Security Center provides unified security management and protection for your cloud assets. It creates an automated security operations system by integrating asset management, risk discovery, security hardening, real-time defense, and incident response. Security Center protects workloads, such as hosts, containers, and virtual machines, deployed on Alibaba Cloud, other cloud platforms, or in on-premises data centers. It defends against threats such as ransomware, malicious mining, and vulnerability exploits, and helps you meet compliance requirements such as MLPS 2.0.
Service architecture
Security Center uses the following core components to complete a closed-loop security operations cycle, from asset discovery to incident response:
Asset inventory: Provides a unified inventory and management of all assets, including servers, containers, and cloud-native products, in multi-cloud environments. This enhances asset visibility and creates a foundation for risk assessment and policy development.
Risk discovery: Proactively identifies potential security risks, including operating system (OS) and application vulnerabilities, cloud product misconfigurations, and identity risks such as leaked AccessKey pairs.
Security hardening: Offers risk remediation capabilities, such as patching system vulnerabilities, correcting misconfigurations, and enabling web tamper proofing and data backup against ransomware to enhance asset security.
Real-time protection: Delivers continuous protection for host and container runtime environments. It uses technologies such as virus signatures, behavior analysis, and Runtime Application Self-Protection (RASP) to detect and automatically block attacks, such as viruses, Trojans, unauthorized logons, and malicious files, in real time.
Proactive detection and response: Uses cloud honeypots to lure attackers, reconstructs attack chains with Agentic SOC, and uses a security large language model (LLM) for alert correlation analysis. This process enables automated incident handling through Security Orchestration, Automation, and Response (SOAR).
Scenarios
MLPS 2.0 compliance support
To meet compliance requirements such as the Multi-Level Protection Scheme (MLPS) 2.0, Security Center provides a range of security capabilities that align with specific compliance clauses. Features such as baseline checks and remediation, vulnerability management, security audits, and intrusion prevention help you implement the required technical and administrative security measures. This simplifies the compliance process and enables your organization to meet requirements efficiently.
Unified host security for hybrid and multi-cloud environments
For complex environments with workloads deployed across Alibaba Cloud, other cloud providers, and on-premises data centers, Security Center offers a unified security management solution. By deploying an agent on all servers, Security Center provides centralized security control for hosts across different platforms and regions. This enables unified virus scanning, vulnerability assessments, and policy configuration, which reduces operations and maintenance (O&M) complexity and strengthens your overall security posture.
Secure the full container lifecycle
To address security challenges in containerized environments, Security Center provides protection across the entire container lifecycle, from build and deployment to runtime. It offers features such as container image scanning, runtime intrusion detection and prevention, and Kubernetes cluster threat detection to secure cloud-native applications effectively.
Benefits
As a cloud-native security product, Security Center offers the following benefits over traditional server antivirus software:
Unified management: Provides unified protection and management for hosts and containers across Alibaba Cloud, other cloud providers, and on-premises data centers.
Lightweight and efficient: Uses a cloud-based detection and endpoint-based response architecture. The agent consumes minimal server resources (CPU usage does not exceed 10% of a single-core CPU in low-consumption mode) and does not affect business performance.
Deep integration: Deeply integrated with the cloud platform to detect configuration risks in cloud products. It interoperates with other security services, such as Cloud Firewall, to enable automated threat response and complete the security operations loop.
Comprehensive attack detection: Provides end-to-end threat detection capabilities with over 380 threat detection models and eight protection engines to quickly identify and defend against the latest risks.
Billing methods
Security Center supports two billing methods: subscription and pay-as-you-go. Each method defines how you are charged by Alibaba Cloud and which features are available.
Regardless of the billing method you choose, you have access to the features of the Free Edition. For more information, see Introduction to the Free Edition of Security Center.
Comparison Items | Subscription (upfront) | Pay-as-you-go (post-paid) |
Billing characteristics | Pay a single fee for a monthly or yearly term. The fixed cost makes budgeting simple. | Pay only for what you use, offering flexibility with no upfront investment. |
Billing breakdown | Fee = Edition fee + Value-added service fee (optional).
Note For more information, see Billing. | Fee = Basic service fee + Feature usage fee.
Note For more information, see Billing. |
Scenarios | Suitable for scenarios with stable, long-term business needs and a fixed budget. | Ideal for scenarios with elastic scaling, short-term, or frequently changing business demands. |
Service regions and data centers
Security Center operates two global service centers to ensure data compliance and provide low-latency services. Data and configurations are isolated between the two centers. In the top navigation bar of the Security Center console, you can select the region that matches your asset's location.
Data centers in the Chinese mainland: Provides security detection and protection for assets in the Chinese Mainland region.
Singapore data center: Provides security detection and protection for assets in regions Outside Chinese Mainland.
Region | Data center | Asset locations protected |
Chinese Mainland | Data centers in the Chinese mainland |
|
Outside Chinese Mainland | Singapore data center |
|
Get started
Onboard your assets: Choose the appropriate method to onboard your assets based on your requirements.
Onboard host assets: Install the agent
Onboard container assets: Add image repositories, Add self-managed Kubernetes clusters
Onboard third-party cloud assets: Add assets from third-party clouds
Onboard data center assets: Add assets from data centers
Onboard assets using a proxy: Connect using a proxy
Manage your assets by type.
Manage host assets: Host assets
Manage container assets: Container assets
Manage website assets: View website information
Manage cloud product assets: View cloud product information
Configure features: For more information about the available features, see Features. Then, you can follow the corresponding documentation to configure them.
For a quick start, see Quickly master your ECS security posture and Quick start for Agentic SOC.
FAQ
Editions, trials, and billing
How do I choose the right Security Center edition?
The edition you choose depends on your core security needs, asset types, budget, and other factors. For more information, see Purchase Security Center.
Can I apply for the free trial more than once?
No, you cannot. Each Alibaba Cloud account is eligible for only one free trial of the Enterprise Edition.
What is the difference between the Free Edition and the Enterprise Edition free trial?
Characteristic
Free Edition
Enterprise Edition free trial
Eligible accounts
All Alibaba Cloud accounts that have completed identity verification.
Accounts that have not activated a trial or paid version of the Enterprise Edition.
Mitigation capabilities
Provides basic security capabilities permanently.
Provides temporary access to all features of the paid Enterprise Edition.
Duration
Permanent
7 days
Core capabilities
Scanning for abnormal logons, mining and DDoS Trojans, and major vulnerabilities.
Includes all Enterprise Edition capabilities, such as virus scanning, advanced threat detection, and vulnerability remediation.
Viewing Limits
Activated automatically. No application is required.
Each account can apply only once.
How can I obtain Security Center for free?
Free Edition: This edition is automatically activated after you complete identity verification for your Alibaba Cloud account. For more information, see Introduction to the Free Edition of Security Center.
Enterprise Edition free trial: You can activate a 7-day free trial.
Core features and scenarios
Does Security Center comply with international security standards?
Yes, it does. Security Center is certified for ISO 9001, ISO 20000, ISO 22301, ISO 27001, ISO 27017, ISO 27018, ISO 29151, ISO 27701, BS 10012, CSA STAR, Payment Card Industry Data Security Standard (PCI DSS), and many other international standards.
Does Security Center support virus scanning and removal?
Yes, it does. The Anti-virus, Premium, Enterprise, and Ultimate editions of Security Center detect and remove common network viruses.
Can Security Center automatically quarantine infected files?
No, it does not support automatic quarantine, but it does support automatic blocking.
Automatic blocking: This refers to the real-time detection and prevention of malicious processes and behaviors when a virus attempts to intrude, which prevents system infection. Security Center can automatically block various network viruses, including ransomware, mining programs, and Trojans.
File quarantine: This action moves an infected file to a quarantine area. Because quarantining a system or business file can cause a service interruption, an administrator must manually perform this action after assessing the risk to ensure business continuity.
In a cyberattack scenario, how does Security Center provide end-to-end security?
Security Center provides systematic detection and response capabilities by covering every stage of the attack chain:
Before an attack (assessment and hardening): Security Center comprehensively discovers system security risks and configuration weaknesses through asset information collection, vulnerability assessment, and baseline checks. It also provides features such as one-click remediation, baseline hardening, and permission optimization to reduce the attack surface.
During an attack (detection and defense): When an attack occurs, Security Center effectively detects and blocks various attack behaviors, such as webshells, unusual outbound connections, brute-force attacks, ransomware, and mining programs.
After an incident (response and forensics): Security Center correlates cloud-based threat intelligence with host behavior anomalies to generate alerts and trace security incidents. This helps you identify the cause of an intrusion and develop an emergency response strategy.
Asset coverage and connection
Can Security Center be used for non-Alibaba Cloud servers, such as those in on-premises data centers or from other cloud providers?
Yes, it can. You can install the agent on non-Alibaba Cloud servers to protect them with Security Center. The methods are as follows:
Server type
Connection type description
Alibaba Cloud ECS servers
If you select "Security Hardening" when you purchase an ECS instance, the agent is automatically installed and the Free Edition is activated. To manually install or upgrade the agent, follow the instructions in the console after you purchase a paid edition.
Servers in data centers or from other cloud providers
Install the agent on your servers and connect them over the Internet or through a proxy by following the instructions in the console. For more information, see Connect servers in data centers to Security Center through a proxy cluster and Add assets from third-party clouds.
My server assets are not in the Chinese mainland. Can I still use Security Center? How is my data handled?
Yes, you can. Security Center provides a Singapore data center for assets located Outside Chinese Mainland. When you select the Outside Chinese Mainland region in the Security Center console, all your security data is processed and stored in the Singapore data center. This ensures that no data is transferred across borders, in compliance with data sovereignty requirements.