What are security services? - Managed Security Service - Alibaba Cloud Documentation Center

Alibaba Cloud Managed Security Service (MSSP) provides you with comprehensive security technologies and consulting services based on the best practices of Alibaba Cloud in security over the years. In addition, MSSP also helps you build and optimize security protection systems to ensure business security. This topic describes the details of the security services provided by MSSP and how to use the services.

Service content

Note

The service content varies based on the service specifications. The service content on the buy page shall prevail.

MSSP provides the following services:

Security assessment

The MSSP team assesses the security status quo of your business based on your security requirements, identifies gaps between the current security conditions and best security practices, and develops security solutions.

Category	Description	Method
Network security assessment	Check whether policies for network access control are appropriate. Detects vulnerable ports. Analyze the security issues detected in preceding checks, provide you with fix solutions, and help you fix security vulnerabilities.	Manual inspection and tool scan
Host security assessment	Detect security vulnerabilities in operating systems of hosts and application software. Detect configuration risks in operating systems and application software. Analyze the security issues detected in preceding checks, provide you with fix solutions, and help you fix security vulnerabilities.	Manual inspection and tool scan
Application security assessment	Detect security vulnerabilities in the business application code. Analyze the security issues detected in preceding checks, provide you with fix solutions, and help you fix security vulnerabilities.	Manual review and tool scan

Security detection and inspection

MSSP provides regular security monitoring and inspection services to help you analyze and manage security attacks on increasingly complex systems and application platforms, and provides solutions to reduce O&M workloads. The following table describes the content of routine inspections.

Security aspect	Description
Security product and policy	Enabling status, authorization status, configuration status, and specifications of security products and policies.
Network security layer	Access traffic trend. Unusual network access. DDoS and HTTP flood attacks.
Operating system layer of Elastic Compute Service (ECS) instances	Vulnerable ports, such as ports 22, 3389, and 3306, that are enabled and exposed to the Internet. Configuration risks, such as weak passwords and root user logons. Brute-force attacks on the logon protocol and remote logons. Application middleware vulnerabilities, such as Tomcat vulnerabilities and JBoss vulnerabilities. Other suspicious events on ECS instances.
Application security layer	Business availability. Webshell events. Trojan, hidden links, and tampering of websites. Web application security vulnerabilities.
Data layer	Log audit status of ApsaraDB RDS for SQL Server. The status of the data breach.

Security hardening service
MSSP performs security hardening to improve the security and anti-attack capabilities of operating systems or network devices based on the issues identified by the risk assessment service. After the related security configuration of the system is complete, periodic security assessment and maintenance services are provided to ensure system security.
Security incident responses
The Incident Response Service is provided based on years of practical expertise and management experience in security attack and defense and the relevant national standards for the response to and handling of information security incidents. If an information security incident occurs, professional responses to the incident is provided on 24/7 basis. The responses are conducted based on prevention, intelligence information collection, mitigation, elimination, and restoration procedures This helps you quickly respond to the incidents and restore your workloads. The post-incident design and planning of efficient cloud security management solutions are also provided, which prevents security incidents and reduce impacts on your business.
Security escort for major events
The Security Escort Service provides professional services and technical support and helps formulate protection solutions for major events. The service can ensure the security of your business during major events, such national major events and major enterprise promotions, by using security products and manual services.
Vulnerability management
MSSP supports the management of operating system vulnerabilities, application middleware vulnerabilities, and code vulnerabilities. Security experts can detect vulnerabilities at different layers by using the manual inspection or tool scan method. Security experts track the entire process of vulnerability management, from vulnerability detection to fixing. Security experts help you effectively fix vulnerabilities to prevent unnecessary security risks.
Security product operations
For enterprises that do not have professional security personnel, MSSP provides professional managed security services, including Alibaba Cloud Security products and third-party security products. Alibaba Cloud can help you manage security product configurations based on security threats, create custom security policies, and build a solid security defense system.
Security effect analysis
After security services are delivered, MSSP uses the Alibaba Cloud big data platform to build an in-depth analysis model. This model can perform threat intelligence analysis on the assessment of business assets in the cloud, identification of key systems, analysis of business security threats, and comprehensive risk identification. Based on the threat intelligence analysis, this model can detect residual business risks, configure risk priorities, and provide a basis and reference for security planning and construction.

Use a service

The following items describe how to use a service.

After you purchase a security service of any specifications in the MSSP console, an MSSP expert contacts you within one business day by phone call, DingTalk group, or email.
Based on the content of the service that you purchase, the MSSP expert needs to analyze information about your business, such as architecture, O&M status, and security status. Based on the collected information, the expert will formulate a security solution and confirm the solution with you.
The expert implements the solution that you confirm. The security operation effect varies based on different solutions.
Security service reports are provided on a regular basis. The expert helps you analyze the detected issues, formulate a solution, and resolve the issues based on the reports.
MSSP performs periodic inspections on your business within the service scope to ensure the effectiveness of security operations.
The expert monitors the entire lifecycle of an security incident, including before, during, and after the event, to improve the quality of security management and reduce the occurrence of security incidents.

Purchase security services

Log on to the buy page of MSSP.
On the buy page that appears, select the service specifications and quantity that you want to purchase.
For more information, see Enable MSSP.
Click Buy Now and complete the payment.

Download a security service report

Log on to the MSSP console.
In the left-side navigation pane, choose Service Report > Security Service.
On the Security Service page, find the service report that you want to download and click Download in the Actions column.