Feature Background
With the frequent occurrence of security incidents such as network attacks and data breaches, enterprises are facing an increasing number of security threats and risks. Moreover, enterprises need to implement the requirements of relevant laws and regulations and continuously enhance their security capabilities. Therefore, the Cloud Security Center provides a one-click security checkup feature to help enterprises discover six major potential security threats to their cloud business assets.
Scenarios
Routine Security Checkup
To promptly understand the security status and regularly monitor the network security status, users can initiate a security checkup to assess the security status of the enterprise based on the business status, security needs, and security risks of the enterprise. Security checkups can help enterprises discover potential security issues at an early stage and take corresponding measures to enhance the enterprise's security level.
Cybersecurity Classified Protection Compliance Detection
To assist users in meeting security compliance requirements, the security product offers a security checkup feature that can assess the security status of cloud assets and provide reinforcement recommendations based on the results. Users can continuously monitor and evaluate the compliance risks of their cloud assets according to their needs.
Feature details
Health check items
Health check items | Project Content | Identify source |
Port risks | For businesses involving public network IPs and domain names, the Cloud Security Center and Cloud Firewall provide the capability to detect exposed ports. | Cloud Security Center |
Vulnerabilities | Years of security capability building has accumulated a rich and comprehensive vulnerability rule library, covering web vulnerabilities in the OWASP TOP 10, such as SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF), and weak passwords. Simultaneously, the system also possesses efficient detection capabilities for 0Day/1Day/NDay vulnerabilities. | Cloud Security Center, Linked with Host Security and Container Security |
Weak password | For general business involving host assets, public IP addresses, and domain names, weak password detection is provided by the Cloud Security Center and Host Security. | Cloud Security Center, Linked with Cloud Workload Protection |
Cloud Resource Configuration Risks | Offers automated inspection and assessment capabilities for cloud resource configuration risks, encompassing a variety of cloud resources such as cloud servers, containers, object storage, cloud databases, and load balancers. | Cloud Security Center, Linked with Host Security and Container Security |
Risk service exposure | For assets exposed to the Internet on the cloud, we provide an Internet attack surface mapping feature. This quickly identifies potential attack surfaces such as exposed ports, services, and components of cloud assets. | Cloud Security Center |
Website Content Risks | Swiftly and accurately identify sensitive images, text information, and other risky website content. Conduct multi-dimensional intelligent detection for risks such as website trojans, hidden links, spam advertisements, and mining pools. | Cloud Security Center |
Note:
When the source is identified as the Cloud Security Center, we can infer potential vulnerabilities, weak passwords, and exposed risky services, but this requires port scanning to obtain information about open ports and services on the target system. For instance, if the target host has port 80 open (HTTP service), there may be a risk of Web application vulnerabilities.
medical assets
medical assets | Health check items |
Cloud Virtual Machine (CVM), Light Application Server, Edge Computing Machine | Vulnerabilities, Weak Passwords, Cloud Resource Configuration Risks |
Authorized local images, repository images | Vulnerabilities |
Cluster with Components Running Properly | Vulnerabilities and Cloud Resource Configuration Risks |
Public IP and Domain Name Assets | Port, Vulnerability, Weak Password, Website Content Risks |
Cloud Load Balancer (CLB), Subnet, TencentDB for MySQL, TencentDB for Redis, TencentDB for MariaDB, TencentDB for PostgreSQL, TencentDB for MongoDB, Cloud Block Storage (CBS), Cloud Object Storage (COS), Elasticsearch Service. | Cloud Resource Configuration Risks |
Note:
The risk service exposure is an exclusive capability of the Cloud Security Center Enterprise Edition and Ultimate Edition, and it does not consume the checkup quota. Currently, the detection of subnet and Cloud Block Storage (CBS) cloud resource configuration risks also does not consume the checkup quota.
Checkup Consumption
medical assets | Health check items | Consuming Checkup Quota |
Public IP and Domain Name Assets | Vulnerabilities, Weak Passwords, Website Content Risks | One checkup consumes the checkup quota = Number of assets checked |
Cloud Server, Load Balancer, MySQL, Redis, MariaDB, PostgreSQL, MongoDB, Elasticsearch Service, Object Storage COS | Cloud Resource Configuration Risks | |
Cloud Security Center Version Feature Comparison
Health check items | Free edition | Premium Edition | Enterprise Edition | Ultimate |
Port risks | ✅ | ✅ | ✅ | ✅ |
Emergency vulnerabilities | ✅ | ✅ | ✅ | ✅ |
Vulnerabilities | - | ✅ | ✅ | ✅ |
Weak password | - | ✅ | ✅ | ✅ |
Cloud Resource Configuration Risks | - | ✅ | ✅ | ✅ |
Risk service exposure | - | - | ✅ | ✅ |
Website Content Risks | - | - | ✅ | ✅ |
Health Check Quota | 20 times | 400 times/month (scalable) | 1,200 times/month. Purchase additional quota if necessary. | 4,800 times/month (scalable) |
Task Quota | 1 partition | 10 | 20 | 50, with the potential to expand without limitation. |
As per the table, the Cloud Security Center will provide different checkup items, checkup quotas, and task quotas based on the version to validate each security checkup.