All Products
Search

This Product

    Managed Security Service:Overview

    Document Center

    Managed Security Service:Overview

    Last Updated:Aug 01, 2024

    The Overview page of Managed Security Service (MSSP) provides dashboards that display key metrics and risk trend changes related to security service processes and results. This helps you understand the current risk status in your network and the response status of security services. This also helps you effectively identify and understand the benefits of security services for your business. MSSP monitors and handles security risks in your network to ensure business continuity and security. This topic describes the metrics on the Overview page.

    1. Log on to the MSSP console. By default, the Overview page is displayed.

    2. Optional. In the upper-left corner of the Overview page, select a time range and an alert source.

      • By default, the system displays the statistics of the last 30 days. You can select Last 7 Days, Last 6 Months, or Last 1 Year from the drop-down list or specify a time range that you want to query.

      • If you enable security services such as Security Center, Web Application Firewall (WAF), Cloud Firewall, and Anti-DDoS, MSSP integrates the risk data from the security services to help you monitor and handle all alerts in a centralized manner. You can select an alert source from the drop-down list to view the corresponding alerts.

      • By default, Auto Refresh is turned on. The system automatically updates the statistics every 5 minutes. In the upper-right corner of the Overview page, you can turn on or turn off Auto Refresh.

    3. On the Overview page, view the service statistics.

      The Overview page consists of various sections, such as Security Service Data Statistics, Protection Coverage, and Alert Handling Overview. The following table describes the sections.

      image.png

      Section

      Description

      Security Service Data Statistics

      (marked 1 in the preceding figure)

      Displays the MSSP statistics to help you understand the response status of security services.

      • Service Responses: the total number of service ticket responses within a specific time range and the growth rate of service ticket responses compared with the same period in the previous year.

      • Average Response Time: the average duration taken to handle each alert from the time when the alert is generated to the time when the alert is resolved within a specific time range.

      • Closed-Loop Risk Rate: the problem resolution rate within a specific time range. The closed-loop risk rate is calculated by using the following formula: Closed-loop risk rate = Number of handled alerts/Total number of alerts × 100%.

      • Ticket Responses: the total number of alerts generated within a specific time range.

      • Unhandled Risks: the total number of vulnerabilities that are not fixed within a specific time range. The vulnerabilities include system vulnerabilities and application vulnerabilities.

      • Handled Risks: the total number of fixed vulnerabilities within a specific time range. The vulnerabilities include system vulnerabilities and application vulnerabilities.

      • Risk Convergence Rate: the fix rate of vulnerabilities within a specific time range. The risk convergence rate is calculated by using the following formula: Risk convergence rate = Total number of fixed vulnerabilities/Total number of vulnerabilities × 100%.

      • Service Time: the number of days for which the service is provided. The expiration date of the service is also displayed. If the service is about to expire, you can click Renew Now and complete the renewal as prompted.

      Protection Coverage (marked 2 in the preceding figure)

      Displays the security status of cloud assets within the current Alibaba Cloud account from different dimensions. This helps you understand the security status of cloud assets and identify unprotected cloud assets.

      • WAF Protection Coverage: displays the percentage of cloud assets that are added to WAF and provides the coverage growth rate compared with the same period in the previous year.

        The WAF protection coverage is calculated by using the following formula: WAF protection coverage = Number of cloud assets that are added to WAF/Total number of cloud assets that can be added to WAF within the current Alibaba Cloud account × 100%.

      • ECS Protection Coverage: displays the percentage of Elastic Compute Service (ECS) instances that are added to Security Center and provides the coverage growth rate compared with the same period in the previous year.

        The ECS protection coverage is calculated by using the following formula: ECS protection coverage = Number of ECS instances that are added to Security Center/Total number of ECS instances within the current Alibaba Cloud account × 100%.

      • EIP Protection Coverage: displays the percentage of elastic IP addresses (EIPs) that are added to Cloud Firewall and provides the coverage growth rate compared with the same period in the previous year.

        The EIP protection coverage is calculated by using the following formula: EIP protection coverage = Number of EIPs that are added to Cloud Firewall/Total number of EIPs within the current Alibaba Cloud account × 100%.

      Alert Handling Overview (marked 3 in the preceding figure)

      Displays the percentage of security alerts in handled, unhandled, and handling states, and provides the growth rate of the total number of alerts compared with the same period in the previous year.

      The alert handling rate is calculated by using the following formula: Alert handling rate = Number of handled alerts/(Number of handled alerts + Number of unhandled alerts + Number of handing alerts) × 100%.

      Alert Trend (marked 4 in the preceding figure)

      The line chart on the left shows the trend in the total number of generated alerts and the number of converged alerts.

      The list on the right shows the top 10 alert types with the largest number of handled alerts.

      Trend of Network Attack Events (marked 5 in the preceding figure)

      Displays the trend in the total number of alerts that are generated from different sources. The alert sources include Anti-DDoS, WAF, and Cloud Firewall.

      Trend of Affected Attacked Assets (marked 6 in the preceding figure)

      Displays the trend in the number of ECS instances from which alerts are generated.

      Trend of Vulnerability Risk Convergence (marked 7 in the preceding figure)

      Displays the trends in the numbers of generated vulnerabilities and fixed vulnerabilities. The vulnerabilities include system vulnerabilities and application vulnerabilities.

      Trend of Compliance Risk Convergence (marked 8 in the preceding figure)

      Displays the trends in the numbers of generated baseline risks and fixed baseline risks.