Main Functions
With the Cloud Security Center, users can view the critical alert information of all purchased security products to avoid scattered information and missing important security risks. Moreover, situation awareness helps users analyze the historical security status of networks, applications, and hosts from a global perspective. Using the Cloud Security Center requires users to install an agent service on their hosts.
1. Overview
The overview provides dynamic information of the Cloud Security Center, including basic asset information, basic security information, specific security information, and a summary of security information.
2. Security Threats
Security threats refer to events on user services that can be exploited to potentially cause intrusion threats. Types include host vulnerabilities, web vulnerabilities, application and system baselines, and open services to the Internet.
- Host vulnerabilities include system vulnerabilities on user cloud hosts and local servers, and installed application vulnerabilities. Attackers may exploit these vulnerabilities to gain system access, sensitive information, or cause denial of service.
- Web vulnerabilities refer to security vulnerabilities present in web services deployed on the user’s host, including XSS vulnerabilities, SQL injection, WebShell upload, command injection, and unauthorized HTTP protocol requests.
- Application and system baselines include checks for weak passwords in systems and applications, and reading and analyzing configuration of application layer software (e.g., PHP, MongoDB, Redis, MySQL, Nginx, HTTPD) to determine if configuration items meet security baseline requirements.
3. Security Incidents
Security incidents are threat events that cause actual security impacts on user services, including abnormal login behavior, Trojans, DDoS attacks, and web traffic attacks at the application layer.
- Abnormal login behavior can detect abnormal login activities on servers, flagging activities such as remote logins and brute force attacks.
- The self-developed Trojan detection function utilizes various detection methods, including code analysis, data flow analysis, and abnormal network traffic analysis, combining cloud big data analysis and static rules to detect malicious code. It can identify PHP, JSP website backdoors, ransomware, DDoS backdoors, botnets, and various common viruses.
- DDoS attacks fill the target server with traffic, overloading it to the point of inoperability, and resulting in website outages.
- Web traffic attacks at the application layer can affect application availability, compromise security, or excessively consume resources.
4. Security Protection
Security protection functions evaluate the current security measures used by user businesses from a security perspective and suggest missing protection measures based on user business needs to help users establish secure systems. It primarily includes network DDoS attack protection such as UDDoS\UClean\overseas cleaning, application firewall for web attack protection, host intrusion detection, and vulnerability scanning.
5. Security Compliance
Against the backdrop of the accelerated global digitalization, cloud security has become the key for overseas enterprises to ensure the stable operation of their businesses. The cloud security baseline inspection service strictly adheres to internationally recognized security standards and regulations, building a solid security line of defense for the cloud assets of overseas enterprises.
This service uses advanced technical means to conduct in-depth analysis of the configuration details of cloud servers, storage systems, and various application programs. The professional team will break down international security standards into detection items for specific cloud assets, and then use automated tools to conduct a comprehensive scan of all kinds of cloud assets of the enterprise. After the inspection is completed, it will clearly point out the security compliance status of key aspects such as the communication network, data storage, and application operation environment. For parts that do not meet international standards, it will provide specific and actionable improvement suggestions. Even if an enterprise lacks professional security personnel internally, it can still easily complete the self-assessment and optimization of cloud security with the help of this service, effectively reducing security risks and ensuring the compliant and stable development of its business in the international market.