Help & Documentation>Cloud Security Center

Feature Overview

Last updated: 2023-09-01 14:23:10

Feature Background

With the frequent occurrence of security incidents such as network attacks and data breaches, enterprises are facing an increasing number of security threats and risks. Moreover, enterprises need to implement the requirements of relevant laws and regulations and continuously enhance their security capabilities. Therefore, the Cloud Security Center provides a one-click security checkup feature to help enterprises discover six major potential security threats to their cloud business assets.

Scenarios

Routine Security Checkup

To promptly understand the security status and regularly monitor the network security status, users can initiate a security checkup to assess the security status of the enterprise based on the business status, security needs, and security risks of the enterprise. Security checkups can help enterprises discover potential security issues at an early stage and take corresponding measures to enhance the enterprise's security level.

Cybersecurity Classified Protection Compliance Detection

To assist users in meeting security compliance requirements, the security product offers a security checkup feature that can assess the security status of cloud assets and provide reinforcement recommendations based on the results. Users can continuously monitor and evaluate the compliance risks of their cloud assets according to their needs.

Feature details

Health check items

Health check items
Project Content
Identify source
Port risks
For businesses involving public network IPs and domain names, the Cloud Security Center and Cloud Firewall provide the capability to detect exposed ports.
Cloud Security Center
Vulnerabilities
Years of security capability building has accumulated a rich and comprehensive vulnerability rule library, covering web vulnerabilities in the OWASP TOP 10, such as SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF), and weak passwords. Simultaneously, the system also possesses efficient detection capabilities for 0Day/1Day/NDay vulnerabilities.
Cloud Security Center, Linked with Host Security and Container Security
Weak password
For general business involving host assets, public IP addresses, and domain names, weak password detection is provided by the Cloud Security Center and Host Security.
Cloud Security Center, Linked with Cloud Workload Protection
Cloud Resource Configuration Risks
Offers automated inspection and assessment capabilities for cloud resource configuration risks, encompassing a variety of cloud resources such as cloud servers, containers, object storage, cloud databases, and load balancers.
Cloud Security Center, Linked with Host Security and Container Security
Risk service exposure
For assets exposed to the Internet on the cloud, we provide an Internet attack surface mapping feature. This quickly identifies potential attack surfaces such as exposed ports, services, and components of cloud assets.
Cloud Security Center
Website Content Risks
Swiftly and accurately identify sensitive images, text information, and other risky website content. Conduct multi-dimensional intelligent detection for risks such as website trojans, hidden links, spam advertisements, and mining pools.
Cloud Security Center
Note:
When the source is identified as the Cloud Security Center, we can infer potential vulnerabilities, weak passwords, and exposed risky services, but this requires port scanning to obtain information about open ports and services on the target system. For instance, if the target host has port 80 open (HTTP service), there may be a risk of Web application vulnerabilities.

medical assets

medical assets
Health check items
Cloud Virtual Machine (CVM), Light Application Server, Edge Computing Machine
Vulnerabilities, Weak Passwords, Cloud Resource Configuration Risks
Authorized local images, repository images
Vulnerabilities
Cluster with Components Running Properly
Vulnerabilities and Cloud Resource Configuration Risks
Public IP and Domain Name Assets
Port, Vulnerability, Weak Password, Website Content Risks
Cloud Load Balancer (CLB), Subnet, TencentDB for MySQL, TencentDB for Redis, TencentDB for MariaDB, TencentDB for PostgreSQL, TencentDB for MongoDB, Cloud Block Storage (CBS), Cloud Object Storage (COS), Elasticsearch Service.
Cloud Resource Configuration Risks
Note:
The risk service exposure is an exclusive capability of the Cloud Security Center Enterprise Edition and Ultimate Edition, and it does not consume the checkup quota. Currently, the detection of subnet and Cloud Block Storage (CBS) cloud resource configuration risks also does not consume the checkup quota.

Checkup Consumption

medical assets
Health check items
Consuming Checkup Quota
Public IP and Domain Name Assets
Vulnerabilities, Weak Passwords, Website Content Risks
One checkup consumes the checkup quota = Number of assets checked
Cloud Server, Load Balancer, MySQL, Redis, MariaDB, PostgreSQL, MongoDB, Elasticsearch Service, Object Storage COS
Cloud Resource Configuration Risks

Cloud Security Center Version Feature Comparison

Health check items
Free edition
Premium Edition
Enterprise Edition
Ultimate
Port risks
Emergency vulnerabilities
Vulnerabilities
-
Weak password
-
Cloud Resource Configuration Risks
-
Risk service exposure
-
-
Website Content Risks
-
-
Health Check Quota
20 times
400 times/month (scalable)
1,200 times/month. Purchase additional quota if necessary.
4,800 times/month (scalable)
Task Quota
1 partition
10
20
50, with the potential to expand without limitation.
As per the table, the Cloud Security Center will provide different checkup items, checkup quotas, and task quotas based on the version to validate each security checkup.