Functions
Based on cloud native security, SecMaster provides a comprehensive closed-loop security response process that contains log collection, security governance, intelligent analysis, situation awareness, orchestration, and response, helping you protect cloud security.
SecMaster provides basic, standard, and professional editions for you to help meet security requirements in different scenarios. You can select the one that best fits your service needs.
Security Overview
The Security Overview page gives you a comprehensive view of your asset security posture together with other linked cloud security services to centrally display security assessment findings.
Function Module |
Description |
Basic |
Standard |
Professional |
---|---|---|---|---|
Security Overview |
|
√ |
√ |
√ |
Workspace Management
Workspaces are top-level workbenches in SecMaster. A workspace can be associated with common projects, enterprise projects, and regions to support security operations in different scenarios.
Multi-Account Management
You can aggregate resources from multiple accounts into one account to centrally manage security, configure protection policies, monitor data operations, and detect security risks in real time.
Function Module |
Description |
Basic |
Standard |
Professional |
---|---|---|---|---|
Account Management |
As more and more enterprises migrate their services to the cloud, cloud resource, project, personnel, and permission management is becoming increasingly complex. A centralized approach to managing cloud resources across multiple accounts is essential for enterprise environments. You can aggregate resources from multiple accounts into one account to centrally manage security, configure protection policies, monitor data operations, and detect security risks in real time. |
× |
× |
√ |
Security Governance
Security Governance provides you with a security governance template and compliance scanning service and converts the standard clauses in security compliance packs into check items.
Function Module |
Description |
Basic |
Standard |
Professional |
---|---|---|---|---|
Security Governance |
NOTE:
Before using security governance in SecMaster, you need to submit a service ticket to enable the service. |
× |
× |
√ |
Purchased Resources
Purchased Resources centrally displays the resources purchased by the current account, making it easier for you to manage them in one place.
Function Module |
Description |
Basic |
Standard |
Professional |
---|---|---|---|---|
Purchased Resources |
You can view resources purchased by the current account on the Purchased Resources page and manage them centrally. |
√ |
√ |
√ |
Situation Awareness
You can view the security situation on the large screen in real time and periodically subscribe to security operation reports to know the core security metrics.
Function Module |
Description |
Basic |
Standard |
Professional |
---|---|---|---|---|
|
√ |
√ |
√ |
|
SecMaster leverages AI to analyze and classify massive cloud security data and then displays real-time results on a large screen. In a simple, intuitive, and efficient way, you will learn of what risks your cloud environment are facing and how secure your cloud environment is.
NOTE:
The large screen function needs to be purchased separately based on the standard or professional edition. |
× |
√ |
√ |
|
You can generate analysis reports and periodically send them to specified recipients by email. In this way, all recipients can learn about the security status of your assets in a timely manner. |
× |
× |
√ |
|
All tasks that need to be processed are displayed centrally. |
× |
√ |
√ |
|
AI Risk Overview displays the compliance status of the AI models in real time. It supports data corpus, inference services, and environment security risk operations. So, you can identify risks and potential threats of AI models in a timely manner. On the AI Risk Overview page, you can lear of your AI model inference security, corpus security, and environment security. |
√ |
√ |
√ |
Resource Manager
Resource Manager supports centralized management of assets on the cloud and assets outside the cloud and displays their security status in real time.
Function Module |
Description |
Basic |
Standard |
Professional |
---|---|---|---|---|
Resource Manager |
SecMaster can synchronize the security statistics of all resources. So that you can check the name, service, and security status of a resource to quickly locate security risks. |
√ |
√ |
√ |
Risk Prevention
Risk prevention provides baseline inspection, vulnerability management, and security policy management to help you check cloud security configurations and meet requirements in many security standards, such as DJCP, ISO, and PCI, as well as Huawei Cloud security best practice standards. You can learn about where vulnerabilities are located in the entire environment and fix them in just a few clicks.
Function Module |
Description |
Basic |
Standard |
Professional |
---|---|---|---|---|
SecMaster can scan cloud baseline configurations to find out unsafe settings, report alerts for incidents, and offer hardening suggestions to you. |
√ |
√ |
√ |
|
SecMaster automatically synchronizes vulnerability scan results from Host Security Service (HSS), displays vulnerability scan details by category, and provides vulnerability fixing suggestions. |
√ |
√ |
√ |
|
SecMaster collects the latest information on known host security vulnerabilities every 5 minutes. |
√ |
√ |
√ |
|
SecMaster supports centralized management of defense and emergency policies. |
√ |
√ |
√ |
Threats
SecMaster provides many threat detection models in the Threats module to help customers detect threats from massive security logs and generate alerts. Beyond that, it provides built-in security response playbooks to help automatically analyze and handle alerts, and automatically harden security defense lines and security configurations.
Function Module |
Description |
Basic |
Standard |
Professional |
---|---|---|---|---|
SecMaster centrally displays incident details and allows you to manually or automatically convert alerts into incidents. |
× |
√ |
√ |
|
Alerts of other cloud services such as HSS, WAF, and DDoS Mitigation are integrated for central display and management.
|
√ |
√ |
√ |
|
Indicators describe potential threats to your systems. Indicators provide necessary context for abnormal activities, so that you can quickly take measures to protect your personnel, information, and assets. Indicators associate observation items such as URLs or IP addresses with known threat activities such as phishing or malware. Indicators are widely used in security products and automated services to detect and prevent potential threats to organizations. You can create and manage indicators to accelerate threat detection and rectification. You can manually add indicators or import indicators to SecMaster. Then you can use indicators to create custom playbooks for threat management, analysis, and handling. |
× |
× |
√ |
Security Orchestration
Security Orchestration supports playbook, workflow, operation connection, and data class (security entity objects) management. You can also customize playbooks and processes.
Security Orchestration allows you to flexibly orchestrate security response playbooks through drag-and-drop according to your service requirements. You can also flexibly extend and define security operation objects and interfaces.
SecMaster standard edition does not include security orchestration. You can buy a value-added package to use this function.
Function Module |
Description |
Basic |
Standard |
Professional |
---|---|---|---|---|
You can centrally manage operation objects such as data classes, data class types, and categorical mappings. |
× |
× |
√ |
|
You can manage playbooks, workflows, operation connections, and playbook instances throughout their lifecycles.
NOTE:
You need to purchase the security orchestration function in the value-added package at an extra cost. However, there are some free quotas of security analysis, built-in playbooks, and security orchestration. For details, see Free Quota Description. |
× |
× |
√ |
|
This module provides a visualized low-code development platform. In this module, you can create custom layout of pages for security analysis reports, alert management, incident management, vulnerability management, baseline management, and threat indicator library management. |
× |
× |
√ |
|
Plug-ins used in the security orchestration process can be managed centrally. |
× |
× |
√ |
|
Directory Customization |
You can customize directories as needed. |
× |
√ |
√ |
Log Audit
You can enable SecMaster to access cloud service logs and integrate security data so that you can query and analyze logs using query and analysis syntax for log audit. You can also sort out log audit results.
Function Module |
Description |
Basic |
Standard |
Professional |
---|---|---|---|---|
Log Audit Overview |
You can learn about the overall log audit status for the statistical period in the current workspace. |
√ |
√ |
√ |
Security Data |
NOTE:
You need to purchase the security analysis function in the value-added package at an extra cost. However, there are some free quotas of security analysis, preconfigured playbooks, and security orchestration. For details, see Free Quota Description. |
× |
√ |
√ |
Cloud Service Access |
SecMaster can integrate logs of multiple Huawei Cloud services, such as Web Application Firewall (WAF), Host Security Server (HSS), and Object Storage Service (OBS). You can search and analyze all collected logs in SecMaster. By default, the logs are stored for 7 days. |
× |
√ |
√ |
Data Collection (Collections and Components) |
Logstash is used to collect varied log data in multiple modes. After data is collected, historical data analysis and comparison, data association analysis, and unknown threat discovery can be quickly implemented. |
× |
√ |
√ |
Free Quota Description
SecMaster provides some free quotas for security analysis and security orchestration in the value-added package. While the free quotas vary depending on SecMaster editions. The following table provides details.
Function |
Standard |
Professional |
|
---|---|---|---|
Security Analysis |
Security data collection |
120 MB/day/quota |
120 MB/day/quota |
Security data retention |
120 MB/day/quota |
120 MB/day/quota |
|
Security data export |
120 MB/day/quota |
120 MB/day/quota |
|
Platform security data |
40 MB/day/quota |
40 MB/day/quota |
|
Security modeling analysis |
× |
120 MB/day/quota |
|
Threats |
Preset threat models |
× |
Calculation model data: 120 MB/day/quota; Preset models: 200 |
Preset response playbooks |
× |
Preset playbooks: 30 |
|
Security Orchestration |
Security Orchestration |
× |
Operations: 7,000 |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot