Community

Blog Events Webinars Tutorials Forum
  1. Blog
  2. Events
  3. Webinars
  4. Tutorials
  5. Forum
Create Account
×
Community Blog Friday Blog - Week 20 - Security Center: What Is It And Why Should You Care?

Friday Blog - Week 20 - Security Center: What Is It And Why Should You Care?

Learn when and where you should use Alibaba Cloud's security center, and what it'll cost you!

By Jeremy Pedersen

Hey guys! Welcome back for the 20th installment in our weekly blog series. Last week we took a look at how to choose the right ECS instance type. This week, let's dive into a less-well-known Alibaba Cloud service: Security Center.

What is Security Center?

Security Center is Alibaba Cloud's host-level security protection service. Security Center can:

  1. Protect against ransomware.
  2. Scan for viruses.
  3. Provide website tamper-proofing.
  4. Scan Docker container images for vulnerabilities.
  5. Check your ECS instances and other Alibaba Cloud resources for compliance with a set of security policies you define.

And a couple other things, besides!

Before Alibaba Cloud created Security Center, some of this functionality was offered by other products, which have now been combined into Security center. In particular, Server Guard provided host-level antivirus and tamper-proofing protections, and Threat Detection Service (TDS) handled compliance checking and vulnerability detection.

Security Center "Editions"

The most confusing aspect of Security Center for new users is the number of different versions (editions) offered. There are five different Editions as I write this in mid-2021:

  1. Basic
  2. Anti-virus
  3. Advanced
  4. Enterprise
  5. Ultimate

Basic is included in all Alibaba Cloud accounts by default. Have you ever noticed the little checkbox that says Security Hardening when you're purchasing an ECS instance? Ticking that box enables Security Center to install the Server Guard security agent on the ECS instance.

Basic Edition can warn you about brute-force login attempts, DDoS attacks (warn only, not prevent!) and common vulnerabilities and misconfigurations.

What exactly is included in each of the other editions (Anti-virus, Advanced, Enterprise, and Ultimate) depends on what add-ons you choose when buying or upgrading Security Center.

The following chart gives you a (rough) idea of how to choose between different editions:

choosing_security_center

You can get a more complete idea of what's offered in each edition here, though I've done my best to summarize it in this table (Value-added indicates a feature which incurs additional costs):

features_table

How much is it going to cost me?

Take a look at this table, borrowed directly from the official documentation. It should give you an idea:

price_table

You can also find this (and other notes on pricing) in the official Security Center documentation.

Note that some things are billed per server while others are billed per core (meaning per vCPU core). Pay close attention to which is which when buying or upgrading!

Who should use this tool?

If you've got ECS instances running on Alibaba Cloud, you should definitely be using Security Center.

Even if you only make use of the free Basic Edition, you'll still benefit from timely, helpful reminders to install basic patches and updates.

If you later decide you need more protection, no problem! One of Security Center's paid Editions has you covered. In particular, "Anti-virus Edition" covers 80% of what most users need. You only really need to start thinking about Advanced, Enterprise, or Ultimate when you've got more serious security needs.

Which regions can I use it in?

If you take a close look at the Security Center console, you'll see that 3 regions seem to be available: "International", Singapore, and Malaysia. What does this mean?

  1. International - Security Center's "International" region actually covers all regions except Singapore and Malaysia (meaning Mainland China is included). When looking at vulnerability scan results or Asset Fingerprint data, you'll spend most of your time in the "International" console unless you have ECS instances deployed in Singapore or Malaysia. It's also worth nothing that the "International" version is the only version that deploys some newer features like Cloud Honeypot or Docker image vulnerability scans.
  2. Singapore - Covers the Singapore region, specifically. If you've got ECS instances in Singapore, this is where they will show up in the Security Center console.
  3. Malaysia - Covers the Malaysia region. If you've got ECS instances in Malaysia, they'll show up here.

Note that when you pay for Security Center, all these regions are covered: it's just that ECS instances in Singapore and Malaysia won't show up when you look at the "Asset Fingerprint" or Server lists in the "International" region. Confusing, I know!

I've Got A Question!

Great! Reach out to me at jierui.pjr@alibabacloud.com and I'll do my best to answer in a future Friday Q&A blog.

You can also follow the Alibaba Cloud Academy LinkedIn Page. We'll re-post these blogs there each Friday.

Not a LinkedIn person? We're also on Twitter and YouTube.

Security Malware Alibaba Cloud Ransomware Security Center Training and Certification anti-virus antivirus host security operating system security security baseline
0 1 0
Share on

Read previous post:

Friday Blog - Week 19 - Choosing The Right ECS Instance Type

Read next post:

Friday Blog - Week 21 - Choosing The Right RDS Or PolarDB Database Instance

JDP

71 posts | 157 followers

You may also like

Comments

JDP

71 posts | 157 followers

Related Products

More Posts by JDP

See All