Infrastructure security-Fraud Detection(Fraud Detection)-阿里云帮助中心

Fraud Detection enforces infrastructure security through baseline configuration checks, image security scanning, and network isolation. It also integrates threat detection, vulnerability management, and complementary security services to help you maintain a secure and compliant cloud environment.

Infrastructure security configuration and management

Detection and management of baseline configuration risks

Fraud Detection integrates with Security Center for baseline checks across servers and containers. The system automatically detects configuration risks such as account permissions, service ports, and log settings. You can fix detected risks with a few clicks to meet compliance requirements.

Real-time implementation and user control

By default, the baseline check feature of Security Center is enabled. You can enable or disable scan tasks in the Security Center console.
Fixes take effect immediately. You can view the fixing status and results on the CSPM page in the Security Center console.
The baseline check feature is supported in all editions of Security Center. However, Security Center Enterprise and Ultimate provide a wider range of advanced check items.

Image security management

Security Center provides full-lifecycle security management for container images:

Image vulnerability scan: Supports over 200 security detection models to detect system and application vulnerabilities.
Risky image blocking: Automatically intercepts the startups of images containing high-risk vulnerabilities.
Container image scan: Allows you to create custom scan policies. Container image scan is enabled by default.

Network resource isolation and control

Network isolation and traffic control

Fraud Detection provides multi-level network isolation and protection based on virtual private clouds (VPCs):

Full isolation among VPCs, with cross-network access denied by default.
Fine-grained control of inbound and outbound traffic by using security group rules.
Private network access control based on NAT firewalls and Domain Name System (DNS) firewalls.

Disaster recovery

Multi-zone deployment: Supports cross-zone disaster recovery.
Hot migration: Keeps instances running during physical relocation.
Exception prediction: Helps prevent potential failures.

Security protection capabilities and impacts

Resource consumption and performance

With real-time threat detection enabled, CPU utilization typically stays below 10%. We recommend that you perform the following operations during off-peak hours:

Security patch update.
Baseline fixing.
Vulnerability scan.

If an instance must be restarted for security hardening, the system notifies you in advance. We recommend that you take the following measures:

Use persistent connections to maintain sessions.
Schedule maintenance windows during off-peak hours.
Configure the automatic reconnection mechanism.

Integration with security services

Fraud Detection integrates with the following security services to strengthen overall protection:

Cloud Firewall: Provides north-south traffic protection.
Web Application Firewall (WAF): Defends against Open Web Application Security Project (OWASP) top 10 attacks.
Sensitive Data Discovery and Protection (SDDP): Prevents data leaks.
DataBase Audit: Records SQL operation behavior.
Security Center: Provides a unified security management platform.

Real-time threat detection and response

Intrusion detection and prevention

The system supports more than 250 detection models, covering Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) phases.
Virtual patches defend against remote vulnerability exploits without requiring server restarts.
Intrusion prevention is enabled by default. You can create custom protection policies.

Closed-loop threat response

Automatically blocks requests from malicious IP addresses and domain names.
Supports attack source tracing and analysis.
Supports Security Orchestration and Automation Response (SOAR).

With the preceding infrastructure security protection capabilities, Fraud Detection helps ensure that your cloud assets remain protected at all times.