Help Center > > Service Overview> Editions

Editions

Updated at: Feb 01, 2021 GMT+08:00

HSS comes in basic, enterprise, premium, and WTP editions. Table 1 describes their functions. For more details, see Functions and Features.

  • HSS comes in basic, enterprise, premium, and WTP editions.

    You can upgrade your editions in the following scenarios.

    • If you have purchased the basic edition, you can upgrade it to the enterprise, premium, or WTP edition.
    • If you have purchased the enterprise edition, you can upgrade it to the premium or WTP edition.
  • The premium edition is provided for free if you have purchased the WTP edition.

Recommended Editions

  • For test or individual users, the basic edition is recommended.
  • For servers that need to meet basic security compliance requirements (such as virus and Trojan scan, one-click vulnerability fixing, and intrusion detection), the enterprise edition is recommended.
  • For servers that need to meet high security requirements (for example, to protect websites or critical services), the premium or WTP edition is recommended.

    You are advised to enable the premium or WTP edition for servers that process critical services or are exposed to high risks, for example, servers that expose EIPs, application servers that store important data, and database servers.

  • For servers that need to protect websites and applications from tampering, the WTP edition is recommended.

Edition Details

Table 1 Edition details

Function

Item

Description

Basic

Pay-per-use

Basic

Yearly/Monthly

Enterprise

Premium

WTP

Asset Management

Manage account information

Check and manage server accounts all in one place.

×

×

Check open ports

Check open ports all in one place and identify high-risk and unknown ports.

×

×

Manage applications

Check running applications all in one place and identify malicious applications.

×

×

Web directory management

Check and manage web directories all in one place.

×

×

Manage software

Check and manage server software all in one place and identify insecure versions.

×

×

Manage auto-startup

Check auto-startup entries and collect statistics on entry changes in a timely manner.

×

×

×

Vulnerability management

Windows vulnerabilities

Scan Windows OS and software for vulnerabilities based on vulnerability databases, receive alarms generated on critical vulnerabilities, and manage them all in one place.

×

×

Linux vulnerabilities

Scan Linux OS and software for vulnerabilities based on vulnerability databases, receive alarms generated on critical vulnerabilities, and manage them all in one place.

×

×

Web-CMS vulnerabilities

Check and handle Web-CMS vulnerabilities found in web directory and file scans.

×

×

Unsafe settings check

Password policy check

Check password complexity policies and modify them based on suggestions provided by HSS to improve password security.

Weak password check

Change weak passwords to stronger ones based on HSS scan results and suggestions.

Unsafe configuration item check

Check the unsafe Tomcat, Nginx, and SSH login configurations found by HSS.

×

×

Intrusion detection

Brute-force attack

Your accounts are protected from brute-force attacks. HSS will block the attacking hosts when detecting such attacks.

Abnormal login

Detect abnormal login behavior, such as remote login and brute-force attacks.

  • Check and handle remote logins.

    HSS can check the blocked login IP addresses, and who used them to log in to which servers at what time.

    If a user's login location is not any common login location you set, an alarm will be triggered.

  • Trigger an alarm if a user logs in by a brute-force attack.

Malicious program (cloud scan)

Check and handle detected malicious programs all in one place, including web shells, Trojan horses, mining software, worms, and viruses.

×

×

Abnormal process behavior

Check the processes on servers, including their IDs, command lines, process paths, and behavior.

Send alarms on unauthorized process operations and intrusions.

The following abnormal process behavior can be detected:

  • Abnormal CPU usage
  • Processes accessing malicious IP addresses
  • Abnormal increase in concurrent process connections

×

×

Change in critical file

Receive alarms when critical system files are modified.

×

×

Web shell

Check whether the files (often PHP and JSP files) detected by HSS in your web directories are web shells.

  • Web shell information includes the Trojan file path, status, first discovery time, and last discovery time. You can choose to ignore warning on trusted files.
  • You can use the manual detection function to scan for web shells on servers.

×

×

Reverse shell

Monitor user process behaviors in real time to detect reverse shells caused by invalid connections.

Reverse shells can be detected for protocols including TCP, UDP, and ICMP.

×

×

×

Abnormal shell

Detect actions on abnormal shells, including moving, copying, and deleting shell files, and modifying the access permissions and hard links of the files.

×

×

×

High-risk command execution

Receive real-time alarms on high-risk commands.

×

×

×

Auto-startup check

Check and list auto-started services, scheduled tasks, pre-loaded dynamic libraries, run registry keys, and startup folders.

×

×

×

Unsafe account

Scan accounts on servers and list suspicious accounts in a timely manner.

×

×

Privilege escalation

Detect privilege escalation for processes and files in the current system.

The following abnormal privilege escalation operations can be detected:
  • Root privilege escalation by exploiting SUID program vulnerabilities
  • Root privilege escalation by exploiting kernel vulnerabilities
  • File privilege escalation

×

×

×

Rootkit

Detect suspicious rootkit installation in a timely manner by checking:
  • Check rootkits based on file signatures.
  • Hidden files, ports, processes, and kernel modules

×

×

×

Advanced protection

Program management

Set whitelist policies, and determine whether applications are Trusted, Untrusted, or Unknown. The applications that are not whitelisted are not allowed to run. This function protects your servers from untrusted or malicious applications, reducing unnecessary resource usage.

×

×

×

Monitor file integrity

Check the files in the Linux OS, applications, and other components to detect tampering.

×

×

×

Ransomware prevention

Analyze operations on servers, identify trusted applications, and report alarms on untrusted applications, depending on your settings.

×

×

×

Security operations

Policy management

You can define and issue different detection policies for different servers or server groups, implementing refined security operation.

  • View the policy list.
  • Create a policy group based on default and existing policy groups.
  • Define a policy.
  • Edit or delete a policy.
  • Modify or disable policies in a group.
  • Apply policies to servers in batches on the Servers page.

×

×

√ (Only the default enterprise policy group is supported.)

Security report

Check weekly or monthly server security trend, key security events, and risks.

×

×

Security configuration

2FA

Prevent brute-force attacks by using password and SMS/email authentication.

×

Web Tamper Protection

Static WTP

Static web page files on your website servers are protected from tampering.

×

×

×

×

Net disk tampering prevention

Files in your net disks are protected from tampering.

×

×

×

×

Dynamic WTP

Dynamic web page files in your website databases are protected from tampering.

×

×

×

×

Did you find this page helpful?

Submit successfully!

Thank you for your feedback. Your feedback helps make our documentation better.

Failed to submit the feedback. Please try again later.

Which of the following issues have you encountered?







Please complete at least one feedback item.

Content most length 200 character

Content is empty.

OK Cancel