All Products
Search
Document Center

Security Center:Purchase Security Center

Last Updated:Dec 25, 2024

Security Center provides various features, such as asset management, Cloud Security Posture Management (CSPM), and proactive defense, to protect cloud assets from threats such as virus spreading, attacks, encryption for ransom, and vulnerability exploits. You can purchase protection features based on your business requirements to ensure the security of your cloud assets.

Purchase instructions

The Basic, Anti-virus, Advanced, Enterprise, and Ultimate editions of Security Center support basic protection features and different value-added features. The value-added features include anti-ransomware, container image scan, cloud honeypot, web tamper proofing, and application protection. The editions help meet your security protection requirements in various scenarios. You can purchase Security Center and value-added features based on your business requirements. Before the purchase, we recommend that you learn about the features that are supported by each edition and the billing rules.

  • For more information about the features supported by each edition and the value-added features, see Functions and features.

  • For more information about the billing rules of each edition and the value-added features, see Billing overview.

  • Each Alibaba Cloud account can purchase only one edition of Security Center based on the subscription billing method. You can purchase features based on the pay-as-you-go billing method. When you purchase Security Center, you can purchase one edition but multiple value-added features.

    Important

    You can purchase a value-added feature by using either the subscription or pay-as-you-go billing method. If you purchase the vulnerability fixing and CSPM features by using the subscription billing method, you cannot purchase the features by using the pay-as-you-go billing method. If you purchase the vulnerability fixing and CSPM features by using the pay-as-you-go billing method, you cannot purchase the features by using the subscription billing method. If you want to change the billing method of a value-added feature from subscription to pay-as-you-go, you must unsubscribe from the feature and then purchase the feature by using the pay-as-you-go billing method. If you want to change the billing method of a value-added feature from pay-as-you-go to subscription, you must disable the feature and then purchase the feature by using the subscription billing method.

  • Before you purchase Security Center, you can apply for a free trial of the Enterprise or Ultimate edition of Security Center. For more information, see Apply for a 7-day free trial of Security Center.

Purchase guide

This section describes the common security protection scenarios, and the recommended Security Center editions and value-added features for the scenarios.

Host security

Security Center provides asset management, threat detection, event handling, threat tracing, and automated closed-loop security operations for hosts that are provided by Alibaba Cloud and third-party cloud service providers and hosts that are deployed in data centers.

  • Recommended editions of Security Center: Anti-virus, Advanced, and Enterprise.

    You can select one of the preceding editions based on your requirements for host protection.

    image

  • Recommended value-added features:

    • Log analysis: allows you to collect, store, and analyze host logs, security logs, and network logs. Security Center Enterprise and Security Center Ultimate support network logs. You can use this feature to investigate and trace attack events. We recommend that you purchase 50 GB of log storage capacity for each server.

    • Anti-ransomware: allows you to back up and restore host files. This protects your hosts from ransomware. We recommend that you purchase 50 GB of anti-ransomware capacity for each server.

Container security

Security Center allows you to manage assets such as containers, images, and clusters in a centralized manner. Security Center supports Alibaba Cloud container assets and self-managed clusters. Security Center also provides end-to-end protection throughout the container lifecycle in various aspects, such as container vulnerability detection, compliance check, runtime protection, network isolation, anomaly detection, and image security lifecycle management.

  • Recommended edition of Security Center: Ultimate.

  • Recommended value-added feature: container image scan. This feature allows you to scan for system vulnerabilities, application vulnerabilities, viruses, and malicious samples with a few clicks, and provides fixing suggestions. This feature allows you to fix image system vulnerabilities with a few clicks. We recommend that you purchase quotas based on the number of images that you want to scan. The number of images is calculated based on the digests of images.

Cloud baseline management

Security Center provides the CSPM feature that can be used to analyze and manage risks of multi-cloud services from the following dimensions: authentication, compliance check, and best practices. This helps reduce risks caused by configuration errors and improve the security of cloud services. You can use one of the following methods to purchase the CSPM feature:

  • Enable the CSPM feature and specify a quota for the feature when you purchase Security Center by using the subscription billing method. This method requires you to pay for the feature before you use it. This facilitates budget control.

  • Purchase the CSPM feature by using the pay-as-you-go billing method. You are charged based on the number of scans on a daily basis.

CTDR

The Cloud Threat Detection and Response (CTDR) feature allows you to access logs across cloud platforms, accounts, and services such as Web Application Firewall (WAF), Cloud Firewall, and virtual private cloud (VPC). The feature enables you to detect, respond to, and handle alerts and events in a closed-loop manner. This helps improve the efficiency of security operations and log audit to meet the requirements of Multi-Level Protection Scheme (MLPS). We recommend that you purchase the CTDR feature. The following list describes the billable items:

  • Log data to add: After standardizing the data from alerts and logs across cloud platforms, accounts, and services, you can utilize features like threat analysis, event investigation, and SOAR to enhance security operation efficiency.

    This item supports both subscription and pay-as-you-go billing methods. With subscription, usage is calculated daily in GB. It is recommended to configure 5 GB per day for each server, with the cumulative usage quota resetting at 12 a.m. daily. The minimum purchase is 100 GB per day, and you can increase log data in increments of 100 GB per day.

  • Log storage capacity: The accessed log data can be delivered and stored, can be delivered and stored, allowing for unified search and management. Powerful SQL syntax and statistical analysis capabilities are also provided.

    Note that the Cybersecurity Law requires logs to be stored for at least 180 days.

    This item supports the subscription billing method. We recommend configuring 100 GB of log capacity for each server. The minimum purchase is 1,000 GB, and you can increase log capacity in increments of 1,000 GB.

MLPS compliance

If the information system of an enterprise needs to meet the compliance requirements of MLPS, you must select appropriate services based on the requirements to implement various security measures and pass specific checks. Security Center provides the baseline check and baseline fixing features to meet more than 15 server security requirements for intrusion prevention, authentication, and security audit specified in MLPS 2.0. This helps you meet requirements in classified protection assessment.

  • Recommended edition of Security Center: Enterprise.

  • Recommended value-added feature: log analysis. This feature allows you to collect, store, and analyze host logs, security logs, and network logs. Security Center Enterprise and Security Center Ultimate support network logs. Some clauses in MLPS require security logs to be stored for at least 180 days. We recommend that you purchase 50 GB of log storage capacity for each server.

Protection for major events

If you want to ensure the security of major activities or critical information systems, you can purchase and use specific features of Security Center. The features help strengthen the security of your enterprise and reduce the impacts of potential threats and risks on your enterprise.

  • Recommended edition of Security Center: Enterprise.

  • Recommended value-added services:

    • Application protection: This feature detects and blocks attacks during application runtime. This feature can also protect applications against attacks that are launched by exploiting most unknown vulnerabilities.

    • Web tamper proofing: This feature monitors website directories in real time and restores files or directories that are tampered with based on backup files. This helps prevent important website information from being tampered with and prevent websites from being blocked due to trojans, hidden links, terrorism content, and pornographic content.

Complicated business scenario

If your business scenario is complicated, you can purchase a Security Center edition that has strong protection capabilities and specific value-added features to meet your protection requirements. For example, if you want to protect hosts and containers, you can purchase the Ultimate edition, the value-added features such as log analysis and anti-ransomware, and Container Registry (ACR).

Value-added features only

In addition to the preceding protection scenarios, if you want to use only specific value-added features, you can purchase the required value-added features. The following table describes the common value-added features.

Value-added feature

Description

Billing method

Vulnerability fixing

This feature can fix Linux software vulnerabilities and Windows system vulnerabilities with a few clicks.

  • Pay-as-you-go (recommended)

  • Subscription

    Note

    If you only purchase value-added features or the Anti-Virus edition, you need to purchase vulnerability fixing through subscription or pay-as-you-go. If you purchase the Advanced edition or higher, you can enjoy unlimited vulnerability fixing.

Anti-ransomware

This feature backs up and restores data on your servers and databases. This protects your servers and databases from ransomware.

Subscription

Agentless detection

This feature uses agentless technology to detect security risks, such as vulnerabilities, baseline risks, and alerts, on Elastic Compute Service (ECS) instances. You do not need to install the Security Center agent.

Pay-as-you-go

Web tamper proofing

This feature can monitor website directories and files on your servers in real time. If a website is tampered with, you can use this feature to restore the files or directories by using backups. This ensures that the website runs as expected.

Subscription

Malicious file detection

This feature can detect common viruses, such as ransomware and mining programs, in offline files and Object Storage Service (OSS) objects to prevent the spread and execution of malicious files.

Subscription

Procedure

Purchase Security Center

  1. Go to the Security Center buy page and log on with your Alibaba Cloud account.

  2. Configure the parameters. The following table describes the parameters on the buy page.

    Parameter

    Description

    Billing Method

    The billing method of Security Center. Select Subscription.

    Protection Scenario

    The protection scenario. The editions and recommended value-added features that you can purchase vary based on the scenario that you select.

    Edition

    The edition that you want to purchase. For more information about the features that are supported by different editions, see Functions and features.

    Note

    Security Center provides the Value-added Plan edition. This edition allows you to separately enable the value-added features, such as anti-ransomware, container image scan, cloud honeypot, web tamper proofing, and application protection, for the Basic edition.

    Protected Servers

    The number of servers that you want to protect by using Security Center. The default value is the total number of ECS instances plus the servers that are not deployed on Alibaba Cloud but have the Security Center agent installed within your Alibaba Cloud account. You can also specify a value for the parameter based on the number of servers that you want to protect by using Security Center.

    Note

    If you specify Anti-virus or Value-added Plan as the edition, you do not need to configure this parameter.

    Cores

    The number of virtual CPUs (vCPUs) of servers that you want to protect by using Security Center. The default value is the total number of vCPUs of ECS instances and the servers that are not deployed on Alibaba Cloud and have the Security Center agent installed within your Alibaba Cloud account.

    Note

    This parameter is required only if you set the Edition parameter to Anti-virus or Ultimate.

    Protection Quota

    You can click Specify Server Now to bind the quotas for Protected Servers and Cores to servers in the Quota Management dialog box. Before you select a server for binding, you must select the region in which the server resides. You can select China or Outside China.

    If you do not bind the quotas to servers, Security Center automatically binds the quotas to random servers to prevent quota waste. After the purchase, you can unbind the quotas that have been automatically bound to servers and rebind the quotas to servers. For more information, see Manage quotas.

    Vulnerability Fixing

    A value-added feature. This feature is not supported for the Anti-virus or Value-added Plan edition. If you use one of the editions and want to use the feature, you must separately purchase the feature. You can use this feature to fix Linux software vulnerabilities and Windows system vulnerabilities that are detected on your servers with a few clicks. We recommend that you set the vulnerability fixing quota to the total number of vulnerabilities that you want to fix each month.

    Important
    • If you want to fix a large number of vulnerabilities, we recommend that you purchase the Advanced, Enterprise, or Ultimate edition. These editions provide an unlimited quota for vulnerability fixing.

    • If you want to fix a small number of vulnerabilities, you can purchase the vulnerability fixing feature based on the pay-as-you-go billing method. To purchase the vulnerability fixing feature based on the pay-as-you-go billing method, go to the Vulnerabilities page and click Purchase. Pay-as-you-go bills are not affected by the subscription duration of your Security Center. You can use resources before you pay for them.

    Application Protection

    A value-added feature. You can use the feature to identify and block attacks on applications during application runtime and provide self-protection. We recommend that you set the application protection quota to the number of Java application processes that you want to protect each month on your hosts. A larger quota provides protection at a lower unit price.

    Anti-ransomware

    Important

    Before you purchase this feature, make sure that the servers that you want to protect are deployed in a supported region of anti-ransomware. For more information about the supported regions, see Overview.

    A value-added feature. This feature backs up data on your servers and databases. This protects your servers and databases from ransomware. We recommend that you set the anti-ransomware quota to the amount of data that you want to use the feature to back up.

    Container Image Scan

    A value-added feature. This feature scans images for system vulnerabilities, application vulnerabilities, viruses, and malicious samples, and provides fixing suggestions.

    We recommend that you set the quota for container image scan to the number of images that you want to scan each month. Security Center identifies an image based on a unique digest value. If the digest value of an image does not change, the quota specified by the Container Image Scan parameter decreases by one only for the first scan. If the digest value of an image changes and the image is scanned again, the scan on the image is deducted from the quota specified by the Container Image Scan parameter again. The quota decreases by one each time the digest value changes. For example, if you want to scan 10 images within one month and the estimated total number of times the digest values of the images change is 20 within the subscription, set the quota for container image scan to 30. This indicates that the quota for container image scan is equal to the number of images that you want to scan plus the number of times the digest values change.

    Note

    This parameter is available only if you set the Edition parameter to Advanced, Enterprise, Ultimate, or Value-added Plan.

    Log Analysis

    A value-added feature. The feature retrieves data from all logs, including host logs, security logs, and network logs. This allows you to trace and analyze security events. Security Center Enterprise and Security Center Ultimate support network logs.

    Cloud Honeypot

    A value-added feature. The feature can capture attacks at the earliest opportunity. You can use this feature to detect attacks and protect your core assets in an efficient manner in attack and defense scenarios.

    Web Tamper Proofing

    A value-added feature. The feature monitors web directories in real time and can restore files or directories that are tampered with based on the backup files. This prevents important website information from being tampered with. You can specify a quota for the web tamper proofing feature based on the number of servers that you want to protect.

    Cloud Threat Detection and Response

    A value-added feature. The feature allows you to access logs across cloud platforms, accounts, and services such as WAF, Cloud Firewall, and VPC. The feature enables you to detect, respond to, and handle alerts and events in a closed-loop manner. This helps improve the efficiency of security operations and log audit to meet the requirements of MLPS.

    If you want to purchase the feature, select Yes for CTDR. Then, you must configure the following parameters:

    • Log Data to Add: Select the log data that needs to be added to CTDR, measured in GB per day. After purchasing this item, you can use all features of CTDR except log management, rule management (custom rules), and dashboard.

      Important
      • Log Data to Add is a required parameter unless you enable the pay-as-you-go billing method.

      • If you purchase CTDR using pay-as-you-go, Log Data to Add option will no longer be displayed.

      You can use one of the following methods to evaluate the value of the Log Data to Add parameter:

      • Evaluate the value based on the log storage capacity that you purchased.

        Value of the Log Data to Add parameter (GB-day) = Log storage capacity/TTL

        • The log storage capacity specifies the storage capacity used by logs that you want to add to the CTDR feature.

        • Time to live (TTL) specifies the log retention period.

      • Evaluate the value based on the Event Per Second (EPS) of logs that you want to add to the CTDR feature.

        Value of the Log Data to Add parameter (GB-day) = EPS × 86,400s × SIZE/(1,024 × 1,024)

        • EPS specifies the number of raw logs that are added to the CTDR feature within one day.

        • SIZE specifies the size of each log. In most cases, the size ranges from 3 KB to 7 KB.

    • Log Storage Capacity: optional. Specify the amount of log data that you want to store. We recommend that you purchase 120 GB of log storage capacity for each server. If you purchased the log storage capacity for the log analysis feature, we recommend that you set the Log Storage Capacity parameter of the CTDR feature to a value that is three times the purchased log storage capacity for the log analysis feature. For more information, see Manage logs.

    Cloud Security Posture Management

    A value-added feature. If you want to purchase the feature, select Yes and configure the Scan Quota for Cloud Security Posture Management parameter.

    This feature can detect configuration errors and security risks in your cloud services and provide a secure environment for cloud services. We recommend that you set the CSPM quota to the number of times that you want to perform CSPM on your cloud resources each month.

    Malicious File Detection

    A value-added feature. If you want to purchase the feature, select Yes and configure the Quantity parameter. We recommend that you set the Quota for Malicious File Detection SDK parameter to the number of files that you want to scan each month.

    The feature uses a large number of file libraries in the cloud and multiple detection engines to detect webshell files, malicious scripts, binary programs, and macro viruses in a precise manner. The feature can also scan a large number of files for malicious files in various scenarios.

    Subscription Duration

    Select a subscription duration.

    Note

    If you select Monthly, 3-month, or Semiannual for Subscription Duration, automatic renewal is enabled by month, quarter, or half year. For example, if you select 3-month when you purchase Security Center, Security Center is automatically renewed for another three months before it expires. For more information, see Automatic renewal.

    Important
    • If you use Security Center Basic, you can purchase basic protection features or value-added features that are supported by other editions of Security Center. If you do not need to purchase basic protection features, you can purchase the Value-added Plan edition to separately purchase value-added features.

    • If you purchased the threat analysis and response feature before April 26, 2024, you are charged based on the original price of USD 0.44 per GB-month for log storage capacity.

    • On July 21, 2022, the basic service fees for Security Center Ultimate are changed from USD 3 per core-month to USD 23.5 per server-month + USD 1 per core-month.

    • If you purchased Security Center Ultimate before July 21, 2022, you are charged based on the original prices when you renew, upgrade, or downgrade Security Center.

    • Starting from July 21, 2022, you are charged the basic service fees for Security Center Ultimate in scenarios when you purchase Security Center Ultimate or upgrade Security Center to the Ultimate edition. Basic service fees = USD 23.5 per server-month + USD 1 per core-month.

  3. Read and select I have read and agree to Security Center Terms of Service, click Order Now, and then complete the payment.

Purchase a feature using the pay-as-you-go billing method

  1. Go to the Security Center buy page and log on with your Alibaba Cloud account.

  2. Configure the parameters. The following table describes the parameters on the buy page.

    Parameter

    Description

    Billing Method

    Select Pay-as-you-go.

    Billing Cycle

    The default value is Billed by Day. You cannot change the value.

    Vulnerability Fixing

    Specify whether to enable the vulnerability fixing feature. Select Yes to enable this feature.

    Cloud Threat Detection and Response

    CTDR enables you to access logs across cloud platforms, accounts, and services, and manage alerts and events in a closed-loop manner, enhancing the efficiency of security operations.

    Select Yes to activate all CTDR features, except for log management, rule management (custom rules), and the dashboard.

    Click Create Service-linked Role to set up AliyunServiceRoleForSasCloudSiem. For more information, see Service-linked roles for Security Center.

    Note

    After activating the Cloud Threat Detection and Response with the pay-as-you-go billing method, you must purchase Log Storage Capacity separately if you need to enable log management and store logs added to CTDR.

    Cloud Security Posture Management

    Specify whether to enable the CSPM feature. The feature provides capabilities such as identity and permission management, compliance check, and baseline check for cloud services. You can manage configuration risks for cloud services in multi-cloud environments in a centralized manner. Select Yes to enable this feature.

    Agentless Detection

    Specify whether to enable the agentless detection feature. The feature can scan for risks without the need to install the Security Center agent. You are charged based on the amount of scanned data. Select Yes to enable this feature.

    Serverless Asset

    Specify whether to enable the serverless asset protection feature. The feature can protect serverless assets by using the intrusion detection, vulnerability scan, and baseline check capabilities. Select Yes to enable this feature.

    Serverless assets can be protected by using the preceding capabilities only after you add the serverless assets to the feature. You can click Custom Quota Binding. In the Quota Management dialog box, select All Servers or Specific Servers. If you select Specific Servers, you must specify serverless assets that you want to protect.

    Otherwise, Security Center automatically adds all serverless assets on which the Security Center agent is online to the feature. For more information about how to add serverless assets, see Serverless assets.

  3. Read and select I have read and agree to Security Center Terms of Service, and click Order Now.

Purchase examples

  • Enterprise A: The enterprise uses the container technology to deploy services. A total of 50 servers and 360 vCPUs are used. Approximately 100 images are generated in the image repository each month.

    • The enterprise purchases Security Center Ultimate for which the Protected Servers parameter is set to 50, the Cores parameter is set to 360, and the quota for the Container Image Scan parameter is set to 100.

  • Enterprise B: The enterprise deploys services on Alibaba Cloud and Tencent Cloud with a total of 2,000 servers used. The enterprise requires the anti-virus capability and wants to monitor the security configurations of multiple cloud services.

    • The enterprise purchases Security Center Enterprise for which the Protected Servers parameter is set to 2,000, the Log Analysis parameter is set to 80,000, and the Anti-ransomware parameter is set to 500. The enterprise uses 500 GB of anti-ransomware capacity to protect its 10 important servers.

    • The enterprise purchases the Cloud Security Posture Management feature by using the pay-as-you-go billing method.

References