Security Center is a centralized security solution that defends your cloud assets against threats such as viruses, cyberattacks, and ransomware. It offers multiple editions and billing models so you can build a security system that fits your scenarios and budget.
Get started
New to Security Center? Start with the 7-day free trial of Enterprise Edition to evaluate comprehensive host security capabilities, including vulnerability management and intrusion prevention.
Ready to purchase? Review Plans and add-ons for options, or follow the Purchase procedure.
Overview
Billing: Subscription (plan + add-ons) or Pay-as-you-go (per-feature activation). You cannot use both for the same plan; the same account can use subscription for some modules and pay-as-you-go for others.
Basic Edition: Automatically available after Alibaba Cloud account verification; permanently free.
Enterprise Edition free trial: 7-day trial of the full Enterprise Edition for accounts that have never used the trial or a paid plan; one per account. After the trial expires, configurations and data are retained for 7 days and then automatically deleted.
Quick selection guide
Use case | Recommended solution | Core value |
First-time use or evaluation | Activate a 7-day free trial of the Enterprise Edition (see Overview) | Full host security at no cost, including vulnerability management and intrusion prevention. |
Hybrid cloud host security | Plan: Enterprise Edition. Add-ons: Anti-ransomware, Log analysis, CSPM, Agentic SOC. | Unified policies and controls for cloud and on-premises hosts; centralized governance. |
Container security | Plan: Ultimate Edition. Add-ons: Anti-ransomware, Log analysis, CSPM, Agentic SOC, Image scan. | Full-stack from host to container; image scanning for shift-left security. |
Major event support | Plan: Enterprise Edition or Ultimate Edition. Add-ons: RASP, Tamper-proofing, Cloud Honeypot. | RASP and tamper-proofing for advanced threats and business stability. |
Security incident response | Pay-as-you-go: see One-click access policy and billing details for pay-as-you-go services. | For mining malware, viruses, Trojans, website defacement, or ransomware. |
Prerequisites
An Alibaba Cloud account with identity verification completed.
Billing: Enable billing alerts before purchase to avoid unexpected charges.
Region: Security Center and some add-ons (e.g., Anti-ransomware) are available only in select regions; check the console or product overview for your region.
Plans and add-ons
Subscription
Plans: Choose Basic Edition, Advanced Edition, Enterprise Edition, or Ultimate Edition. Each plan provides different detection and protection capabilities.
Add-ons: Enable add-ons such as Anti-ransomware and Runtime Application Self-Protection (RASP) as needed.
Plan comparison
Plan | Description | Cost |
Basic | Basic detection only (e.g., abnormal logon, DDoS attacks, common server vulnerabilities, configuration issues in select cloud products). No active protection. | Free |
Anti-virus | Detects and removes common host viruses. | USD 1 per vCPU/month |
Advanced | Virus detection/removal, vulnerability scan/fix, security reports. | USD 9.5 per server/month |
Enterprise | Intrusion prevention, identity authentication, security audit. | USD 23.5 per server/month |
Ultimate | Full-stack for hosts, containers, and Intelligent Computing LINGJUN: K8s threat detection, Container Asset Overview, alerts, virus removal, vulnerability scanning, Asset Fingerprints, attack chain analysis. | USD 23.5 per server/month + USD 1 per vCPU/month |
As of September 11, 2025, Advanced Edition is no longer available for new purchases or edition changes. Existing Advanced Edition users are not affected.
Key protection capabilities
Capability | Basic | Anti-virus | Advanced | Enterprise | Ultimate |
Threat detection (selected malware and cloud products) | Yes | Yes | Yes | Yes | Yes |
Virus removal and host intrusion detection | No | Yes | Yes | Yes | Yes |
Brute-force attack protection | No | No Note Blocks malicious MD5 processes only. | Yes | Yes | Yes |
Host behavior defense | No | Yes | Yes | Yes | Yes |
System vulnerability scanning and remediation | No | No | Yes | Yes | Yes |
Malicious network behavior defense | No | No | No | Yes | Yes |
Trace the source of attacks | No | No | No | Yes | Yes |
Application vulnerability detection | No | No | No | Yes | Yes |
Baseline check and remediation | No | No | Yes Note Weak password checks only. | Yes | Yes |
Container security | No | No | No | No | Yes |
Subscription add-ons
Anti-ransomware: Backup and recovery; purchase quantity = capacity (file size + retention). Available only in select regions.
Cloud Security Posture Management (CSPM): Identity/permission management, compliance checks, configuration baseline. Billing: scan count + validation count + successful remediation count; unused monthly quotas expire.
Agentic SOC: Billing by log ingestion traffic (GB/day) and log storage capacity (GB). Used for real-time threat detection, attack tracing, and investigation response. Storage: recommend ≥50 GB per server for 180-day retention, or 3× existing Log analysis capacity; daily traffic ≈ total storage ÷ retention days. If you also use the pay-as-you-go log service, disable duplicate log delivery in the console to avoid double charges.
Vulnerability remediation: One-click fix for vulnerabilities; total count = sum of all vulnerabilities fixed across all servers (same vuln on 10 servers = 10 operations).
Log analysis: Log ingestion (GB/day) and log storage (GB) billed separately. Supports ≥180-day retention for MLPS. SQL-based retrieval and visual reports; recommend ≥50 GB per server for 180-day retention. If you also use the pay-as-you-go log service, disable duplicate log delivery in the console to avoid double charges.
Image scan: Per unique image digest, first scan consumes one quota; same digest rescans do not. Available with Enterprise Edition, Ultimate Edition, or corresponding pay-as-you-go level.
Tamper-proofing: Protects website directories; purchase by number of servers.
Malicious file detection: Deep scan of server file systems; purchase by number of files to scan per month.
Runtime Application Self-Protection (RASP): Protects Java applications at runtime; purchase by total number of Java processes (e.g., 2 servers × 3 Java apps = 6 quotas).
Cloud Honeypot: Billing per probe; minimum 20, maximum 500; contact support for more than 500.
Pay-as-you-go
Default features: Enabling any pay-as-you-go feature incurs a base service fee. The default features include DingTalk Chatbot, Security Report, and Playbook (requires vulnerability remediation).
Billed features: Each feature is billed independently; activate only what you need.
If you already have a subscription plan (Basic, Advanced, Enterprise, or Ultimate Edition), you cannot activate the pay-as-you-go plan service (host and container protection). Subscription plans and pay-as-you-go plan service are mutually exclusive.
Host and Container Security
This billed feature provides comprehensive detection and protection for host and container assets. After purchase you must bind assets to a protection level. Protection levels and descriptions are as follows.
Protection level | Description | Monthly fee (30-day reference price) |
Unprotected | Provides only basic security detection, such as identifying unusual server logons, DDoS attacks, common server vulnerabilities, and some cloud product configuration risks. It does not include active protection features. | Free |
Antivirus | Detects and removes common viruses on your hosts. | USD 1.5 per core per month |
Advanced | New purchases and changes are no longer supported. | USD 14.25 per instance per month |
Host Protection | Meets host security requirements for intrusion prevention, identity authentication, and security audit. | 35.25 USD per instance per month |
Hosts and Container Protection | Provides full-stack security for hosts, containers, and Intelligent Computing LINGJUN servers. Capabilities include K8s threat detection, Container Asset Overview, security alerts, virus removal, vulnerability detection, Asset Fingerprints, and attack chain analysis. | USD 35.25/instance/month + USD 1.5/core/month |
The main protection capabilities for each level are as follows:
Protection capability | Unprotected | Antivirus | Host Protection | Hosts and Container Protection |
Basic malware and cloud product threat detection | ||||
Virus removal and host intrusion detection | ||||
Brute-force attacks protection | ||||
Host behavior defense | Note Only supports blocking processes based on malicious MD5 hashes. | |||
Malicious network behavior defense | ||||
Trace the source of attacks | ||||
Application vulnerability detection | ||||
Container security |
For the feature to take effect, you must assign the quota to specific assets after you enable it. You can during purchase.
The system uses the following default binding rules:
Server assets that run container environments, including Alibaba Cloud ACK cluster nodes, Intelligent Computing LINGJUN, and servers connected to self-managed K8s clusters: Host and Container Protection.
All other assets: Host Protection.
New servers added later: Host Protection.
Purchase procedure
Subscription
Log on and go to the purchase page
Log on to your Alibaba Cloud account and go to the Security Center purchase page.
Select an edition
ImportantIf you have already enabled the Host and Container Security pay-as-you-go service, you can only select Value-added Plan.
Billing Method: Select Subscription.
Protection Scenario: The system automatically recommends an edition and add-ons based on the selected scenario.
Edition: For details on the basic protection capabilities of each edition, see .
Protected Servers: Specify the total number of servers to protect. By default, this displays the Alibaba Cloud Elastic Compute Service (ECS) instances and connected third-party servers under your account.
NoteThis parameter is not required if you select the Anti-virus or Value-added Plan.
Cores: The number of vCPUs on your servers. By default, this displays the total number of cores for ECS instances and connected third-party servers under your account.
NoteThis parameter is required only if you select the Anti-virus Edition or Ultimate Edition.
Configure Protection Quota
To activate protection, you must assign the purchased quotas to specific servers.
Automatic binding (default):
The system automatically assigns quotas to unprotected servers under your account based on the default policy. You can unbind or rebind them later. For more information, see Manage quotas for Host and Container Security.
Custom binding:
Click Custom Quota Binding and select the region where your servers are located.
In the server list, select the servers you want to bind and choose the corresponding version in the Edition column.
If you select multiple servers, click the Update Version button at the bottom of the list to bind the same protection version to all selected servers.
(Optional) Select Automatically Add New Servers to Security Center. New servers added later will be automatically bound to the version you are purchasing to enable protection.
WarningIf you do not select this option, you must manually bind new servers to protect them. For instructions, see Manage quotas for Host and Container Security.
Select add-ons
Based on your business needs, find the corresponding add-on module, set Purchase or Not to Yes, and complete the configuration.
Confirm and pay
Read and agree to the Security Center Terms of Service, then click Order Now and complete the payment.
View your purchased service
After the purchase is complete, log on to the console. You can view your current service in the Overview page Subscription section.
Pay-as-you-go
Log on and go to the purchase page
Log on to your Alibaba Cloud account and go to the Security Center purchase page.
Select services
Based on your business needs, find the corresponding add-on module, set Purchase or Not to Yes, and complete the configuration.
Quota and binding logic
For some services to take effect, you must assign their quota to specific assets after you enable them. The configuration steps are as follows:
Host and Container Security: Supports custom binding of host assets. Follow these steps:
ImportantIf you do not configure this, the system binds host assets according to the default rules:
Server assets that run container environments, including Alibaba Cloud ACK cluster nodes, Intelligent Computing LINGJUN, and servers connected to self-managed K8s clusters: Host and Container Protection.
All other assets: Host Protection.
New servers added later: Host Protection.
On the purchase page, click Custom Quota Binding and select the region where your servers are located.
In the server list, select the servers you want to bind and choose the corresponding protection level in the Protection Level column.
After you select multiple servers, click Change Protection Level to modify the protection level for all of them at once.
In the Automatically Add New Servers to Security Center section, set the protection level that will be automatically bound to new servers.
Serverless Asset Protection: Supports custom binding of assets. Follow these steps:
ImportantIf you do not configure this, the system enables Serverless Asset Protection protection for all serverless assets by default.
Click Custom Quota Binding, select the region where your servers are located, and select the corresponding assets.
Select Automatically Add New Assets to automatically enable Serverless Asset Protection protection for new serverless assets added later.
WarningIf you do not select this option, you must manually bind new serverless assets. Otherwise, they will not be protected by Security Center. For instructions, see Bind or unbind authorized assets.
Application Protection: Supports custom binding of assets. Follow these steps:
ImportantIf you do not configure this, the system protects all assets by default and uses the slow onboarding method.
You can also configure this after purchase by logging on to the console and going to and then Access Management as needed.
Click Custom Quota Binding and select the region where your servers are located.
Select the corresponding assets and click OK.
Confirm and pay
Read and agree to the Security Center Terms of Service, then click Order Now and complete the payment.
View your purchased service
After the purchase is complete, log on to the console. You can view your current service in the Overview page Pay-as-you-go section.
Purchase rules and limits
Subscription: One plan per Alibaba Cloud account; you can upgrade at any time.
Pay-as-you-go: Different protection levels per asset; multiple add-ons can be used together.
Switching billing: To change billing model for a feature, unsubscribe or disable the current service first, then activate the other model.
Container protection: To protect ACK nodes, self-managed K8s, or LINGJUN assets, you must purchase Enterprise Edition or Ultimate Edition (subscription) or the corresponding pay-as-you-go level; bind those assets to that plan or level.
Unsubscribe
Subscription service
Unsubscribe from add-ons
On the Overview page, in the Subscription section, click . On the order upgrade/downgrade page, on the Order Downgrade tab, set Purchase or Not to No for the relevant service. For more information, see Downgrade.
ImportantThe specific refund amount is subject to the amount displayed on the downgrade page. For information on where your refund will be sent, see Refund destinations.
Unsubscribe from all services
You can also contact technical support to unsubscribe from the Security Center instance.
Pay-as-you-go
On the Overview page of the Security Center console, in the Pay-as-you-go section, turn off the switch for the relevant service. Once disabled, the service will no longer incur charges.
FAQ
Do subscription and pay-as-you-go result in duplicate charges?
No. An add-on supports only one billing model at a time. If your subscription plan includes an add-on that overlaps with an existing pay-as-you-go service, the system can automatically disable the pay-as-you-go counterpart and use the subscription.
Can I convert pay-as-you-go to subscription?
No. Disable the pay-as-you-go services first, then purchase subscription following the steps above.
Can I use subscription and pay-as-you-go together?
Yes. The same account can use both models for different modules (e.g., subscription for Vulnerability remediation, pay-as-you-go for Agentic SOC).
Why is the order amount higher than the listed price?
The total depends on the number of protected servers/vCPUs and any pre-selected add-ons. Set unneeded add-on capacities to 0 before placing the order.
How do I get free services?
Basic Edition: Automatically available after Alibaba Cloud account verification; permanently free. Enterprise Edition free trial: 7-day trial of the full Enterprise Edition, one per account (for accounts that have never used the trial or a paid plan); activate from the Overview page.
What happens after the Enterprise Edition trial expires?
Configurations and data are retained for 7 days and then automatically deleted.
Can I cancel the Enterprise Edition free trial?
Yes. On the Overview page you can cancel the trial. Each account is eligible for only one trial; after you cancel, you cannot start another trial.
Why don't I see the free trial option?
Your account has already used the 7-day trial, or has already purchased a paid plan.