines from developers across the globe and Alibaba-developed sandboxes. Detects malicious processes and viruses and allows you to quickly quarantine them.
Host Port/Process/Account Management
Manages processes, ports, and accounts in the cloud, and detects unusual changes on your assets.
Asset Data Collection
Regularly records process data on your servers, such as listener ports and created accounts, and manages the data in a unified manner.
Process Change Audit
Audits changes in the process data to detect unusual activities on your assets.
Real-time Retrieval of All Host Logs
Manages all host logs and allows you to locate security issues.
Unified Data Management
Manages all host data, such as network connections, logon history, accounts, listener ports, and all process data.
Fast Data Retrieval
Allows you to use Boolean search to identify the causes of security events on your hosts. Displays the search result within seconds.
- Unified Security Management
- Emergency Vulnerability Response
- Defense In Depth
Unified Security Management
Manage Server Guard on Different Platforms in One Console
As more applications have been migrated to the cloud, asset security requires a unified management system. The security statuses of ECS instances must be visualized and managed, in order to lower the security risks and management costs.
Compatible with multiple operating systems, including Windows, Linux, Ubuntu, and Debian.
Compatible with multiple platforms, such as Alibaba Cloud and private clouds (such as financial cloud solutions), and external servers.
Allows you to manage Server Guard that is deployed in different environments and regions in the same console.
Integrations and Configurations
Emergency Vulnerability Response
Quickly Identifies and Fixes Critical Vulnerabilities
Once a zero-day vulnerability is exposed on your system, to prevent security issues, you must locate and fix the vulnerability before attackers launch attacks on your servers.
Uses threat information that has been collected by Alibaba Cloud and quickly pushes the vulnerability data.
After vulnerability inspection plans have been imported into Server Guard, you can obtain the inspection results within 24 hours.
Provides fixes for all vulnerabilities and allows you to quickly fix specific vulnerabilities.
Related Products and Services
Defense In Depth
Deploy Server Guard on Hosts
Host security is an important part in a defense-in-depth security system. For example, malicious traffic may not pass through your network boundaries, which are protected by network security systems. Attacks may be initiated from inside the corporate network or through VPN connections. Such attacks within the boundaries of your networks are not captured. Therefore, you need to implement protection at host level.
Intranet Attack Detection
Detects and alerts you on attacks and intrusions between intranet servers.
Attack Prevention Using Network Security Devices
Blocks attack sources in real time using network security devices.
Allows you to quickly quarantine suspicious files and prevent unusual activities on your hosts.