Updated on 2022-09-08 GMT+08:00

Editions

HSS comes in basic, enterprise, premium, and WTP editions. Table 2 describes their functions. For more details, see Functions and Features.

  • HSS comes in basic, enterprise, premium, and WTP editions.

    You can upgrade your editions in the following scenarios.

    • If you have purchased the basic edition, you can upgrade it to the enterprise, premium, or WTP edition.
    • If you have purchased the enterprise edition, you can upgrade it to the premium or WTP edition.
  • The premium edition is provided for free if you have purchased the WTP edition.

Recommended Editions

  • To protect test servers or individual users' servers, use the basic edition. It can protect any number of servers, but only part of the security scan capabilities are available. This edition does not provide protection capabilities, nor does it provide support for DJCP Multi-level Protection Scheme (MLPS) certification.
  • If you need to obtain the DJCP MLPS L2 certification, purchase the enterprise edition. If you need to obtain the DJCP MLPS L3 certification, purchase the premium edition. If you need to obtain the DJCP MLPS certification for a website, purchase the Web Tamper Protection edition.
  • If your servers store important data assets, have high security risks, use publicly available EIPs, or there are databases running on your servers, you are advised to purchase the premium or Web Tamper Protection edition.
  • For servers that need to protect websites and applications from tampering, the WTP edition is recommended.
    For details about the application scenarios of each version, see Table 1.
    • You are advised to deploy HSS on all your servers so that if a virus infects one of them, it will not be able to spread to others and damage your entire network.
    • In the pay-per-use mode, HSS stops charging if the servers it protects are stopped.
    Table 1 Recommended Editions

    Edition

    Billing Mode

    Scenario

    Basic

    • Pay-per-use

      You can use the basic edition for each of your servers for 30 calendar days free or charge.

      When purchasing an ECS, you can enable the HSS basic edition for free. The free trial lasts 30 days.

    • Yearly/Monthly

      The basic edition in yearly/monthly mode does not have a free trial period.

    This edition can protect any number of servers, but only part of the security scan capabilities are available. This edition does not provide protection capabilities, nor does it provide support for DJCP MLPS certification.

    You can use this edition to protect test servers or individual users' servers.

    The basic edition only provides part of the baseline check and intrusion detection functions, and displays the security risk overview of assets on the cloud.

    NOTE:
    • If the basic edition in yearly/monthly mode expires, HSS resources protecting your servers will be released.
    • If you select Yearly/Monthly and a message indicating insufficient quota is displayed, you need to purchase HSS and then enable it.

    Enterprise edition

    • Purchasing HSS in Pay-per-use Mode
    • Yearly/Monthly

    Use this edition of you need to obtain DJCP MLPS L2 certification.

    This edition can scan your servers for Trojans and other viruses, fix vulnerabilities in one click, and detect intrusions.

    Premium

    Yearly/Monthly

    Use this edition if you need to obtain DJCP MLPS L3 certification.

    If your servers store important data assets, have high security risks, use publicly available EIPs, or there are databases running on your servers, you are advised to use this edition.

    Web Tamper Protection

    Yearly/Monthly

    Use this edition if you need to obtain DJCP MLPS certifications for your websites.

    For servers that need to protect websites and applications from tampering, the WTP edition is recommended.

    The premium edition is available for free if you have purchased the WTP edition.

Edition Details

The basic edition provides only part of the security scan capabilities. This edition does not provide protection capabilities, nor does it provide support for DJCP MLPS certification.

To protect your ECSs or pass the DJCP MLPS certification, purchase the enterprise edition or a higher edition (premium edition or Web Tamper Protection edition).

Table 2 Edition details

Function

Item

Description

Basic

(Pay-per-use)

Basic

(Yearly/Monthly)

Enterprise

Premium

WTP

Asset Management

Manage account information

Check and manage server accounts all in one place.

×

×

Check open ports

Check open ports all in one place and identify high-risk and unknown ports.

×

×

Manage applications

Check running applications all in one place and identify malicious applications.

×

×

Web directory management

Check and manage web directories all in one place.

×

×

Manage software

Check and manage server software all in one place and identify insecure versions.

×

×

Manage auto-startup

Check auto-startup entries and collect statistics on entry changes in a timely manner.

×

×

×

Vulnerability management

Windows vulnerabilities

Scan Windows OS and software for vulnerabilities based on vulnerability databases, receive alarms generated on critical vulnerabilities, and manage them all in one place.

×

×

Linux vulnerabilities

Scan Linux OS and software for vulnerabilities based on vulnerability databases, receive alarms generated on critical vulnerabilities, and manage them all in one place.

×

×

Web-CMS vulnerabilities

Check and handle Web-CMS vulnerabilities found in web directory and file scans.

×

×

Unsafe settings check

Password policy check

Check password complexity policies and modify them based on suggestions provided by HSS to improve password security.

Weak password check

Change weak passwords to stronger ones based on HSS scan results and suggestions.

Unsafe configuration item check

Check the unsafe Tomcat, Nginx, and SSH login configurations found by HSS.

×

×

Intrusion detection

Brute-force attack

Your accounts are protected from brute-force attacks. HSS will block the attacking hosts when detecting such attacks.

Abnormal login

Detect abnormal login behavior, such as remote login and brute-force attacks.

  • Check and handle remote logins.

    HSS can check the blocked login IP addresses, and who used them to log in to which servers at what time.

    If a user's login location is not any common login location you set, an alarm will be triggered.

  • Trigger an alarm if a user logs in by a brute-force attack.

Malicious program (cloud scan)

Check and handle detected malicious programs all in one place, including web shells, Trojan horses, mining software, worms, and viruses.

×

×

Abnormal process behavior

Check the processes on servers, including their IDs, command lines, process paths, and behavior.

Send alarms on unauthorized process operations and intrusions.

The following abnormal process behavior can be detected:

  • Abnormal CPU usage
  • Processes accessing malicious IP addresses
  • Abnormal increase in concurrent process connections

×

×

Change in critical file

Receive alarms when critical system files are modified.

×

×

Web shell

Check whether the files (often PHP and JSP files) detected by HSS in your web directories are web shells.

  • Web shell information includes the Trojan file path, status, first discovery time, and last discovery time. You can choose to ignore warning on trusted files.
  • You can use the manual detection function to scan for web shells on servers.

×

×

Reverse shell

Monitor user process behaviors in real time to detect reverse shells caused by invalid connections.

Reverse shells can be detected for protocols including TCP, UDP, and ICMP.

×

×

×

Abnormal shell

Detect actions on abnormal shells, including moving, copying, and deleting shell files, and modifying the access permissions and hard links of the files.

×

×

×

High-risk command execution

Receive real-time alarms on high-risk commands.

×

×

×

Auto-startup check

Check and list auto-started services, scheduled tasks, pre-loaded dynamic libraries, run registry keys, and startup folders.

×

×

×

Unsafe account

Scan accounts on servers and list suspicious accounts in a timely manner.

×

×

Privilege escalation

Detect privilege escalation for processes and files in the current system.

The following abnormal privilege escalation operations can be detected:
  • Root privilege escalation by exploiting SUID program vulnerabilities
  • Root privilege escalation by exploiting kernel vulnerabilities
  • File privilege escalation

×

×

×

Rootkit

Detect suspicious rootkit installation in a timely manner by checking:
  • Check rootkits based on file signatures.
  • Hidden files, ports, processes, and kernel modules

×

×

×

Advanced protection

Program management

Set whitelist policies, and determine whether applications are Trusted, Untrusted, or Unknown. The applications that are not whitelisted are not allowed to run. This function protects your servers from untrusted or malicious applications, reducing unnecessary resource usage.

×

×

×

Monitor file integrity

Check the files in the Linux OS, applications, and other components to detect tampering.

×

×

×

Ransomware prevention

Analyze operations on servers, identify trusted applications, and report alarms on untrusted applications, depending on your settings.

×

×

×

Security operations

Policy management

You can define and issue different detection policies for different servers or server groups, implementing refined security operation.

  • View the policy list.
  • Create a policy group based on default and existing policy groups.
  • Define a policy.
  • Edit or delete a policy.
  • Modify or disable policies in a group.
  • Apply policies to servers in batches on the Servers page.

×

×

√ (Only the default enterprise policy group is supported.)

Security report

Check weekly or monthly server security trend, key security events, and risks.

×

×

Security configuration

2FA

Prevent brute-force attacks by using password and SMS/email authentication.

×

Web Tamper Protection

Static WTP

Static web page files on your website servers are protected from tampering.

×

×

×

×

Dynamic WTP

Dynamic web page files in your website databases are protected from tampering.

×

×

×

×