Alibaba Cloud Managed Security Service (MSS) offers comprehensive security technology and consulting services. This service is delivered by Alibaba Cloud security experts and is based on years of security best practices. MSS helps you build and continuously optimize your cloud security system to protect your business.
Background information
More businesses and organizations are moving their operations to the cloud. This migration brings a new wave of technological change. However, it also introduces new challenges to the availability, security, and integrity of cloud-based businesses.
To address these business security problems, Alibaba Cloud MSS provides Managed Detection and Response (MDR) services for your ECS servers. This service combines the best cloud security operation practices from Alibaba Cloud security experts. It offers in-depth detection and response services to help you quickly establish a basic security operations system and protect your cloud business.
MSS also offers value-added services such as risk assessment, emergency response, and classified protection assessment. These services cover multiple dimensions of cloud business security and help you build a comprehensive security defense system.
Service Specifications
MSS provides the MDR service edition. The service includes the following items:
Security consulting
Provides consulting services for basic security products, including Anti-DDoS, WAF, Cloud Firewall, and Security Center. This service covers configuration issues, policy anomaly analysis, and abnormal event handling.
Security monitoring
Monitors and analyzes security alerts. Pushes alert information through DingTalk groups and handles alerts using tickets to help filter out false positives.
Analyzes and assesses alerts to provide security recommendations based on your business.
Vulnerability notification
Provides impact detection for 0-day vulnerabilities using vulnerability detection rules. Provides impact analysis based on factors such as host outbound traffic and host status.
Summaries and reports
Provides cloud security posture reports in various formats, such as monthly, quarterly, and semi-annual summaries. Optimizes product rules and holds monthly, quarterly, and semi-annual review meetings.
Security assessment service
Assesses your overall cloud security. This service helps you identify security risks by analyzing major risks and attack surfaces in the cloud.
Security hardening
Helps you quickly implement security hardening measures after a security incident, based on alert details and relevant industry standards.
Emergency response
Provides methods for containment, eradication, and recovery after a security incident. This service offers preventive measures and security recommendations to help you find the attack source and the cause of the intrusion.
Product training
Provides training on cloud security product capabilities and best practices.
Scenarios
Build a complete security operations system
Scenario description
Some businesses build their security operations capabilities slowly after migrating to the cloud. They may lack effective vulnerability management and risk management capabilities. This means risk handling cannot keep pace with information system development, which creates significant business security risks. In this context, Alibaba Cloud MSS provides a comprehensive and mature operations system. It covers security product operations, vulnerability and risk management, and basic security operations. This ensures seamless security operations for your cloud assets.
Service benefits
A mature operations system lets you focus more on developing your business capabilities. During subsequent security development, you have sufficient preparation time and can build your operations system more efficiently with the support of MSS experts.
Improve the ROI of security operations resources
Scenario description
A lack of security operations resources can include a shortage of professional staff for cloud security product operations, a lack of basic service operations personnel, or insufficient funding for security operations. In the traditional model, you must invest in many security professionals to ensure smooth security operations. As the scale of your assets grows, the required investment in security talent also increases.
Service benefits
The most direct benefit of a large-scale, service-oriented, and systematic approach is cost reduction. While reducing operational costs, you can also leverage the highly skilled technical personnel of MSS to enhance your overall security capabilities. This includes the protection capabilities of security products, the optimization of security policies, and the management of security vulnerabilities and risks.
Get security architecture guidance during cloud migration
Scenario description
During cloud migration, you may face a series of security issues at the business, technical, and management levels. You can effectively address these issues by deploying cloud products properly. MSS provides guidance on cloud security architecture design and security consulting services. This helps you design a sound cloud architecture to achieve the best protection.
Customer benefits
During your cloud migration process, we provide professional consulting services and guidance on cloud security architecture solutions. This helps you quickly achieve your cloud migration goals and ensures the stability and security of your cloud business.
Enhance security capabilities
Scenario description
The growing number of system platforms in computing environments faces various security threats, including data theft, data tampering, and unauthorized access. Professional security services are needed to ensure the confidentiality, integrity, and availability of the data running and stored on these platforms.
Service benefits
The Alibaba Cloud MSS team implements effective diagnostic services based on your company's security needs. This assesses the security posture of your business and identifies gaps between your current practices and security best practices. For issues found during the security assessment, we implement security hardening services to improve the security and attack resistance of your operating systems and network devices.
Benefits
One-click management and full-stack operations
Alibaba Cloud MSS leverages the technical advantages of the Alibaba Cloud platform. Based on years of security best practices, it provides comprehensive security technology and consulting services for cloud users. The service offers security operations from the network border to the internal network, from vulnerabilities to policies, and from configuration to data. It aims to establish and continuously optimize a cloud security defense system for you, ensuring the security of your cloud business. This lets you focus on your own business development.
Powered by big data
Alibaba Cloud security centralizes protection data from products such as Security Center, Cloud Firewall, Web Application Firewall, and Anti-DDoS, covering multiple protection layers such as VPN networks, ECS, web applications, and databases. Based on data mining techniques accumulated over years of practical experience, it provides real-world attack and defense threat intelligence to all cloud users. The security operations team combines this intelligence with your protection needs and business system status to periodically adjust security policies. This brings security risks within a controllable range and enables dynamic adjustment, defense, operations, and management.
Benefits of scale
By serving a large user base, MSS adopts a large-scale, systematic operation model to provide high-quality services to every cloud user more efficiently.
Minute-level emergency response
The cloud security monitoring and emergency response system of MSS can help you quickly and effectively respond to hacker intrusions, clean up Trojan backdoors, and analyze the cause of intrusions when a security incident occurs. This effectively reduces losses caused by security incidents and helps you quickly resume normal business operations.
Service content
The service content of MSS is as follows:
Managed Web Application Firewall
Service category | Service content | Deliverable details | Deliverables | SLA (Service-Level Agreement) |
Security consulting | Provides consulting services for Web Application Firewall (WAF). This includes answering questions about configuration, policy anomaly analysis, and abnormal event handling (excluding bot management). | Troubleshooting for WAF anomaly data. |
| During 5x8 business hours, a response to inquiries is provided within 30 minutes and inquiry tickets are closed within 72 hours, as needed. |
Guidance on WAF policy optimization. | ||||
Answers to questions about the WAF product. | ||||
Onboarding and upgrade | Provides WAF asset onboarding service and helps configure security policies to meet business needs. | Deployment and onboarding of WAF assets. | Push notifications to DingTalk groups. | During 5x8 business hours, a response to inquiries is provided within 30 minutes and inquiry tickets are closed within 72 hours, as needed. |
Assistance with WAF product upgrades and related issues. | Assistance with standardized WAF migration. |
| Included. | |
Security monitoring |
| Periodic inspection and security monitoring of WAF (excluding bot management). | Alerts and alert analysis pushed to DingTalk groups. |
|
Security hardening | Helps you quickly implement security hardening measures after a security incident, based on alert details and relevant industry standards. | WAF security product configuration service: Helps you perform security analysis and configure corresponding security policies based on alerts and abnormal log data (excluding bot management). | Security hardening configuration checklist. | Yes, there is. |
Major Event Support | Provides support for major business events, including periodic inspections and security incident response during the event. | Support for major business events. | Major Event Support: Daily Report | Critical Event Assurance Service (5 × 8 on business days). |
Emergency response | Provides emergency response service for urgent WAF security incidents. | Security incident emergency response. | After the emergency response is complete, an "Emergency Response Report" is provided. Triggered when:
|
|
Security operations support | A free trial is available for the new feature POC. | Free trial of a proof of concept (POC) for a new feature. | A 7-day free trial for new WAF features. | Included. |
Provides training on WAF product capabilities, best practices, and more. | WAF product training. | Training on WAF product onboarding, features, and usage. | Once per year, as needed. | |
Training for HTTP flood protection | Training on best practices for WAF or Anti-DDoS HTTP flood protection. | |||
Summaries and reports | Standard security reports and meetings. | Standard security reports and meetings. | Standardized monthly and quarterly security reports and quarterly meetings. | Monthly and quarterly reports, quarterly meetings. |
Managed Anti-DDoS Pro and Anti-DDoS Premium
Service category | Service content | Deliverable details | Deliverables | SLA |
Security consulting | Provides consulting services for Anti-DDoS security products. This includes answering questions about configuration, policy anomaly analysis, and abnormal event handling. | Troubleshooting for Anti-DDoS anomaly data. |
| During 5x8 business hours, a response to inquiries is provided within 30 minutes and inquiry tickets are closed within 72 hours, as needed. |
Guidance on Anti-DDoS policy optimization. | ||||
Answers to questions about the Anti-DDoS product. | ||||
Onboarding and upgrade | Provides Anti-DDoS asset onboarding service and helps configure security policies to meet business needs. | Deployment and onboarding of protected assets. | Push notifications to DingTalk groups. | During 5x8 business hours, a response to inquiries is provided within 30 minutes and inquiry tickets are closed within 72 hours, as needed. |
Security monitoring |
| Periodic inspection and security monitoring of Anti-DDoS. | Alerts and alert analysis pushed to DingTalk groups. |
|
Security hardening | Helps you quickly implement security hardening measures after a security incident, based on alert details and relevant industry standards. | Anti-DDoS security product configuration service: Helps you perform security analysis and configure corresponding security policies based on alerts and abnormal log data. | Security hardening configuration checklist. | Included. |
Major event support | Provides support for major business events, including periodic inspections and security incident response during the event. | Support for major business events. | Major event support daily report. | Critical business support (5×8 on business days). |
Emergency response | Provides emergency response service for urgent Anti-DDoS security incidents. | Security incident emergency response. | After the emergency response is complete, an "Emergency Response Report" is provided. Triggered when:
|
|
Summaries and reports | Standard security reports and meetings. | Standard security reports and meetings. | Standardized monthly and quarterly security reports and quarterly meetings. | Monthly and quarterly reports, quarterly meetings. |
Managed Cloud Firewall
Service category | Service content | Deliverable details | Deliverables | SLA |
Establish dedicated communication group | A dedicated DingTalk group is established for communication. All subsequent management-related issues are communicated and addressed in the group. Information, such as alert configurations, is pushed to the group by a DingTalk robot. | A dedicated communication group to answer questions about managed products, handle alert events, and analyze issues. | Dedicated communication group. | Within 24 hours of initial purchase. |
Grant permissions | You must grant necessary permissions based on the service scope. This includes, but is not limited to, console logon SSO, STS roles, and AccessKey pairs. These permissions are required to support subsequent operations. | Obtain permissions for monitoring, operation, and handling related services. | "Permission Request Checklist" | None. |
Service kickoff meeting | The managed service team initiates a kickoff meeting with your participation. This initial meeting confirms points of contact, plans future work, and discusses any non-standard deliverables. | The project kickoff meeting is used to confirm stakeholders for future plan implementation and communication. | "Project Kickoff Meeting - Meeting Minutes" | Within 72 hours of initial purchase. |
Update group announcement | Based on communication, we publish information such as points of contact, service hours, and service scope. | Delivery personnel synchronize project information and refresh the group information. | Updated group announcement. | Within 72 hours of initial purchase. |
Update subsequent service plan | Based on the results of the kickoff meeting and the standard deliverables of the managed service, a work plan schedule is created. | A follow-up plan for subsequent service updates is established. | "Work Plan Schedule" | Within 1 month of initial purchase. |
Managed product risk assessment | Based on the experience of the Alibaba Cloud MSS team, we conduct a risk assessment of the products covered by the managed service. We identify issues such as invalid policy configurations and product configurations, and provide a risk assessment report as a basis for subsequent rectification. | Protection status. | "Risk Assessment Report" | The assessment is completed and the report is provided within 2 weeks of customer onboarding. |
Product status assessment. | ||||
Control border policy assessment. | ||||
IPS policy assessment. | ||||
Security alert inspection | We perform daily alert inspections. We respond to and analyze alerts generated by Cloud Firewall for: Detection and Response - Intrusion Prevention, Detection and Response - Vulnerability Prevention, Detection and Response - Breach Awareness, and Detection and Response - Data Breach. An alert handling and results checklist is provided. | Internet protection security alert event analysis (notify for high-risk alerts). | "Alert Handling Checklist" | Product is inspected every 15 minutes. Alerts are handled within 30 minutes of occurrence. |
Vulnerability prevention alert event analysis. | ||||
Breach awareness event analysis. | ||||
Data breach (service must be enabled). | ||||
Product inspection | We inspect the basic status of Cloud Firewall, such as expiration date, edition in use, and protection scope coverage, to ensure its availability. | Daily operational status of the product is inspected. | "Daily Inspection Notification" | Daily. |
Managed policy maintenance | Based on your production needs and Alibaba Cloud best practices, we help you configure or change policies within an agreed timeframe. We assess the impact before the change and verify the effect after the change. | Managed maintenance of Internet firewall protection status. | "Policy Configuration Change Checklist" | As needed. |
Managed maintenance of Internet border control policies (inbound and outbound). | ||||
Adjustment of access control engine management policy configurations. | ||||
Managed adjustment of the threat engine running mode in IPS configuration rules. | ||||
Managed maintenance of IPS configuration rules - basic patches, including enabling, disabling, and monitoring. | ||||
Managed maintenance of IPS configuration rules - virtual patch policies, including enabling, disabling, and monitoring. | ||||
Managed maintenance of IPS configuration rules - threat intelligence, including enabling, disabling, and monitoring. | ||||
Managed maintenance of IPS configuration rules - intelligent defense, including enabling, disabling, and monitoring. | ||||
Managed maintenance of IPS configuration rules - data breach, including enabling, disabling, and monitoring. | ||||
Managed maintenance of IPS configuration rules - private network protection, including enabling, disabling, and monitoring. | ||||
Managed maintenance of the protection whitelist (add, delete, modify) status. | ||||
Managed configuration of IPv4 address books. | ||||
Managed configuration of IPv6 address books. | ||||
Managed configuration of port address books. | ||||
Managed configuration of domain name address books. | ||||
Managed configuration of ACK address books. | ||||
Managed maintenance of alert notifications (overall alert configuration). | ||||
Product consultation | We answer your questions about policy configuration, product features, and optimization suggestions within the scope of the Managed Cloud Firewall service. | Troubleshooting for anomaly data. | Product consultation ticket. | As needed. |
Guidance on policy optimization. | ||||
Product inquiries | ||||
Deployment and onboarding of assets. | ||||
Security event investigation support | When a security event occurs, we assist you with event investigation and analysis based on Cloud Firewall logs. | Analysis of various types of Cloud Firewall logs based on event requirements. | "Security Event Investigation Support Report" | As needed. |
Deployment of policies based on the conclusions of the event investigation. | ||||
Periodic communication meeting | The managed service includes a quarterly communication meeting to review the work of the current quarter and plan for the next quarter's security. | Standard security reports and meetings. | "Quarterly Meeting Minutes" | Every quarter. |
Provide periodic delivery reports | We provide monthly reports in various formats based on your needs. The report content is standardized. If custom content is required, it must be mutually agreed upon. | Standard monthly security report. | "Monthly Report" | Every month. |
Summary report | We provide a summary report one week before the end of the managed service that summarizes all service content and future plans for the period. | Service summary report. | "Service Summary Report" | One week before the end of the service. |
Summary meeting | We organize a review meeting one week before the end of the managed service to summarize the issues handled and remaining risks during the service period. | Service summary meeting. | "Service Summary Meeting - Meeting Minutes" | One week before the end of the service. |
Managed Security Center
Service category | Service content | Deliverable details | Deliverables | SLA |
Establish dedicated communication group | A dedicated DingTalk group is established for communication. All subsequent management-related issues are communicated and addressed in the group. Information, such as alert configurations, is pushed to the group by a robot. | A dedicated communication group to answer questions about managed products, handle alert events, and analyze issues. | Dedicated communication group. | Within 24 hours of initial purchase. |
Grant permissions | You must grant necessary permissions based on the service scope. This includes, but is not limited to, console logon SSO, STS roles, and AccessKey pairs. These permissions are required to support subsequent operations. | Obtain permissions for monitoring, operation, and handling related services. | "Permission Request Checklist" | None. |
Service kickoff meeting | The managed service team initiates a kickoff meeting with your participation. This initial meeting confirms points of contact, plans future work, and discusses any non-standard deliverables. | The project kickoff meeting is used to confirm stakeholders for future plan implementation and communication. | "Project Kickoff Meeting - Meeting Minutes" | Within 72 hours of initial purchase. |
Update group announcement | Based on communication, we publish information such as points of contact, service hours, and service scope. | Delivery personnel synchronize project information and refresh the group information. | Updated group announcement. | Within 72 hours of initial purchase. |
Update subsequent service plan | Based on the results of the kickoff meeting and the standard deliverables of the managed service, a work plan schedule is created. | A follow-up plan for subsequent service updates is established. | "Work Plan Schedule" | Within 1 month of initial purchase. |
Managed product risk assessment | Based on the experience of the Alibaba Cloud MSS team, we conduct a risk assessment of the products covered by the managed service. We identify issues such as invalid policy configurations and product configurations, and provide a risk assessment report as a basis for subsequent rectification. | Protection status assessment. | "Risk Assessment Report" | The assessment is completed and the report is provided within 2 weeks of customer onboarding. |
Product status assessment. | ||||
Mitigation capabilities assessment. | ||||
Alert handling assessment. | ||||
Vulnerability management assessment. | ||||
Exposure analysis assessment. | ||||
AccessKey pair leak assessment. | ||||
Security alert inspection | We perform daily security alert inspections. Alerts are pushed to the service group by a DingTalk robot. The inspection scope includes: response and analysis of high-risk events from Detection and Response - Cloud Workload Protection Platform (CWPP). A denoised alert handling and results checklist is provided. | Cloud Workload Protection Platform (CWPP). | "Alert Handling Checklist" | Product is inspected every 15 minutes. Alerts are handled within 30 minutes of occurrence. |
AccessKey pair leak. | ||||
Product inspection | We inspect the basic status of Security Center, such as expiration date, edition in use, and protection scope coverage, to ensure product availability. | Daily operational status of the product is inspected. | "Daily Inspection Notification" | Daily. |
Managed policy maintenance | Based on your production needs and Alibaba Cloud best practices, we help you configure or change policies within an agreed timeframe. We assess the impact before the change and verify the effect after the change. | Authorization of host deployment. | "Policy Configuration Change Checklist" | As needed. |
Synchronization of host assets. | ||||
Deployment of Security Center client (excluding off-cloud). | ||||
Basic Information - Enabling and disabling logon security settings, vulnerability detection, and protection status. | ||||
Synchronization of the latest product assets. | ||||
Risk validation and whitelisting status. | ||||
Synchronization of one-click scan status. | ||||
Whitelisting or fixing Linux software vulnerabilities. | ||||
Whitelisting or fixing Windows system vulnerabilities. | ||||
Whitelisting Web-CMS vulnerabilities. | ||||
Whitelisting application vulnerabilities. | ||||
Whitelisting emergency vulnerabilities. | ||||
Vulnerability Management module - Setting, adding, or deleting vulnerability whitelist configurations. | ||||
Vulnerability Management module - Setting, adding, or deleting vulnerability management settings. | ||||
Managed maintenance of alert notifications (overall alert configuration). | ||||
Enabling or disabling alert types for log records. | ||||
Clearing log storage or adjusting the time-to-live (TTL). | ||||
Host Protection - Configuration of virus scan settings. | ||||
Host Protection - Enabling, disabling, or adjusting host rule management policies. | ||||
Host Protection - Configuration of core file monitoring rules. | ||||
Feature Settings - Adjustment of settings for host protection, container protection, client capabilities, and other features. | ||||
Feature Settings - Enabling or disabling the web shell detection feature. | ||||
Feature Settings - Enabling or disabling the adaptive threat detection feature. | ||||
Feature Settings - Enabling or disabling the alert settings feature. | ||||
Host vulnerability remediation | Based on the maintenance window you provide, we can assist with vulnerability remediation and host restarts in the Security Center console. Host vulnerability remediation requires a snapshot backup, which incurs additional costs that you must bear. You need to verify business availability after the process. | Host vulnerability remediation. | "Vulnerability Remediation Checklist" | As needed. |
Product consultation | We answer your questions about policy configuration, product features, and optimization suggestions within the scope of the Managed Security Center service. | Troubleshooting for anomaly data. | "Product Consultation Ticket" | As needed. |
Guidance on policy optimization. | ||||
Answers to questions about the product. | ||||
Deployment and onboarding of assets. | ||||
Security event investigation support | Analysis of various types of Security Center logs based on event requirements. | Analysis of various types of Security Center logs based on event requirements. | "Security Event Investigation Support Report" | As needed. |
Deployment of policies based on the conclusions of the event investigation. | ||||
Periodic communication meeting | The managed service includes a quarterly communication meeting to review the work of the current quarter and plan for the next quarter's security. | Standard security reports and meetings. | "Quarterly Meeting Minutes" | Every quarter. |
Provide periodic delivery reports | We provide monthly reports in various formats based on your needs. The report content is standardized. If custom content is required, it must be mutually agreed upon. | Standard monthly security report. | "Monthly Report" | Every month. |
Summary report | We provide a summary report one week before the end of the managed service that summarizes all service content and future plans for the period. | Service summary report. | "Service Summary Report" | One week before the end of the service. |
Summary meeting | We organize a review meeting one week before the end of the managed service to summarize the issues handled and remaining risks during the service period. | Service summary meeting. | "Service Summary Meeting - Meeting Minutes" | One week before the end of the service. |
Managed Anti-Bot
Service category | Service content | Deliverable details | Deliverables | SLA |
Security consulting | Provides consulting services for WAF security products. This includes answering questions about configuration, policy anomaly analysis, and abnormal event handling. | Troubleshooting for WAF anomaly data. | Push notifications to DingTalk groups. | During 5x8 business hours, a response to inquiries is provided within 30 minutes and inquiry tickets are closed within 72 hours, as needed. |
Guidance on WAF policy optimization. | ||||
Inquiries about WAF. | ||||
Onboarding and upgrade | Provides WAF asset onboarding service and helps configure security policies to meet business needs. | Deployment and onboarding of WAF assets. | Push notifications to DingTalk groups. | During 5x8 business hours, a response to inquiries is provided within 30 minutes and inquiry tickets are closed within 72 hours, as needed. |
Assistance with WAF product upgrades and related issues (Managed Bot Management only supports WAF 3.0). | Assistance with standardized WAF migration. | Push notifications to DingTalk groups, WAF product upgrade meeting. | Yes. | |
Anti-bot countermeasures | Customize anti-bot protection policies, analyze bot protection data, and optimize bot protection policies (requires business integration with risk control products). | Communication to gather information on business scenarios, core anti-scraping API sequences, SDK integration, and business risk control products. | Anti-bot background research checklist. | Dedicated anti-bot countermeasures, 5x8 service, 30-minute response for analysis, optimization suggestions provided within 2 hours. |
Customization of WAF scenario protection policies. | Anti-bot scenario protection policy checklist. | |||
Optimization of anti-bot protection policies. | Optimization configuration checklist. | |||
Analysis of anti-bot access and protection data from various dimensions. | Anti-bot daily data analysis report. | |||
Evaluation of bot management product features and follow-up on requirements. | Push notifications to DingTalk groups, reflected in daily reports. | |||
Security monitoring | Customized anti-bot security monitoring. | Configuration of customized business bot monitoring based on WAF anti-bot log analysis. | Customized security monitoring list. | Included. |
| Periodic inspection and security monitoring of WAF. | Alerts and alert analysis pushed to DingTalk groups. |
| |
Major event support | Provides support for major business events, including periodic inspections and security incident response during the event. | Support for major business events. | Major event support daily report. | Business-critical event support (5x8 on business days) |
Emergency response | Provides emergency response service for urgent WAF security incidents. | Security incident emergency response. | After the emergency response is complete, an "Emergency Response Report" is provided. Triggered when:
|
|
Summaries and reports | Standard security reports and meetings. | Standard security reports and meetings. | A monthly anti-bot protection report and an analysis and communication meeting. | Monthly report, monthly meeting. |
Security Assessment Service
Service category | Service content | Deliverable details | Deliverables | SLA |
Security assessment | Assesses your overall cloud security. Helps you discover comprehensive security risks by analyzing cloud risks and attack surfaces. | Security operations capability assessment. Assesses security maturity through interviews and surveys and provides recommendations for security development. | Security Assessment Report. | None. |
Network architecture risk assessment. Checks the validity of network access control policies and suggests optimizations. | ||||
Cloud product security assessment. Performs baseline checks and risk management for cloud hosts and provides repair recommendations and risk management best practices, including system vulnerability checks. | ||||
Exposure and attack surface risk assessment. Provides periodic asset exposure, vulnerability detection, and management services for cloud hosts and businesses. Manually analyzes report content and provides repair guidance and risk management best practices. This includes public network exposure risk, vulnerable port scanning, and Web vulnerability scanning. | ||||
Account security risk assessment. Detects and assesses risks related to AccessKey pair leaks. | ||||
Application system security risk assessment. | ||||
Cloud security product configuration risk assessment. |
Emergency Response Service
Security technicians provide remote emergency handling and analysis services, which include the following:
Investigating whether hosts have been compromised by hackers.
Handling ongoing attacks to prevent further intrusion.
Finding and removing malicious programs such as mining programs, viruses, worms, and Trojans.
Finding and removing web shells, hidden links, and trojanized pages from websites.
Handling anomalies caused by intrusions to help you quickly restore business operations.
Analyzing intrusion methods to identify the cause of the intrusion.
Analyzing post-intrusion activities to determine the impact of the breach.
This is a one-time service. It provides a security emergency service report, offers remediation advice, and guides you in security hardening to prevent future intrusions.
References
MSS offers various service types with different billing methods. For more information, see Product Billing.
For specific instructions on how to activate and use MSS, see Quick Start.
For a description of the security services provided by MSS and the service workflow, see Managed Security Service workflow.