Security Center is a centralized security management system that identifies and analyzes security threats, and generates alerts when threats are detected. Security Center provides multiple features to ensure the security of cloud resources and servers in data centers. The features include anti-ransomware, antivirus, web tamper proofing, and compliance check. This allows you to automate security operations, responses, and threat tracing, and meet regulatory compliance requirements. By default, the features of Security Center Basic are enabled to protect Elastic Compute Service (ECS) instances.

The Anti-virus or higher edition of Security Center automatically quarantines viruses, proactively prevents and quarantines common ransomware and DDoS trojans. The ransomware includes WannaCry and Globelmposter, and the DDoS trojans include XOR DDoS and BillGates. We recommend that you enable the automatic quarantine feature of Security Center to reinforce the security of your assets. For more information about how to enable the automatic quarantine feature, see Use proactive defense.

For more information about the features that each edition supports, see Functions and features.

Prerequisites

Security Hardening is selected when you purchase ECS instances. This way, Security Center protects your ECS instances.

Security Hardening

View overall security information about ECS instances

To view the security risks of your ECS instances, log on to the ECS console. In the left-side navigation pane, click Overview. On the Overview page, click Handle in the Security Score section. You are redirected to the Security Risk panel of the Overview page in the Security Center console. You can view security risks in this panel.

On the Overview page of the Security Center console, you can view the security score of your assets and information about the threats that are detected on your assets. The information includes the number of unhanded alert events, the severities of the unhandled alert events, and the total number of generated alert events. For more information, see Overview. Overview page

In the Security risk section of the Overview page, you can click the number below Unhandled Alerts, Unfixed Vul, or Baseline Risks to view the details of detected risks and handle the risks.

View the security information about an ECS instance

To view the details of an ECS instance, log on to the ECS console and click Instances in the left-side navigation pane. On the Instances page, find the ECS instance in the instance list and click the Alibaba Cloud Security icon icon in the Monitoring column to go to the Security Center console. You can view the details of the ECS instance in the Security Center console.

You can view the security information about an ECS instance on the Host page of the Assets module in the Security Center console. For more information, see View the information about a server.

Note If the Security Center agent on a server is in the Offline state, the Security Center agent is disconnected from Alibaba Cloud, and Security Center does not protect the server. In this case, you must reinstall the Security Center agent. For more information, see Install and uninstall the Security Center agent.