Security Center provides various features, such as asset management, configuration assessment, and proactive defense, to protect cloud assets from threats such as virus spreading, attacks, encryption for ransom, and vulnerability exploits. You can purchase protection features based on your business requirements to ensure the security of your cloud assets.
Purchase instructions
The Basic, Anti-virus, Advanced, Enterprise, and Ultimate editions of Security Center support basic protection features and different value-added features. The value-added features include anti-ransomware, container image scan, cloud honeypot, web tamper proofing, and application protection. The editions help meet your security protection requirements in various scenarios. You can purchase Security Center and value-added features based on your business requirements. Before the purchase, we recommend that you learn about the features that are supported by each edition and the billing rules.
For more information about the features supported by each edition and the value-added features, see Functions and features.
For more information about the billing rules of each edition and the value-added features, see Billing overview.
Each Alibaba Cloud account can purchase only one edition of Security Center based on the subscription billing method. You can purchase features based on the pay-as-you-go billing method. When you purchase Security Center, you can purchase one edition but multiple value-added features.
ImportantYou can purchase a value-added feature by using either the subscription or pay-as-you-go billing method. If you purchase the vulnerability fixing and configuration assessment features by using the subscription billing method, you cannot purchase the features by using the pay-as-you-go billing method. If you purchase the vulnerability fixing and configuration assessment features by using the pay-as-you-go billing method, you cannot purchase the features by using the subscription billing method. If you want to change the billing method of a value-added feature from subscription to pay-as-you-go, you must unsubscribe from the feature and then purchase the feature by using the pay-as-you-go billing method. If you want to change the billing method of a value-added feature from pay-as-you-go to subscription, you must disable the feature and then purchase the feature by using the subscription billing method.
Before you purchase Security Center, you can apply for a free trial of the Enterprise or Ultimate edition of Security Center. For more information, see Apply for a 7-day free trial of Security Center.
Purchase guide
This section describes the common security protection scenarios, and the recommended Security Center editions and value-added features for the scenarios.
Host security
Security Center provides asset management, threat detection, event handling, threat tracing, and automated closed-loop security operations for hosts that are provided by Alibaba Cloud and third-party cloud service providers and hosts that are deployed in data centers.
Recommended editions of Security Center: Anti-virus, Advanced, and Enterprise.
You can select one of the preceding editions based on your requirements for host protection.
Recommended value-added features:
Log analysis: allows you to collect, store, and analyze host logs, security logs, and network logs. Security Center Enterprise and Security Center Ultimate support network logs. You can use this feature to investigate and trace attack events. We recommend that you purchase 40 GB of log storage capacity for each server.
Anti-ransomware: allows you to back up and restore host files. This protects your hosts from ransomware. We recommend that you purchase 50 GB of anti-ransomware capacity for each server.
Container security
Security Center allows you to manage assets such as containers, images, and clusters in a centralized manner. Security Center supports Alibaba Cloud container assets and self-managed clusters. Security Center also provides end-to-end protection throughout the container lifecycle in various aspects, such as container vulnerability detection, compliance check, runtime protection, network isolation, anomaly detection, and image security lifecycle management.
Recommended edition of Security Center: Ultimate.
Recommended value-added feature: container image scan. This feature allows you to scan for system vulnerabilities, application vulnerabilities, viruses, and malicious samples with a few clicks, and provides fixing suggestions. This feature allows you to fix image system vulnerabilities with a few clicks. We recommend that you purchase quotas based on the number of images that you want to scan. The number of images is calculated based on the digests of images.
Cloud baseline management
Security Center provides the configuration assessment feature that can be used to analyze and manage risks of multi-cloud services from the following dimensions: authentication, compliance check, and best practices. This helps reduce risks caused by configuration errors and improve the security of cloud services. You can use one of the following methods to purchase the configuration assessment feature:
Enable the configuration assessment feature and specify a quota for the feature when you purchase Security Center by using the subscription billing method. This method requires you to pay for the feature before you use it. This facilitates budget control.
Purchase the configuration assessment feature by using the pay-as-you-go billing method. You are charged based on the number of scans on a daily basis.
Cloud Threat Detection and Response
The Cloud Threat Detection and Response (CTDR) feature allows you to access logs across cloud platforms, accounts, and services such as Web Application Firewall (WAF), Cloud Firewall, and Virtual Private Cloud (VPC). The feature enables you to detect, respond to, and handle alerts and events in a closed-loop manner. This helps improve the efficiency of security operations and log audit to meet the requirements of Multi-Level Protection Scheme (MLPS). We recommend that you purchase the CTDR feature. The following list describes the billable items:
Log data to add: The subscription billing method and tiered pricing are used. The usage is calculated on a daily basis. The more the log data to add, the lower the unit price.
Log storage capacity: Logs from different cloud platforms, accounts, and services are stored and standardized in a centralized manner. The Cybersecurity Law requires logs to be stored for at least 180 days. We recommend that you purchase 120 GB of log storage capacity for each server. If you purchased the log storage capacity for the log analysis feature, we recommend that you set the Log Storage Capacity parameter of the CTDR feature to a value that is three times the purchased log storage capacity for the log analysis feature.
MLPS compliance
If the information system of an enterprise needs to meet the compliance requirements of MLPS, you must select appropriate services based on the requirements to implement various security measures and pass specific checks. Security Center provides the baseline check and baseline fixing features to meet more than 15 server security requirements for intrusion prevention, authentication, and security audit specified in MLPS 2.0. This helps you meet requirements in classified protection assessment.
Recommended edition of Security Center: Enterprise.
Recommended value-added feature: log analysis. This feature allows you to collect, store, and analyze host logs, security logs, and network logs. Security Center Enterprise and Security Center Ultimate support network logs. Some clauses in MLPS require security logs to be stored for at least 180 days. We recommend that you purchase 40 GB of log storage capacity for each server.
Protection for major events
If you want to ensure the security of major activities or critical information systems, you can purchase and use specific features of Security Center. The features help strengthen the security of your enterprise and reduce the impacts of potential threats and risks on your enterprise.
Recommended edition of Security Center: Enterprise.
Recommended value-added features:
Application protection: This feature detects attacks and provides self-protection during application runtime. This feature can also protect applications against attacks that are launched by exploiting most unknown vulnerabilities.
Web tamper proofing: This feature monitors website directories in real time and restores files or directories that are tampered with based on backup files. This helps prevent important website information from being tampered with and prevent websites from being blocked due to trojans, hidden links, terrorism content, and pornographic content.
Complicated business scenario
If your business scenario is complicated, you can purchase a Security Center edition that has strong protection capabilities and specific value-added features to meet your protection requirements. For example, if you want to protect hosts and containers, you can purchase the Ultimate edition, the value-added features such as log analysis and anti-ransomware, and Container Registry (ACR).
Value-added features only
In addition to the preceding protection scenarios, if you want to use only specific value-added features, you can purchase the required value-added features. The following table describes the common value-added features.
Value-added feature | Description | Billing method |
Vulnerability fixing | This feature can fix Linux software vulnerabilities and Windows system vulnerabilities with a few clicks. |
|
Anti-ransomware | This feature backs up and restores data on your servers and databases. This protects your servers and databases from ransomware. | Subscription |
Agentless detection | This feature uses agentless technology to detect security risks, such as vulnerabilities, baseline risks, and alerts, on Elastic Compute Service (ECS) instances. You do not need to install the Security Center agent. | Pay-as-you-go |
Web tamper proofing | This feature can monitor website directories and files on your servers in real time. If a website is tampered with, you can use this feature to restore the files or directories by using backups. This ensures that the website runs as expected. | Subscription |
Malicious file detection | This feature can detect common viruses, such as ransomware and mining programs, in offline files and Object Storage Service (OSS) objects to prevent the spread and execution of malicious files. | Subscription |
Procedure
Purchase Security Center
Go to the Security Center buy page and log on with your Alibaba Cloud account.
Configure the parameters. The following table describes the parameters on the buy page.
Parameter
Description
Billing Method
The billing method of Security Center. Select Subscription.
Protection Scenario
The protection scenario. The editions and recommended value-added features that you can purchase vary based on the scenario that you select.
Edition
The edition that you want to purchase. For more information about the features that are supported by different editions, see Functions and features.
NoteSecurity Center provides the Value-added Plan edition. This edition allows you to separately enable the value-added features, such as anti-ransomware, container image scan, cloud honeypot, web tamper proofing, and application protection, for the Basic edition.
Protected Servers
The number of servers that you want to protect by using Security Center. The default value is the total number of ECS instances plus the servers that are not deployed on Alibaba Cloud but have the Security Center agent installed within your Alibaba Cloud account. You can also specify a value for the parameter based on the number of servers that you want to protect by using Security Center.
NoteIf you specify Anti-virus or Value-added Plan as the edition, you do not need to configure this parameter.
Cores
The number of virtual CPUs (vCPUs) of servers that you want to protect by using Security Center. The default value is the total number of vCPUs of ECS instances and the servers that are not deployed on Alibaba Cloud and have the Security Center agent installed within your Alibaba Cloud account.
NoteThis parameter is required only if you set the Edition parameter to Anti-virus or Ultimate.
Protection Quota
You can click Specify Server Now to bind the quotas for Protected Servers and Cores to servers in the Quota Management dialog box. Before you select a server for binding, you must select the region in which the server resides. You can select China or Outside China.
If you do not bind the quotas to servers, Security Center automatically binds the quotas to random servers to prevent quota waste. After the purchase, you can unbind the quotas that have been automatically bound to servers and rebind the quotas to servers. For more information, see Manage quotas.
Vulnerability Fixing
A value-added feature. This feature is not supported for the Anti-virus or Value-added Plan edition. If you use one of the editions and want to use the feature, you must separately purchase the feature. You can use this feature to fix Linux software vulnerabilities and Windows system vulnerabilities that are detected on your servers with a few clicks. We recommend that you set the vulnerability fixing quota to the total number of vulnerabilities that you want to fix each month.
ImportantIf you want to fix a large number of vulnerabilities, we recommend that you purchase the Advanced, Enterprise, or Ultimate edition. These editions provide an unlimited quota for vulnerability fixing.
If you want to fix a small number of vulnerabilities, you can purchase the vulnerability fixing feature based on the pay-as-you-go billing method. To purchase the vulnerability fixing feature based on the pay-as-you-go billing method, go to the Vulnerabilities page and click Purchase. Pay-as-you-go bills are not affected by the subscription duration of your Security Center. You can use resources before you pay for them.
Application Protection
A value-added feature. You can use the feature to identify and block attacks on applications during application runtime and provide self-protection. We recommend that you set the application protection quota to the number of Java application processes that you want to protect each month on your hosts. A larger quota provides protection at a lower unit price.
Anti-ransomware
ImportantBefore you purchase this feature, make sure that the servers that you want to protect are deployed in a supported region of anti-ransomware. For more information about the supported regions, see Overview.
A value-added feature. This feature backs up data on your servers and databases. This protects your servers and databases from ransomware. We recommend that you set the anti-ransomware quota to the amount of data that you want to use the feature to back up.
Container Image Scan
A value-added feature. This feature scans images for system vulnerabilities, application vulnerabilities, viruses, and malicious samples, and provides fixing suggestions.
We recommend that you set the quota for container image scan to the number of images that you want to scan each month. Security Center identifies an image based on a unique digest value. If the digest value of an image does not change, the quota specified by the Container Image Scan parameter decreases by one only for the first scan. If the digest value of an image changes and the image is scanned again, the scan on the image is deducted from the quota specified by the Container Image Scan parameter again. The quota decreases by one each time the digest value changes. For example, if you want to scan 10 images within one month and the estimated total number of times the digest values of the images change is 20 within the subscription, set the quota for container image scan to 30. This indicates that the quota for container image scan is equal to the number of images that you want to scan plus the number of times the digest values change.
NoteThis parameter is available only if you set the Edition parameter to Advanced, Enterprise, Ultimate, or Value-added Plan.
Log Analysis
A value-added feature. The feature retrieves data from all logs, including host logs, security logs, and network logs. This allows you to trace and analyze security events. Security Center Enterprise and Security Center Ultimate support network logs.
Cloud Honeypot
A value-added feature. The feature can capture attacks at the earliest opportunity. You can use this feature to detect attacks and protect your core assets in an efficient manner in attack and defense scenarios.
Web Tamper Proofing
A value-added feature. The feature monitors web directories in real time and can restore files or directories that are tampered with based on the backup files. This prevents important website information from being tampered with. You can specify a quota for the web tamper proofing feature based on the number of servers that you want to protect.
Cloud Threat Detection and Response
A value-added feature. The feature allows you to access logs across cloud platforms, accounts, and services such as WAF, Cloud Firewall, and VPC. The feature enables you to detect, respond to, and handle alerts and events in a closed-loop manner. This helps improve the efficiency of security operations and log audit to meet the requirements of MLPS.
If you want to purchase the feature, select Yes for CTDR. Then, you must configure the following parameters:
Log Data to Add: required. Specify the amount of log data that you want to add to the CTDR feature for analysis each day. Unit: GB-day. You can use one of the following methods to evaluate the value of the Log Data to Add parameter:
Evaluate the value based on the log storage capacity that you purchased.
Value of the Log Data to Add parameter (GB-day) = Log storage capacity/TTL × 4
The log storage capacity specifies the storage capacity used by logs that you want to add to the CTDR feature.
Time to live (TTL) specifies the log retention period.
4 represents the log compression ratio, which is the ratio of log access traffic to the log storage capacity of the disk. The log compression ratio ranges from 3 to 6. We recommend that you set the ratio to 4.
Evaluate the value based on the Event Per Second (EPS) of logs that you want to add to the CTDR feature.
Value of the Log Data to Add parameter (GB-day) = EPS × 86,400s × SIZE/(1,024 × 1,024)
EPS specifies the number of raw logs that are added to the CTDR feature within one day.
SIZE specifies the size of each log. In most cases, the size ranges from 3 KB to 7 KB.
Log Storage Capacity: optional. Specify the amount of log data that you want to store. We recommend that you purchase 120 GB of log storage capacity for each server. If you purchased the log storage capacity for the log analysis feature, we recommend that you set the Log Storage Capacity parameter of the CTDR feature to a value that is three times the purchased log storage capacity for the log analysis feature. For more information, see Manage logs.
Configuration Assessment
A value-added feature. If you want to purchase the feature, select Yes and configure the Quota for Configuration Assessment parameter.
This feature can detect configuration errors and security risks in your cloud services and provide a secure environment for cloud services. We recommend that you set the configuration assessment quota to the number of times that you want to perform configuration assessment on your cloud resources each month.
Malicious File Detection
A value-added feature. If you want to purchase the feature, select Yes and configure the Quota for Malicious File Detection parameter. We recommend that you set the Quota for Malicious File Detection SDK parameter to the number of files that you want to scan each month.
The feature uses a large number of file libraries in the cloud and multiple detection engines to detect webshell files, malicious scripts, binary programs, and macro viruses in a precise manner. The feature can also scan a large number of files for malicious files in various scenarios.
Subscription Duration
Select a subscription duration.
NoteIf you select Monthly, 3-month, or Semiannual for Subscription Duration, automatic renewal is enabled by month, quarter, or half year. For example, if you select 3-month when you purchase Security Center, Security Center is automatically renewed for another three months before it expires. For more information, see Automatic renewal.
ImportantIf you use Security Center Basic, you can purchase basic protection features or value-added features that are supported by other editions of Security Center. If you do not need to purchase basic protection features, you can purchase the Value-added Plan edition to separately purchase value-added features.
If you purchased the threat analysis and response feature before April 26, 2024, you are charged based on the original price of USD 0.44 per GB-month for log storage capacity.
On July 21, 2022, the basic service fees for Security Center Ultimate are changed from USD 3 per core-month to USD 23.5 per server-month + USD 1 per core-month.
If you purchased Security Center Ultimate before July 21, 2022, you are charged based on the original prices when you renew, upgrade, or downgrade Security Center.
Starting from July 21, 2022, you are charged the basic service fees for Security Center Ultimate in scenarios when you purchase Security Center Ultimate or upgrade Security Center to the Ultimate edition. Basic service fees = USD 23.5 per server-month + USD 1 per core-month.
Read and select I have read and agree to Security Center Terms of Service, click Order Now, and then complete the payment.
Purchase a feature by using the pay-as-you-go billing method
Go to the Security Center buy page and log on with your Alibaba Cloud account.
Configure the parameters. The following table describes the parameters on the buy page.
Parameter
Description
Billing Method
Select Pay-as-you-go.
Billing Cycle
The default value is Billed by Day. You cannot change the value.
Vulnerability Fixing
Specify whether to enable the vulnerability fixing feature. Select Yes to enable this feature.
Configuration Assessment
Specify whether to enable the configuration assessment feature. The feature provides capabilities such as identity and permission management, compliance check, and baseline check for cloud services. You can manage configuration risks for cloud services in multi-cloud environments in a centralized manner. Select Yes to enable this feature.
Agentless Detection
Specify whether to enable the agentless detection feature. The feature can scan for risks without the need to install the Security Center agent. You are charged based on the amount of scanned data. Select Yes to enable this feature.
Serverless Asset
Specify whether to enable the serverless asset protection feature. The feature can protect serverless assets by using the intrusion detection, vulnerability scan, and baseline check capabilities. Select Yes to enable this feature.
Serverless assets can be protected by using the preceding capabilities only after you add the serverless assets to the feature. You can click Custom Quota Binding. In the Quota Management dialog box, select All Servers or Specific Servers. If you select Specific Servers, you must specify serverless assets that you want to protect.
Otherwise, Security Center automatically adds all serverless assets on which the Security Center agent is online to the feature. For more information about how to add serverless assets, see Serverless assets.
Read and select I have read and agree to Security Center Terms of Service, and click Order Now.
Purchase example
Enterprise A: The enterprise uses the container technology to deploy services. A total of 50 servers and 360 vCPUs are used. Approximately 100 images are generated in the image repository each month.
The enterprise purchases Security Center Ultimate for which the Protected Servers parameter is set to 50, the Cores parameter is set to 360, and the quota for the Container Image Scan parameter is set to 100.
Enterprise B: The enterprise deploys services on Alibaba Cloud and Tencent Cloud with a total of 2,000 servers used. The enterprise requires the anti-virus capability and wants to monitor the security configurations of multiple cloud services.
The enterprise purchases Security Center Enterprise for which the Protected Servers parameter is set to 2000, the Log Analysis parameter is set to 80000, and the Anti-ransomware parameter is set to 500. The enterprise uses 500 GB of anti-ransomware capacity to protect its 10 important servers.
The enterprise purchases the Configuration Assessment feature by using the pay-as-you-go billing method.
References
Before you purchase Security Center, you can apply for a free trial of the Enterprise or Ultimate edition of Security Center. For more information, see Apply for a 7-day free trial of Security Center.
For more information about how to get started with Security Center, see Quick start.
For more information about how to configure common features of Security Center after you purchase Security Center, see Configure common features (simplified).
Security Center provides the Basic edition to all users. The edition provides basic security hardening features. For more information, see Introduction to Security Center Basic.
How do I change the billing method of vulnerability fixing from subscription to pay-as-you-go?