To meet security protection requirements in different scenarios, Security Center provides basic protection features such as virus detection and removal and asset exposure analysis, and value-added features such as anti-ransomware and web tamper proofing. This topic describes the billing methods, billable items, and billing formulas of Security Center.
Billing methods
Subscription
Security Center supports the subscription billing method. Subscription is a billing method that allows you to pay in advance for the use of resources. This billing method allows you to reserve resources at discounted rates and reduce costs. Subscription is suitable for the following business scenarios:
The usage period of resources can be estimated.
The resource usage does not frequently fluctuate.
Long-term use of resources is required.
The billing cycle of a subscription resource is the subscription duration that you specify when you purchase the resource. The time is based on UTC+8. The billing cycle begins at the time when the subscription resource is purchased or renewed, and ends at 00:00:00 on the day after the expiration date. The start time and end time are accurate to seconds.
Pay-as-you-go
The vulnerability fixing, agentless detection, and CSPM features support the pay-as-you-go billing method. If you purchase a feature by using the pay-as-you-go billing method, you are charged based on the actual resource usage, and bills are generated on the next day.
Billable items
The fees of Security Center consist of basic service fees and value-added service fees.
Basic service fees: You are charged for the basic protection features provided by the current edition of Security Center, such as virus detection and removal, baseline check, proactive defense against container risks, and alerting. Each edition of Security Center supports different basic protection features. You can select an edition based on your business requirements. For more information about the features that are supported by each edition, see Functions and features.
Value-added service fees: You can purchase one or more value-added features when you purchase a specific edition of Security Center. You can also separately purchase value-added features. The value-added features include anti-ransomware, web tamper proofing, and cloud honeypot. You can separately purchase the vulnerability fixing, agentless detection, and CSPM features by using the pay-as-you-go billing method.
Billing formulas
The Basic edition of Security Center is automatically activated for all Alibaba Cloud users. It offers limited detection capabilities without protection features. For enhanced detection and protection, you can purchase the following editions of Security Center: Anti-virus, Advanced, Enterprise, Ultimate, and Value-added Plan.
Edition | Billing formula |
Anti-virus | Fee = (Value of the vCore parameter × Basic service fees + Fees of value-added features) × Subscription duration Note The vCore parameter specifies the total number of virtual CPUs (vCPUs) for servers that you want to protect. |
Advanced | Fee = (Value of the Protected Servers parameter × Basic service fees + Fees of value-added features) × Subscription duration Note The Protected Servers parameter specifies the total number of assets that can be protected by Security Center. The assets include Alibaba Cloud Elastic Compute Service (ECS) instances and servers that are not deployed on Alibaba Cloud and on which the Security Center agent is installed. |
Enterprise | |
Ultimate | Fee = (Value of the Protected Servers parameter × Basic service fees + Value of the vCore parameter × Basic service fees + Fees of value-added features) × Subscription duration |
Value-added Plan | Fee = Fees of value-added features × Subscription duration |
Pay-as-you-go | Fee = Consumed resources of a value-added feature × Unit price |
Pricing
The billable items vary based on the edition of Security Center and the value-added features that you purchase. The prices in the following table are provided for reference only. For more information about the actual prices, go to the Security Center buy page.
Subscription billable items
Billable item | Anti-virus | Advanced | Enterprise | Ultimate | Value-added Plan | |
Basic service fees | USD 1 per core-month | USD 9.5 per server-month | USD 23.5 per server-month | USD 23.5 per server-month + USD 1 per core-month | N/A | |
Value-added service fees | Vulnerability fixing | USD 0.3 per fix-month (The minimum quota that you can purchase is 20.) | An unlimited quota is provided, and no additional fees are generated. | USD 0.3 per fix-month (The minimum quota that you can purchase is 20.) | ||
Application protection | You can purchase a larger quota at a lower unit price.
| |||||
Web tamper proofing | USD 165 per server-month | |||||
Threat analysis and response |
| |||||
Anti-ransomware | USD 0.045 per GB-month | |||||
Log analysis | USD 0.1 per GB-month | Not supported. | ||||
Container image scan | Not supported. | USD 0.1 per image-month | ||||
Cloud honeypot | USD 333.33 per probe-month (The minimum quota that you can purchase is 20.) Note You are charged for cloud honeypot based on the number of probes. | |||||
CSPM | Based on the consumed quota for CSPM (The total number of scans, verifications, and successful fixes for each check performed on an instance), a tiered pricing model is applied. The following list describes the specific pricing details (The minimum quota that you can purchase is 15,000, with increments of 55,000):
Note An instance refers to the instance of a specific network device or an application, such as an Object Storage Service (OSS) bucket or an ECS security group. For more information, see Overview of CSPM. | |||||
SDK for malicious file detection | USD 1.5 per 10,000 detections-month (The minimum quota that you can purchase is 100,000.) Note You are charged based on the number of times that files are detected. | |||||
Subscription duration | Monthly or yearly subscription is supported. | |||||
If you use Security Center Basic, you can purchase basic protection features or value-added features that are supported by other editions of Security Center. If you do not need to purchase basic protection features, you can purchase the Value-added Plan edition to separately purchase value-added features.
If you purchased the threat analysis and response feature before April 26, 2024, you are charged based on the original price of USD 0.44 per GB-month for log storage capacity.
On July 21, 2022, the basic service fees for Security Center Ultimate are changed from USD 3 per core-month to USD 23.5 per server-month + USD 1 per core-month.
If you purchased Security Center Ultimate before July 21, 2022, you are charged based on the original prices when you renew, upgrade, or downgrade Security Center.
Starting from July 21, 2022, you are charged the basic service fees for Security Center Ultimate in scenarios when you purchase Security Center Ultimate or upgrade Security Center to the Ultimate edition. Basic service fees = USD 23.5 per server-month + USD 1 per core-month.
Pay-as-you-go billable items
Vulnerability fixing: After you purchase the vulnerability fixing feature by using the pay-as-you-go billing method, you are charged USD 0.3 per fix by calendar day. For more information, see Purchase the vulnerability fixing feature.
CTDR: When you enable pay-as-you-go for cloud threat detection and response (CTDR), tiered fees are applied based on the different amounts of log data added to the feature each day. The final daily bill is the sum of the costs associated with each tier of log data added.
NoteThe minimum billing unit is 1 GB, with any log data addition under 1 GB billed as 1 GB.
Log data to add (GB/day)
Price (USD/GB)
Billing formula (Y is the data added within one day, in GB)
1~10
2.2
2.2 × Y (USD)
11~50
1.6
1.6 × (Y - 10) + 2.2 × 10 (USD)
51~100
1.4
1.4 × (Y - 50) + 1.6 × 40 + 2.2 × 10 (USD)
>100
1.2
1.2 × (Y - 100) + 1.4 × 50 + 1.6 × 40 + 2.2 × 10 (USD)
Agentless detection: After you purchase the agentless detection feature by using the pay-as-you-go billing method, you are charged USD 0.03 per GB of scanned data by calendar day. For more information, see Use the agentless detection feature.
CSPM: After you purchase the cloud security posture management (CSPM) feature by using the pay-as-you-go billing method, you are charged based on the consumed quota for CSPM (including scan counts, verification counts, and successful fix counts) in the tiered pricing mode by calendar day. For more information, see Purchase and authorization.
Consumed quota for CSPM
Price (USD/time)
0~100,000
0.0009
100,001~500,000
0.0007
Greater than 500,000
0.00045
Serverless asset protection: Upon enabling the Serverless asset protection feature, billing is set at 0.000003 USD per vCore-second on a daily basis. For more information, see Step 1: Purchase the serverless asset protection feature and complete authorization.
Overdue payments
For features that use the subscription billing method, no overdue payments can occur.
If you purchase the vulnerability fixing, agentless detection, or CSPM feature by using the pay-as-you-go billing method, overdue payments may occur. If the sum of the balance and vouchers in your Alibaba Cloud account is less than the payable amount, your bill is overdue.
If you have overdue payments, you can no longer use the vulnerability fixing, agentless detection, or CSPM feature. You can no longer perform operations that generate fees. For example, you can no longer purchase or renew Security Center, or upgrade Security Center specifications.
Refund policy
For information on refund policies, please submit a or contact us for assistance.