What is Cloud Security Center?
Cloud Security Center (CSC) is a one-stop security management platform provided by Tencent Cloud. With the Assets, Risks, and Alerts modules and advanced security management, CSC ensures security throughout your business operations by offering proactive threat detection, real-time incident response, and post-incident root cause analysis.
Assets: Manage 34 types of Tencent Cloud assets.
Risks: Detect six types of major risks, such as vulnerabilities and configuration risks.
Alerts: Handle alerts from security products in a centralized manner.
Advanced security management: Manage all assets under the organization account and verify security policies via Breach and Attack Simulation (BAS).
Features
Asset management
Automatically synch security data of assets from 34 Tencent Cloud products. You can also manually add external IPs and domain names for unified management.
Risk detection
Create health check tasks to detect port risks, vulnerabilities, weak passwords, content risks, configuration risks, and exposed risk services. You can also set up scheduled checks to keep checking the security posture of your services.
Security alerts
Collect alerts from CFW, WAF and CWPP, and provide categorized views. You can handle alerts of the three security products in the CSC console.
To-do list
List all pending risks and alerts for easy management. You can click a to-do item to open it in the related product directly.
Solid protection
Security architecture: Introduce the Tencent Cloud security architecture and offer free trials of TCSS, CFW, WAF, CWPP, and CSC.
Vulnerability prevention: Detect assets affected by vulnerabilities based on an up-to-date vulnerability library managed by Tencent Cloud security experts. It employs CFW and WAF for vulnerability defense and uses CWPP for vulnerability repair.
Health check tasks
Manage asset health check tasks, including editing, pausing, and deleting a task.
Report download
Automatically generate PDF reports after health check tasks are completed. You can preview and download the reports.
Breach and attack simulation (BAS)
Automatically simulate attacker's tactics and techniques based on the MITRE ATT&CK framework. This helps users identify potential attack paths and significant security threats, uncover deficiencies in security products, and verify their security policies. Note that customer authorization is required for this feature.
Log audit
Collect logs from CFW, WAF, and CWPP. You can query logs by specifying the log field and keyword.
Risk handling
Keep records of actions taken against risks and alerts (CFW, WAF and CWPP) in the CSC console.
Multi-account management
Allow Tencent Cloud Organization (TCO) users to switch login accounts and manage the assets, alerts, risks, and other configurations of their members.