Security Center is a centralized security solution that defends your cloud assets against threats such as viruses, cyberattacks, and ransomware. It offers multiple editions and billing models so you can build a security system that fits your scenarios and budget.
Get started
New to Security Center? Start with the 7-day free trial of Enterprise Edition to evaluate comprehensive host security capabilities, including vulnerability management and intrusion prevention.
Ready to purchase? Review Plans and add-ons for options, or follow the Purchase procedure.
Overview
Billing: Subscription (plan + add-ons) or Pay-as-you-go (per-feature activation). You cannot use both for the same plan; the same account can use subscription for some modules and pay-as-you-go for others.
Basic Edition: Automatically available after Alibaba Cloud account verification; permanently free.
Enterprise Edition free trial: 7-day trial of the full Enterprise Edition for accounts that have never used the trial or a paid plan; one per account. After the trial expires, configurations and data are retained for 7 days and then automatically deleted.
Quick selection guide
Use case | Recommended solution | Core value |
First-time use or evaluation | Activate a 7-day free trial of the Enterprise Edition (see Overview) | Full host security at no cost, including vulnerability management and intrusion prevention. |
Hybrid cloud host security | Plan: Enterprise. Add-ons: Anti-ransomware,Log Analysis,CSPM,Agentic SOC. | Unified policies and controls for cloud and on-premises hosts; centralized governance. |
Container security | Plan: Ultimate. Add-ons: Anti-ransomware,Log Analysis,Container Image Scan,CSPM | Full-stack from host to container; image scanning for shift-left security. |
MLPS 2.0 compliance | Plan: Enterprise or Ultimate. Add-ons: Anti-ransomware,Log Analysis,File Tamper-Proofing、Agentic SOC | Vulnerabilities, intrusions, baseline checks; log retention meets MLPS. |
Major event support | Plan: Enterprise Edition or Ultimate Edition. Add-ons: Application Protection,File Tamper-Proofing,Cloud Honeypot | RASP and tamper-proofing for advanced threats and business stability. |
Security incident response | Pay-as-you-go: see One-click access policy and billing details for pay-as-you-go services. | For mining malware, viruses, Trojans, website defacement, or ransomware. |
Plans and add-ons
Item | Subscription | Pay-as-you-go |
Payment model | Single upfront fee for a monthly or yearly term. Fixed cost simplifies budgeting. | Pay only for what you use. No upfront investment. |
Fee breakdown | Fees = Edition fee + Value-added service fee (optional).
Note For more information about fees, see Billing description. | Fees = Basic service fee + Feature usage fee.
Note For more information about fees, see Billing description. |
Best for | Stable, long-term workloads with a fixed budget. | Elastic scaling, short-term projects, or frequently changing demands. |
Subscription
Editions: You can select from editions such as Anti-virus, Advanced, Enterprise, and Ultimate. Each edition provides different integrated protection and detection capabilities.
Add-ons: You can purchase additional add-ons as needed, such as Anti-ransomware and Application Protection (RASP).
Editions
Edition | Description | Fee |
Basic | Provides only basic security detection capabilities, such as detecting abnormal server logons, DDoS, common server vulnerabilities, and configuration security issues for some cloud products. This edition does not provide active protection features. | Free |
Anti-virus | Detects and removes common host viruses. | CNY 5 per core per month |
Advanced | Provides host virus detection, anti-virus scanning, vulnerability detection and fixing, and security reports. | CNY 60 per instance per month |
Enterprise | Meets classified protection compliance, host security intrusion prevention, identity authentication, and security audits. | CNY 150 per instance per month |
Ultimate | Provides full-stack security protection for hosts, containers, and LINGJUN servers. This includes security capabilities such as K8s threat detection, Container Asset Overview, security alerts, anti-virus scanning, vulnerability detection, Asset Fingerprints, and attack chain analysis. | CNY 150 per instance per month + CNY 5 per core per month |
The following table compares the main mitigation capabilities of each edition.
Mitigation capabilities | Basic | Anti-virus | Advanced | Enterprise | Ultimate |
Detection for some malware and cloud product threats | |||||
Anti-virus scanning and host intrusion detection | |||||
Anti-brute force | |||||
Host behavior prevention | Note Only blocking processes based on malicious MD5 hashes is supported. | ||||
System vulnerability scanning and fixing | |||||
Malicious network behavior prevention | |||||
Attack attribution | |||||
Application vulnerability detection | |||||
Baseline check and fixing | Note Only weak password checks are supported. | ||||
Container security |
Add-ons
Anti-ransomware
Feature description: Provides anti-ransomware backup and restore capabilities. You can use backup files to recover servers and databases after a ransomware attack.
Purchase instructions:
The quantity you purchase corresponds to the anti-ransomware capacity. This capacity is determined by the size of the files you need to back up and the backup retention period, not the number of servers.
This service is available only in specific regions. You can set the protection data volume as needed. For information about the supported regions, see Anti-ransomware service overview.
If you check Set Recommended Policy, the system automatically backs up important file paths on your existing servers regularly. To adjust the policy, go to the anti-ransomware page. For more information, see Manage an anti-ransomware policy.
CSPM
Feature description: Provides identity and permission management, automated compliance checks, and cloud product configuration baseline detection. This lets you centrally manage configuration risks across multicloud products.
Purchase instructions: Billing is based on the number of quotas. Number of quotas = Number of scans (Number of cloud products × Number of asset instances × Number of check items) + Number of authentications + Number of successful fixes.
WarningThe unused quota is cleared at the end of each month. For more information about billing, see Billing description.
Agentic SOC
Feature description:
Agentic SOC: Supports unified log collection from multicloud environments, multiple accounts, and various products such as Web Application Firewall (WAF), Cloud Firewall, and virtual private cloud (VPC). It provides a closed-loop process for detecting, responding to, and handling security alerts and events. This improves security operations efficiency and helps meet the log audit requirements of MLPS 2.0.
Security Operations Agent: An advanced intelligent value-added service based on Agentic SOC. It uses Agentic AI as its core engine and deeply integrates with Alibaba Cloud's native security data and infrastructure. The service uses the autonomous perception, inference, and execution capabilities of agents to independently analyze security events to help you achieve rapid security event response.
Purchase instructions:
This service uses a modular billing method. The billable items vary based on the options you purchase. For more information about billing, see Detailed billing information.
Agentic SOC: Billed separately for Log Ingestion Traffic and Log Storage Capacity. You can purchase them separately as needed.
Log Ingestion Traffic (GB/day)
Purpose: Used for core security operations such as real-time threat detection, attack attribution, and alert analysis. After purchasing, you can use most of the core features of Agentic SOC, such as threat detection, investigation, and response.
Capacity estimation:
Estimate based on existing logs
Daily traffic (GB) = Total log storage capacity (GB) / Log retention period (TTL) in days.
For example, if you have 10,000 GB of logs with a retention period of 90 days, the daily traffic is approximately 10,000 / 90 ≈ 111 GB. We recommend that you purchase 200 GB/day.
Estimate based on log generation rate (EPS)
Daily traffic (GB) = EPS (log entries per second) × 86,400 × Average size per log entry (KB) / 1,024
EPS: The number of log entries generated per second.Average size per log entry: Typically ranges from 3 KB to 7 KB.
Log Storage Capacity (GB)
Purpose: Used for long-term storage of logs for queries and audits. This meets the compliance requirement of China's Cybersecurity Law and MLPS 2.0 that logs must be retained for at least 180 days. It also supports historical event analysis.
Capacity estimation:
Estimate based on the number of servers: We recommend that you configure 120 GB of log storage capacity for each server.
Estimate based on existing log analysis capacity: We recommend that you configure a capacity that is three times the purchased capacity of the Security Center - Log Analysis feature.
Security Operations Agent: In addition to purchasing Agentic SOC, you must also purchase Intelligent Usage Analysis and Number of Managed Instances.
Intelligent Usage Analysis: The analysis usage consumed by Security Operations Agent to analyze alerts for risk events, investigate events, perform traceability and attribution, and generate security reports. The purchase quantity is not automatically populated and must be the same as the quantity for Log Ingestion Traffic.
NoteThe quota for Intelligent Usage Analysis is cleared daily. If the quota is exceeded, the system automatically applies rate limiting.
Number of Managed Instances: Security Operations Agent supports security operations and automated handling across instances. Billing is based on the number of managed instances, and each invoked instance is billed. Instances can include ECS, WAF, ALB, multicloud products, and third-party security vendor products.
NoteThe quota is cleared monthly. Each instance is counted only once, and duplicates are automatically removed.
If you check Access Policy, some log sources from Security Center, Web Application Firewall, Cloud Firewall, and ActionTrail under the current Alibaba Cloud account are automatically connected.
Vulnerability Fixing
Feature description: Allows you to fix Linux Software Vulnerability and Windows System Vulnerability on your servers with a single click in the console.
Purchase instructions: Enter the number of vulnerability fixes you want to purchase based on the number of vulnerabilities you need to fix each month.
NoteThe number of vulnerability fixes is the sum of all vulnerabilities fixed on all your servers. For example, if the same vulnerability exists on 10 servers, fixing it with a single click in Security Center consumes 10 fixes.
Container Image Scan
Feature description: Scans images for system vulnerabilities, application vulnerabilities, viruses, and malicious samples with a single click, and provides repair suggestions.
Purchase instructions:
Enter the quantity you want to purchase based on the number of scan quotas you need per month.
NoteScan quota: One quota is consumed when an image digest is scanned for the first time. Subsequent scans of the same digest do not consume quotas. If the image digest changes, a new quota is required.
You can purchase this feature only when you select the Advanced,Enterprise Edition,Ultimate Enterprise or Value-added Plan edition.
File Tamper-Proofing
Feature description: Monitors website directories in real time and restores tampered files or directories from backups. This ensures that the website information of important systems is not maliciously tampered with.
Purchase instructions: Select the quantity based on the number of servers you need to protect.
Malicious File Detection
Feature description: Detects hidden malware, webshells, viruses, and other potential risk files in the server file system through deep scanning.
Purchase instructions: Set the quantity to the number of files you need to detect each month.
Application Protection (RASP)
Feature description: The application protection feature is based on runtime application self-protection (RASP) technology. It provides applications with self-protection capabilities to detect and block attacks in real time.
Purchase instructions: We recommend that you set the purchase quantity to the total number of Java processes you plan to protect.
NoteFor example, if you have two servers, each running three Java applications that require protection, you should purchase six quotas.
Cloud Honeypot
Feature description: Provides timely and efficient threat trapping based on attacker behavior. This enhances the detection and protection of core assets in attack and defense scenarios.
Purchase instructions: Cloud Honeypot is billed based on the number of probes. You must purchase at least 20 probes and can purchase up to 500 probes.
NoteIf you need more than 500 probes, contact technical support to scale out.
Security Dashboard
Feature description: Provides multiple visualization dashboards to monitor the security posture of your assets from a macro perspective.
Purchase instructions: You can purchase this feature only when you select the Advanced, Enterprise Edition, or Ultimate Enterprise edition.
Log Analysis
Feature description: Aggregates security logs from cloud assets, including hosts and security events. It provides powerful SQL search and visualization reports to help you perform event retrospection, attack attribution, and compliance audits.
ImportantIf you have also purchased the Log Management pay-as-you-go service, Security Center logs will be stored in two separate locations. To avoid duplicate charges, we recommend that you evaluate your needs and then go to the Security Center console to disable the relevant log delivery switch in the Log Analysis module.
Purchase instructions: According to China's Cybersecurity Law, logs must be stored for at least 180 days. We recommend that you configure at least 50 GB of storage capacity for each server.
Pay-as-you-go
Default features: When you enable any pay-as-you-go feature of Security Center, the system charges a basic service fee and enables the DingTalk Chatbot, Security Report, and Playbook features by default.
Billable features: You can purchase specific protection features separately. All features are billed independently and can be enabled as needed.
Default features
DingTalk Chatbot: After you configure a DingTalk robot for notifications, you can receive real-time threat alert messages from Security Center in your DingTalk group.
Security Report: You can customize the security data you want to monitor and have it sent to the mailboxes of relevant security personnel regularly. This lets you more effectively monitor your asset security status in real time.
Playbook: Provides automated response orchestration capabilities. It orchestrates repetitive tasks in the security event response process into automated handling policies to help you efficiently perform system security hardening.
NoteYou must first enable or purchase the vulnerability fixing feature.
Billable features
Host and Container Security
If you have subscribed to the Anti-virus, Advanced, Enterprise, or Ultimate edition, you cannot enable the Host and Container Security pay-as-you-go service.
Feature description: Provides comprehensive detection and protection services for host and container assets. After purchasing, you need to attach a protection level to your assets. The protection levels are described as follows:
Protection level
Description
Monthly fee (30-day reference price)
Unprotected
Provides only basic security detection capabilities, such as detecting abnormal server logons, DDoS, common server vulnerabilities, and configuration security issues for some cloud products. This edition does not provide active protection features.
Free
Antivirus
Detects and removes common host viruses.
CNY 7.5 per core per month
Advanced
New purchases and changes are no longer supported.
CNY 90 per instance per month
Host Protection
Meets classified protection compliance, host security intrusion prevention, identity authentication, and security audits.
CNY 225 per instance per month
Hosts and Container Protection
Provides full-stack security protection for hosts, containers, and LINGJUN servers. This includes security capabilities such as K8s threat detection, Container Asset Overview, security alerts, anti-virus scanning, vulnerability detection, Asset Fingerprints, and attack chain analysis.
CNY 225 per instance per month + CNY 7.5 per core per month
The following table describes the main mitigation capabilities of each protection level.
Mitigation capabilities
Unprotected
Antivirus
Host Protection
Hosts and Container Protection
Detection for some malware and cloud product threats
Anti-virus scanning and host intrusion detection
Anti-brute force
Host behavior prevention
NoteOnly blocking processes based on malicious MD5 hashes is supported.
Malicious network behavior prevention
Attack attribution
Application vulnerability detection
Container security
Purchase instructions: After the feature is enabled, you must authorize specific assets for the feature to take effect. You can customize asset attachments during purchase.
ImportantDefault attachment rules:
For server assets running container environments (including Alibaba Cloud ACK cluster nodes, Intelligent Computing LINGJUN, and servers connected to self-managed K8s clusters): Host and Container Protection.
For other assets: Host Protection.
For newly added servers: Host Protection.
CSPM
Feature description: Provides identity and permission management, automated compliance checks, and cloud product configuration baseline detection. This lets you centrally manage configuration risks across multicloud products.
Purchase instructions: Billing is based on the number of quotas. Number of quotas = Number of scans (Number of cloud products × Number of asset instances × Number of check items) + Number of authentications + Number of successful fixes.
Vulnerability Fixing
Feature description: Allows you to fix Linux Software Vulnerability and Windows System Vulnerability on your servers with a single click in the console.
Purchase instructions: Enter the number of vulnerability fixes you want to purchase based on the number of vulnerabilities you need to fix each month.
NoteThe number of vulnerability fixes is the sum of all vulnerabilities fixed on all your servers. For example, if the same vulnerability exists on 10 servers, fixing it with a single click in Security Center consumes 10 fixes.
Agentic SOC
Feature description:
Agentic SOC: Supports unified log collection from multicloud environments, multiple accounts, and various products such as Web Application Firewall (WAF), Cloud Firewall, and virtual private cloud (VPC). It provides a closed-loop process for detecting, responding to, and handling security alerts and events. This improves security operations efficiency and helps meet the log audit requirements of MLPS 2.0.
Security Operations Agent: An advanced intelligent value-added service based on Agentic SOC. It uses Agentic AI as its core engine and deeply integrates with Alibaba Cloud's native security data and infrastructure. The service uses the autonomous perception, inference, and execution capabilities of agents to independently analyze security events to help you achieve rapid security event response.
Purchase instructions:
The billable items vary based on the options you purchase. For more information about billing, see Detailed billing information.
Agentic SOC: Billed on a tiered basis for Log Ingestion Traffic. The higher the usage, the lower the unit price.
ImportantIn pay-as-you-go mode, you cannot purchase Log Storage Capacity. Therefore, you cannot store logs for queries and audits.
Security Operations Agent: In addition to the basic charge for Log Ingestion Traffic from Agentic SOC, you are also charged for Intelligent Usage Analysis and Number of Managed Instances.
Intelligent Usage Analysis: The analysis usage consumed by Security Operations Agent to analyze alerts for risk events, investigate events, perform traceability and attribution, and generate security reports.
Number of Managed Instances: Security Operations Agent supports security operations and automated handling across instances. Billing is based on the number of managed instances, and each invoked instance is billed. Instances can include ECS, WAF, ALB, multicloud products, and third-party security vendor products.
NoteEach instance is counted only once, and duplicates are automatically removed.
If you check Access Policy, some log sources from Security Center, Web Application Firewall, Cloud Firewall, and ActionTrail under the current Alibaba Cloud account are automatically connected.
Anti-ransomware
Feature description: Provides anti-ransomware backup and restore capabilities. You can use backup files to recover servers and databases after a ransomware attack.
Purchase instructions:
Billed based on the size of backup files and the data storage duration. For more information about billing, see Anti-ransomware: Billing method: Billed based on the size of backup files in GB and the storage duration in hours. Billing cycle: Usage is accumulated hourly and billed daily. Price: CNY 0.0009 per GB per hour.
This service is available only in specific regions. You can set the protection data volume as needed. For information about the supported regions, see Anti-ransomware service overview.
If you check Set Recommended Policy, the system automatically backs up important file paths on your existing servers regularly. To adjust the policy, go to the anti-ransomware page. For more information, see Manage an anti-ransomware policy.
File Tamper-Proofing
Feature description: File tamper-proofing monitors file system activity in real time, intercepts unauthorized operations such as writes and deletes by non-authorized processes, and records all events for audit. This ensures the integrity of critical files on your servers.
Purchase instructions: Billed by actual protection duration (in seconds) multiplied by the number of protected servers. The following are automatically counted:
Servers with block rules.
Servers with alert rules whose protection edition is below Enterprise Edition or whose protection level is below Host Protection.
Application Protection
Feature description: The application protection feature is based on runtime application self-protection (RASP) technology. It provides applications with self-protection capabilities to detect and block attacks in real time.
Purchase instructions: After the feature is enabled, you must authorize specific assets for the feature to take effect. You can customize asset connections during purchase.
ImportantBy default, all assets are protected and connected using the slow access method.
Agentless Detection
Feature description: Performs lightweight vulnerability scanning and comprehensive risk investigation without installing a client (agent) on the server.
Purchase instructions: Billed based on the volume of scanned data.
Serverless Asset Protection
Feature description: Provides intrusion detection and vulnerability scanning for Serverless assets such as Elastic Container Instance (ECI). For more information, see Serverless security.
Purchase instructions: After the feature is enabled, you must authorize specific assets for the feature to take effect. You can customize asset attachments during purchase.
ImportantBy default, Serverless Asset Protection protection is enabled for all Serverless assets.
Malicious File Detection
Feature description: Detects hidden malware, webshells, viruses, and other potential risk files in the server file system through deep scanning.
Purchase instructions: Billed based on the number of scanned files. For more information about billing, see Billing description.
Log Management
Feature description: Log Management is a log audit and analysis feature based on Alibaba Cloud Simple Log Service (SLS). It relies on the rich detection and protection capabilities of Security Center and the product integration capabilities of the Agentic SOC module to provide you with unified log auditing, built-in security reports, SQL-based analysis and traceability, and flexible storage policies.
ImportantIf you have also purchased the Log Analysis subscription service, Security Center logs will be stored in two separate locations. To avoid duplicate charges, we recommend that you evaluate your needs and then go to the Security Center console to disable the relevant log delivery switch in the Log Analysis module.
Purchase instructions: You need to configure a log storage region.
Purchase procedure
Subscription
Log on and go to the purchase page
Log on to your Alibaba Cloud account and go to the Security Center purchase page.
Select an edition
ImportantIf you have already enabled the Host and Container Security pay-as-you-go service, you can only select Value-added Plan.
Billing Method: Select Subscription.
Protection Scenario: The system automatically recommends an edition and add-ons based on the selected scenario.
Edition: For details on the basic protection capabilities of each edition, see Plans and add-ons.
Protected Servers: Specify the total number of servers to protect. By default, this displays the Alibaba Cloud Elastic Compute Service (ECS) instances and connected third-party servers under your account.
NoteThis parameter is not required if you select the Anti-virus or Value-added Plan.
Cores: The number of vCPUs on your servers. By default, this displays the total number of cores for ECS instances and connected third-party servers under your account.
NoteThis parameter is required only if you select the Anti-virus Edition or Ultimate Edition.
Configure Protection Quota
To activate protection, you must assign the purchased quotas to specific servers.
Automatic binding (default):
The system automatically assigns quotas to unprotected servers under your account based on the default policy. You can unbind or rebind them later. For more information, see Manage quotas for Host and Container Security.
Custom binding:
Click Custom Quota Binding and select the region where your servers are located.
In the server list, select the servers you want to bind and choose the corresponding version in the Edition column.
If you select multiple servers, click the Update Version button at the bottom of the list to bind the same protection version to all selected servers.
(Optional) Select Automatically Add New Servers to Security Center. New servers added later will be automatically bound to the version you are purchasing to enable protection.
WarningIf you do not select this option, you must manually bind new servers to protect them. For instructions, see Manage quotas for Host and Container Security.
Select add-ons
Based on your business needs, find the corresponding add-on module, set Purchase or Not to Yes, and complete the configuration.
Confirm and pay
Read and agree to the Security Center Terms of Service, then click Order Now and complete the payment.
View your purchased service
After the purchase is complete, log on to the console. You can view your current service in the Overview page Subscription section.
Pay-as-you-go
Log on and go to the purchase page
Log on to your Alibaba Cloud account and go to the Security Center purchase page.
Select services
Based on your business needs, find the corresponding add-on module, set Purchase or Not to Yes, and complete the configuration.
Quota and binding logic
For some services to take effect, you must assign their quota to specific assets after you enable them. The configuration steps are as follows:
Host and Container Security: Supports custom binding of host assets. Follow these steps:
ImportantIf you do not configure this, the system binds host assets according to the default rules:
Server assets that run container environments, including Alibaba Cloud ACK cluster nodes, Intelligent Computing LINGJUN, and servers connected to self-managed K8s clusters: Host and Container Protection.
All other assets: Host Protection.
New servers added later: Host Protection.
On the purchase page, click Custom Quota Binding and select the region where your servers are located.
In the server list, select the servers you want to bind and choose the corresponding protection level in the Protection Level column.
After you select multiple servers, click Change Protection Level to modify the protection level for all of them at once.
In the Automatically Add New Servers to Security Center section, set the protection level that will be automatically bound to new servers.
Serverless Asset Protection: Supports custom binding of assets. Follow these steps:
ImportantIf you do not configure this, the system enables Serverless Asset Protection protection for all serverless assets by default.
Click Custom Quota Binding, select the region where your servers are located, and select the corresponding assets.
Select Automatically Add New Assets to automatically enable Serverless Asset Protection protection for new serverless assets added later.
WarningIf you do not select this option, you must manually bind new serverless assets. Otherwise, they will not be protected by Security Center. For instructions, see Bind or unbind authorized assets.
Application Protection: Supports custom binding of assets. Follow these steps:
ImportantIf you do not configure this, the system protects all assets by default and uses the slow on boarding method.
You can also configure this after purchase by logging on to the console and going to and then Access Management as needed.
Click Custom Quota Binding and select the region where your servers are located.
Select the corresponding assets and click OK.
Confirm and pay
Read and agree to the Security Center Terms of Service, then click Order Now and complete the payment.
View your purchased service
After the purchase is complete, log on to the console. You can view your current service in the Overview page Pay-as-you-go section.
Limitations
Billing model restrictions
Subscription: Each Alibaba Cloud account can only purchase one edition. You can upgrade to a higher edition at any time.
Pay-as-you-go: You can select different protection levels for different assets and purchase multiple add-ons simultaneously.
Switching billing model: To change the billing model for a feature, you must first unsubscribe from or close the current billing service, then activate the other model.
Feature billing restrictions
Exclusivity of features
Subscription editions (Anti-virus, Advanced, Enterprise, Ultimate) and the pay-as-you-go Host and Container Security service are mutually exclusive. You can only choose one; they cannot be purchased or stacked simultaneously.
Subscription add-ons (such as Agentic SOC) and the equivalent pay-as-you-go features cannot be activated simultaneously.
Flexibility across modules
The same account can select different billing models for different feature modules.
NoteFor example, "Vulnerability remediation" uses subscription, while "Agentic SOC" uses pay-as-you-go.
Edition restrictions (container protection)
Server assets running in container environments (including ACK cluster nodes, self-managed K8s, Lingjun assets, etc.) require a specific edition to obtain protection capabilities. The restrictions are as follows:
Subscription: You must purchase Ultimate, and the asset must be bound to the Ultimate edition.
Pay-as-you-go: You must purchase Host and Container Security, and the asset must be bound to the Hosts and Container Protection protection level.
Edition change restrictions
Starting from September 11, 2025, Security Center will no longer support new purchases or changes to the Advanced Edition. Existing Advanced Edition users are not affected.
Unsubscribe
Subscription service
Unsubscribe from add-ons
On the Overview page, in the Subscription section, click . On the order upgrade/downgrade page, on the Order Downgrade tab, set Purchase or Not to No for the relevant service. For more information, see Downgrade.
ImportantThe specific refund amount is subject to the amount displayed on the downgrade page. For information on where your refund will be sent, see Refund destinations.
Unsubscribe from all services
Go to the Unsubscription Management page to submit a self-service unsubscription request. For more information, see Refund policy.
You can also contact technical support to unsubscribe from the Security Center instance.
Pay-as-you-go
On the Overview page of the Security Center console, in the Pay-as-you-go section, turn off the switch for the relevant service. Once disabled, the service will no longer incur charges.
FAQ
Billing-related questions
Do subscription and pay-as-you-go result in duplicate charges?
No. Security Center has a built-in anti-duplicate-billing mechanism:
Single billing principle: Each add-on supports only one billing model at a time. See Exclusivity of features.
Automatic switching: If you purchase a subscription plan that includes default features overlapping with existing pay-as-you-go services, the system automatically disables the pay-as-you-go counterpart and uses the subscription.
NoteFor example, if you already have vulnerability remediation pay-as-you-go and then purchase Advanced Edition or above, Security Center automatically disables the pay-as-you-go mode, and fixing vulnerabilities will no longer incur charges.
Can I convert pay-as-you-go to subscription?
No. Pay-as-you-go services cannot be directly converted to subscription. First close the relevant services, then follow the steps for purchasing subscription.
Can I use subscription and pay-as-you-go together?
Yes. The same account supports mixed use of both billing models. You can flexibly combine plans based on asset importance and lifecycle.
Why am I still charged after the trial resource package is used up?
Trial resource packages only cover specific billing items and quotas. After the package is exhausted, the corresponding pay-as-you-go feature continues to run and incur charges. To avoid unexpected charges:
Regularly check the remaining resource package quota: Log on to the Resource Package Management page to check remaining quota and expiration.
After the package is used up, if you no longer need the service, close the pay-as-you-go service promptly.
Set up spending alerts: In the Billing Center, set a balance threshold to receive SMS, email, or site message alerts.
How do I view Security Center bills?
You can view Security Center charges as follows:
Log on to the Bill Details page.
In the filter, set Product Name to Security Center to view usage and charges for each billing item.
If your bill includes multiple products, you can also check resource package consumption details on the Resource Package Usage Query page.
Why is the order amount higher than the listed price?
The total order price is composed of multiple parts. The base price typically refers to the monthly fee for a single server. The total is affected by:
Number of protected assets: The fee is multiplied by the total number of protected servers under your account (including cloud ECS and non-Alibaba Cloud servers with the agent installed).
Add-on options: The system may pre-select add-ons such as log analysis and anti-ransomware. If you don't need them, set their capacity to
0before placing the order.
Free services and trial
How do I get free services?
Basic Edition: Automatically activated after completing Alibaba Cloud account real-name verification.
Enterprise Edition free trial: Start a 7-day free trial.
What are the differences between the Basic Edition and the Enterprise Edition free trial?
Feature
Basic Edition
Enterprise Edition free trial
Eligible accounts
All Alibaba Cloud accounts that have completed real-name verification.
Accounts that have never used the Enterprise Edition trial or a paid plan.
Protection capabilities
Permanent basic security capabilities.
Short-term experience of full Enterprise Edition features.
Duration
Permanent.
7 days.
Core capabilities
Abnormal logon detection, mining/DDoS trojans, mainstream vulnerability scanning, etc.
Full Enterprise Edition capabilities including virus scanning, advanced threat detection, vulnerability remediation, etc.
Acquisition restrictions
Automatically activated, no application needed.
Each account is eligible for only one trial; cannot be repeated.
Can I cancel the Enterprise Edition free trial, and can I reapply?
Yes. On the Overview page, click Release Trial to cancel the free trial. Each Alibaba Cloud account is eligible for only one free trial; after cancellation, you will not be able to trial Security Center again.
Will configurations be retained after the Enterprise Edition trial expires?
After the trial expires, related feature configurations and data are retained for 7 days and then automatically cleared.
Why don't I see the free trial option on the Overview page?
Reason 1: Your account has already applied for the 7-day free trial.
Reason 2: Your account has already purchased a paid edition.