Editions
HSS comes in basic, enterprise, premium, and WTP editions. Table 2 describes their functions. For more details, see Functions and Features.
- HSS comes in basic, enterprise, premium, and WTP editions.
You can upgrade your editions in the following scenarios.
- If you have purchased the basic edition, you can upgrade it to the enterprise, premium, or WTP edition.
- If you have purchased the enterprise edition, you can upgrade it to the premium or WTP edition.
- The premium edition is provided for free if you have purchased the WTP edition.
Recommended Editions
- To protect test servers or individual users' servers, use the basic edition. It can protect any number of servers, but only part of the security scan capabilities are available. This edition does not provide protection capabilities, nor does it provide support for DJCP Multi-level Protection Scheme (MLPS) certification.
- If you need to obtain the DJCP MLPS L2 certification, purchase the enterprise edition. If you need to obtain the DJCP MLPS L3 certification, purchase the premium edition. If you need to obtain the DJCP MLPS certification for a website, purchase the Web Tamper Protection edition.
- If your servers store important data assets, have high security risks, use publicly available EIPs, or there are databases running on your servers, you are advised to purchase the premium or Web Tamper Protection edition.
- For servers that need to protect websites and applications from tampering, the WTP edition is recommended.
For details about the application scenarios of each version, see Table 1.
- You are advised to deploy HSS on all your servers so that if a virus infects one of them, it will not be able to spread to others and damage your entire network.
- In the pay-per-use mode, HSS stops charging if the servers it protects are stopped.
Table 1 Recommended Editions Edition
Billing Mode
Scenario
Basic
This edition can protect any number of servers, but only part of the security scan capabilities are available. This edition does not provide protection capabilities, nor does it provide support for DJCP MLPS certification.
You can use this edition to protect test servers or individual users' servers.
The basic edition only provides part of the baseline check and intrusion detection functions, and displays the security risk overview of assets on the cloud.
NOTE:- If the basic edition in yearly/monthly mode expires, HSS resources protecting your servers will be released.
- If you select Yearly/Monthly and a message indicating insufficient quota is displayed, you need to purchase HSS and then enable it.
Enterprise edition
- Purchasing HSS in Pay-per-use Mode
- Yearly/Monthly
Use this edition of you need to obtain DJCP MLPS L2 certification.
This edition can scan your servers for Trojans and other viruses, fix vulnerabilities in one click, and detect intrusions.
Premium
Yearly/Monthly
Use this edition if you need to obtain DJCP MLPS L3 certification.
If your servers store important data assets, have high security risks, use publicly available EIPs, or there are databases running on your servers, you are advised to use this edition.
Web Tamper Protection
Yearly/Monthly
Use this edition if you need to obtain DJCP MLPS certifications for your websites.
For servers that need to protect websites and applications from tampering, the WTP edition is recommended.
The premium edition is available for free if you have purchased the WTP edition.
Edition Details
The basic edition provides only part of the security scan capabilities. This edition does not provide protection capabilities, nor does it provide support for DJCP MLPS certification.
To protect your ECSs or pass the DJCP MLPS certification, purchase the enterprise edition or a higher edition (premium edition or Web Tamper Protection edition).
Function |
Item |
Description |
Basic (Pay-per-use) |
Basic (Yearly/Monthly) |
Enterprise |
Premium |
WTP |
---|---|---|---|---|---|---|---|
Asset Management |
Manage account information |
Check and manage server accounts all in one place. |
× |
× |
√ |
√ |
√ |
Check open ports |
Check open ports all in one place and identify high-risk and unknown ports. |
× |
× |
√ |
√ |
√ |
|
Manage applications |
Check running applications all in one place and identify malicious applications. |
× |
× |
√ |
√ |
√ |
|
Web directory management |
Check and manage web directories all in one place. |
× |
× |
√ |
√ |
√ |
|
Manage software |
Check and manage server software all in one place and identify insecure versions. |
× |
× |
√ |
√ |
√ |
|
Manage auto-startup |
Check auto-startup entries and collect statistics on entry changes in a timely manner. |
× |
× |
× |
√ |
√ |
|
Vulnerability management |
Windows vulnerabilities |
Scan Windows OS and software for vulnerabilities based on vulnerability databases, receive alarms generated on critical vulnerabilities, and manage them all in one place. |
× |
× |
√ |
√ |
√ |
Linux vulnerabilities |
Scan Linux OS and software for vulnerabilities based on vulnerability databases, receive alarms generated on critical vulnerabilities, and manage them all in one place. |
× |
× |
√ |
√ |
√ |
|
Web-CMS vulnerabilities |
Check and handle Web-CMS vulnerabilities found in web directory and file scans. |
× |
× |
√ |
√ |
√ |
|
Unsafe settings check |
Password policy check |
Check password complexity policies and modify them based on suggestions provided by HSS to improve password security. |
√ |
√ |
√ |
√ |
√ |
Weak password check |
Change weak passwords to stronger ones based on HSS scan results and suggestions. |
√ |
√ |
√ |
√ |
√ |
|
Unsafe configuration item check |
Check the unsafe Tomcat, Nginx, and SSH login configurations found by HSS. |
× |
× |
√ |
√ |
√ |
|
Intrusion detection |
Brute-force attack |
Your accounts are protected from brute-force attacks. HSS will block the attacking hosts when detecting such attacks. |
√ |
√ |
√ |
√ |
√ |
Abnormal login |
Detect abnormal login behavior, such as remote login and brute-force attacks. |
√ |
√ |
√ |
√ |
√ |
|
Malicious program (cloud scan) |
Check and handle detected malicious programs all in one place, including web shells, Trojan horses, mining software, worms, and viruses. |
× |
× |
√ |
√ |
√ |
|
Abnormal process behavior |
Check the processes on servers, including their IDs, command lines, process paths, and behavior. Send alarms on unauthorized process operations and intrusions. The following abnormal process behavior can be detected:
|
× |
× |
√ |
√ |
√ |
|
Change in critical file |
Receive alarms when critical system files are modified. |
× |
× |
√ |
√ |
√ |
|
Web shell |
Check whether the files (often PHP and JSP files) detected by HSS in your web directories are web shells.
|
× |
× |
√ |
√ |
√ |
|
Reverse shell |
Monitor user process behaviors in real time to detect reverse shells caused by invalid connections. Reverse shells can be detected for protocols including TCP, UDP, and ICMP. |
× |
× |
× |
√ |
√ |
|
Abnormal shell |
Detect actions on abnormal shells, including moving, copying, and deleting shell files, and modifying the access permissions and hard links of the files. |
× |
× |
× |
√ |
√ |
|
High-risk command execution |
Receive real-time alarms on high-risk commands. |
× |
× |
× |
√ |
√ |
|
Auto-startup check |
Check and list auto-started services, scheduled tasks, pre-loaded dynamic libraries, run registry keys, and startup folders. |
× |
× |
× |
√ |
√ |
|
Unsafe account |
Scan accounts on servers and list suspicious accounts in a timely manner. |
× |
× |
√ |
√ |
√ |
|
Privilege escalation |
Detect privilege escalation for processes and files in the current system.
The following abnormal privilege escalation operations can be detected:
|
× |
× |
× |
√ |
√ |
|
Rootkit |
Detect suspicious rootkit installation in a timely manner by checking:
|
× |
× |
× |
√ |
√ |
|
Advanced protection |
Program management |
Set whitelist policies, and determine whether applications are Trusted, Untrusted, or Unknown. The applications that are not whitelisted are not allowed to run. This function protects your servers from untrusted or malicious applications, reducing unnecessary resource usage. |
× |
× |
× |
√ |
√ |
Monitor file integrity |
Check the files in the Linux OS, applications, and other components to detect tampering. |
× |
× |
× |
√ |
√ |
|
Ransomware prevention |
Analyze operations on servers, identify trusted applications, and report alarms on untrusted applications, depending on your settings. |
× |
× |
× |
√ |
√ |
|
Security operations |
Policy management |
You can define and issue different detection policies for different servers or server groups, implementing refined security operation.
|
× |
× |
√ (Only the default enterprise policy group is supported.) |
√ |
√ |
Security report |
Check weekly or monthly server security trend, key security events, and risks. |
× |
× |
√ |
√ |
√ |
|
Security configuration |
2FA |
Prevent brute-force attacks by using password and SMS/email authentication. |
× |
√ |
√ |
√ |
√ |
Web Tamper Protection |
Static WTP |
Static web page files on your website servers are protected from tampering. |
× |
× |
× |
× |
√ |
Dynamic WTP |
Dynamic web page files in your website databases are protected from tampering. |
× |
× |
× |
× |
√ |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot