Tencent TCE Security Suite
Unified Coverage
Cloud-Native & Fully Managed
Enterprise-Grade Security & Compliance
ARCHITECTURE
Seven Products, One Powerful Security Suite
BENEFITS
Discover the Key Features
1.Cloud Workload Protection Platform
2.Cloud Firewall
3.Web Application Firewall
4.Data Security Audit
5.Key Management Service
6.Secrets Manager
7.Bastion Host
Cloud Workload Protection Platform
Short Intro
Cloud Workload Protection Platform (CWPP) is a unified host security platform for the cloud-native era. Powered by Tencent Security threat intelligence, it provides full-lifecycle protection for cloud, physical, and hybrid hosts through intrusion prevention, malware defense, vulnerability/baseline management, log analytics, and automated incident tracing.
Advantages
Lightweight, non-intrusive agent
Massive threat intelligence
Unified security management across multi‑cloud and hybrid cloud environments
Key Features
Host asset fingerprint collection
Baseline compliance checks
Attack detection and blocking
Closed‑loop vulnerability management
Automated incident tracing and analysis
Cloud Firewall
Short Intro
Tencent Cloud Firewall (CFW) is a Software as a Service (SaaS) network perimeter defense solution that provides centralized access control, log auditing, and real-time intrusion prevention for your cloud assets.It helps organizations maintain compliance with the EU's General Data Protection Regulation (GDPR) by offering robust security measures
Advantages
Smooth Expansion
Seamless Access
Built-in Threat
Key Features
Access Control (Edge, NAT, and Inter-VPC Firewall)
Intrusion Prevention System (IPS)
Enterprise Security Group Management
Network Detection and Response (NDR)
Log Audit and Analysis
Visualized Network Topology
Virtual Patching
Web Application Firewall
Short Intro
Tencent Cloud Web Application Firewall (WAF) helps internal and external Tencent Cloud users fight security issues such as web attacks, intrusions, exploits, trojans, tampering and backdoors, crawlers. By deploying WAF, corporate users can redirect the threat and pressure of web attacks to the protection cluster nodes of WAF, obtaining the web business protection capabilities of Tencent Cloud in just minutes to safeguard websites and secure the operations of web businesses.
Advantages
Tencent's 24/7 security team, patches are deployed within 24 hours — no action required from users
Elastic Scaling and High Availability: Scales seamlessly with business growth — zero downtime, always-on protection
Multiple Access Modes: SaaS DNS or CLB bypass — deploy flexibly, security decoupled from forwarding
Key Features
Web Application Attack Prevention
CC Attack Prevention
BOT Traffic Management
Webpage Tampering Prevention
API Security
Data Leakage Prevention
Data Security Audit
Short Intro
Data Security Audit can fully audit and store various database session information, access operations, and SQL statements in the enterprise network. After the audit data is obtained, DSAudit can identify malicious behaviors in operations via various types of rule bases and threat detection engines, and can promptly notify administrators to take corresponding security protection measures. For security incidents that have occurred, DSAudit supports searching for traces in audit logs spanning over a decade, helping enterprises restore the full picture of the security incident and find the person responsible for it.
Advantages
Cloud native
High Performance
Compliance Report
Key Features
Automatic Cloud Database Discovery
Threat Identification by Artificial Intelligence
Custom Audit Rules
Full Audit
Threat Alarms
Key Management Service
Short Intro
KMS is a security management service that uses HSMs certified by a third party to generate and protect keys. It helps users easily create and manage keys, meets users' key management needs of multiple applications and workloads, and meets regulatory and compliance requirements.
Advantages
Secure and Compliant Key Storage
Rich Features of Key Management
Deployment of Centralized Key Management Policies
Key Rotation Policy
Key Features
Sensitive Data Encryption
Envelope Encryption
Bring Your Own Key
Secrets Manager
Short Intro
SSM provides users with lifecycle management services for secrets, including creation, retrieval, updating, and deletion. Combined with resource-level role authorization, it enables centralized querying, management, and encrypted storage of database secrets, API keys, other tokens, and sensitive configurations
Advantages
Enterprise-Level Credential Management
Full-Lifecycle Management
Key Features
Centralized Credential Control
Sensitive Credential Retrieval and Management
Managing Various Sensitive Data
Bastion Host
Short Intro
Cloud Bastion Host (CBH) is a centralized Ops management system that integrates account management, authorization management, authentication management, and comprehensive audit.
Advantages
Cloud-native
Comprehensiveness
Dynamic scaling
Granular Permission Control
Key Features
Authentication management
Authorization management
Asset access
Operation audit
BENEFITS
Discover the Key Features
1.Cloud Workload Protection Platform
Short Intro
Cloud Workload Protection Platform (CWPP) is a unified host security platform for the cloud-native era. Powered by Tencent Security threat intelligence, it provides full-lifecycle protection for cloud, physical, and hybrid hosts through intrusion prevention, malware defense, vulnerability/baseline management, log analytics, and automated incident tracing.
Advantages
Lightweight, non-intrusive agent
Massive threat intelligence
Unified security management across multi‑cloud and hybrid cloud environments
Key Features
Host asset fingerprint collection
Baseline compliance checks
Attack detection and blocking
Closed‑loop vulnerability management
Automated incident tracing and analysis
2.Cloud Firewall
Short Intro
Tencent Cloud Firewall (CFW) is a Software as a Service (SaaS) network perimeter defense solution that provides centralized access control, log auditing, and real-time intrusion prevention for your cloud assets.It helps organizations maintain compliance with the EU's General Data Protection Regulation (GDPR) by offering robust security measures
Advantages
Smooth Expansion
Seamless Access
Built-in Threat
Key Features
Access Control (Edge, NAT, and Inter-VPC Firewall)
Intrusion Prevention System (IPS)
Enterprise Security Group Management
Network Detection and Response (NDR)
Log Audit and Analysis
Visualized Network Topology
Virtual Patching
3.Web Application Firewall
Short Intro
Tencent Cloud Web Application Firewall (WAF) helps internal and external Tencent Cloud users fight security issues such as web attacks, intrusions, exploits, trojans, tampering and backdoors, crawlers. By deploying WAF, corporate users can redirect the threat and pressure of web attacks to the protection cluster nodes of WAF, obtaining the web business protection capabilities of Tencent Cloud in just minutes to safeguard websites and secure the operations of web businesses.
Advantages
Tencent's 24/7 security team, patches are deployed within 24 hours — no action required from users
Elastic Scaling and High Availability: Scales seamlessly with business growth — zero downtime, always-on protection
Multiple Access Modes: SaaS DNS or CLB bypass — deploy flexibly, security decoupled from forwarding
Key Features
Web Application Attack Prevention
CC Attack Prevention
BOT Traffic Management
Webpage Tampering Prevention
API Security
Data Leakage Prevention
4.Data Security Audit
Short Intro
Data Security Audit can fully audit and store various database session information, access operations, and SQL statements in the enterprise network. After the audit data is obtained, DSAudit can identify malicious behaviors in operations via various types of rule bases and threat detection engines, and can promptly notify administrators to take corresponding security protection measures. For security incidents that have occurred, DSAudit supports searching for traces in audit logs spanning over a decade, helping enterprises restore the full picture of the security incident and find the person responsible for it.
Advantages
Cloud native
High Performance
Compliance Report
Key Features
Automatic Cloud Database Discovery
Threat Identification by Artificial Intelligence
Custom Audit Rules
Full Audit
Threat Alarms
5.Key Management Service
Short Intro
KMS is a security management service that uses HSMs certified by a third party to generate and protect keys. It helps users easily create and manage keys, meets users' key management needs of multiple applications and workloads, and meets regulatory and compliance requirements.
Advantages
Secure and Compliant Key Storage
Rich Features of Key Management
Deployment of Centralized Key Management Policies
Key Rotation Policy
Key Features
Sensitive Data Encryption
Envelope Encryption
Bring Your Own Key
6.Secrets Manager
Short Intro
SSM provides users with lifecycle management services for secrets, including creation, retrieval, updating, and deletion. Combined with resource-level role authorization, it enables centralized querying, management, and encrypted storage of database secrets, API keys, other tokens, and sensitive configurations
Advantages
Enterprise-Level Credential Management
Full-Lifecycle Management
Key Features
Centralized Credential Control
Sensitive Credential Retrieval and Management
Managing Various Sensitive Data
7.Bastion Host
Short Intro
Cloud Bastion Host (CBH) is a centralized Ops management system that integrates account management, authorization management, authentication management, and comprehensive audit.
Advantages
Cloud-native
Comprehensiveness
Dynamic scaling
Granular Permission Control
Key Features
Authentication management
Authorization management
Asset access
Operation audit
SCENARIO
Excellent Performance, Security and Stability Solution
Protect Internet-Facing Workloads and Web Applications
Secure servers, web applications, and APIs exposed to the Internet with layered protection—from network edge to application layer and runtime workloads.
Build a Compliance-Ready Data Protection Architecture
Monitor all database operations, centralize key management, and control access to sensitive data to meet regulatory and internal compliance requirements.
Control and Audit O&M Access for Critical Assets
Enforce least-privilege access to servers and databases, proxy all O&M operations through a bastion host, and keep detailed logs for audits and incident response.
Secure DevOps and Application Credentials
Remove hardcoded credentials from code and pipelines, encrypt configuration data, and safely distribute secrets to applications and CI/CD workflows.
FAQS
Frequently
Asked Questions
What is included in the TCE Security Suite?
The TCE Security Suite includes seven cloud-native products: Cloud Workload Protection, Cloud Firewall, Web Application Firewall, Data Security Audit, Key Management Service, Secrets Manager, and Bastion Host. Together, they cover compute, network, application, data, and O&M security.
Can I purchase each product separately?
Yes. You can deploy any product individually for specific use cases, or use multiple products together as an integrated security stack.
Do these products only work on Tencent Cloud?
Many products support hybrid and multi-cloud environments, such as protecting on-premises servers or self-built databases. Please refer to each product’s documentation for detailed environment support.
How does TCE Security Suite help with compliance?
The suite provides capabilities such as database auditing, key management, encrypted secret storage, traffic logging, and O&M operation auditing, which can help you meet industry standards and internal compliance requirements.
How do I get started with TCE Security Suite?
You can enable most products directly from the Tencent Cloud console or purchase them via the product pages. For tailored architecture design or large-scale deployments, you can contact Tencent Cloud sales for guidance.
FAQS
Frequently
Asked Questions
What is included in the TCE Security Suite?
The TCE Security Suite includes seven cloud-native products: Cloud Workload Protection, Cloud Firewall, Web Application Firewall, Data Security Audit, Key Management Service, Secrets Manager, and Bastion Host. Together, they cover compute, network, application, data, and O&M security.
Can I purchase each product separately?
Yes. You can deploy any product individually for specific use cases, or use multiple products together as an integrated security stack.
Do these products only work on Tencent Cloud?
Many products support hybrid and multi-cloud environments, such as protecting on-premises servers or self-built databases. Please refer to each product’s documentation for detailed environment support.
How does TCE Security Suite help with compliance?
The suite provides capabilities such as database auditing, key management, encrypted secret storage, traffic logging, and O&M operation auditing, which can help you meet industry standards and internal compliance requirements.
How do I get started with TCE Security Suite?
You can enable most products directly from the Tencent Cloud console or purchase them via the product pages. For tailored architecture design or large-scale deployments, you can contact Tencent Cloud sales for guidance.