keep on record Console
<View all products
Proprietary Yunyundun
Alibaba Cloud Yundun is a package of cloud native security products provided by Alibaba Cloud for large and medium-sized private cloud enterprise users. It covers tenant level and platform level security such as host security, application security, network security, data security, operation and maintenance audit, and builds a security system for defense in depth of proprietary cloud to fully ensure the safe and stable operation of your proprietary cloud business and meet compliance requirements.
Product documentation Work order through train

Product Functions

Create a private cloud security ecosystem, cover the security scenarios on the cloud, and provide compliant, efficient and stable security services
Situation awareness The security monitoring and situation analysis visualization platform based on big data presents the whole network attack situation for users, and provides attack prediction analysis and traceability capabilities. There is also a large screen display effect, and the security situation is clear at a glance.
Anrider - Host Security The unified security management system for real-time identification, analysis and early warning of security threats supports the security protection of the physical machine layer/iaas/paas layer, and provides vulnerability check and external attack interception capabilities.
Cloud firewall Uniformly manage access control in Internet business and micro isolation scenarios; Built in intrusion detection and defense engine to block malicious attacks in real time.
web application firewall Provide web application attack protection services to ensure the security of core business data and solve the server performance problems caused by malicious attacks.
Cloud Security Operation Center SOC Focus on fast operation and efficiency improvement, global threat coordinated defense, and event correlation analysis to quickly respond to closed-loop.
Traffic safety monitoring Identify and detect attacks on the full flow of Internet and intranet portals, and support Aliguard&Advanced Anti DDoS linkage and DDoS attack protection.
Trusted computing The system trustworthiness provides users with all-round trustworthiness guarantee for the environment startup phase and operation phase, and constructs a perfect security system based on hardware.
Cloud security bastion machine Centralized management of asset permissions, full process recording of operational data, real-time restoration of O&M scenarios, and help enterprise users build a unified, safe and efficient O&M channel on the cloud.
Data sorting and desensitization Built in efficient and rich desensitization algorithms provide a full range of sensitive data management capabilities, which can automatically discover sensitive data in the system.
Sensitive data protection Provide users with sensitive data identification, classification, data security audit, data desensitization, intelligent anomaly detection and other data security capabilities.
Encryption service The encryption service is based on the hardware encryption machine certified by the National Encryption Administration, and provides cloud data encryption and decryption solutions. Users can manage the key securely and reliably.
Key management service The key management service KMS provides secure and compliant key escrow and password services to help users easily use keys to encrypt and protect sensitive data assets and control the distributed computing and storage environment on the cloud.

Product advantages

Alibaba security best practice output, based on the cloud native protection system, provides the native security capability of deep integration with the cloud platform
Security architecture of defense in depth
The proprietary Yundun covers multi-level security protection modules such as network security (Beaver, cloud firewall, Aliguard), host security (Anqi), application security (WAF), data security (database audit, sensitive data protection, etc.), operation and maintenance audit (security audit, bastion machine, etc.), and forms a set of in-depth defense system on cloud boundaries, cloud networks, and cloud servers, Multi point linkage and precise defense.
Security scheme of cloud native deep coupling
The security product components of Yundun are software virtualization, which adapts to the characteristics of cloud computing elasticity; The defense module on the cloud boundary and cloud network adopts the bypass architecture, which fits the cloud business and deeply adapts to the cloud platform architecture; The defense module on ECS is virtualization, which adapts to the flexible characteristics of virtual machines. At the same time, the product security system is deeply integrated with cloud product asset attributes and account management system.
Tenant level security self-service system
The private cloud platform provides tenant level management. Tenant departments can view their own security alerts, attack protection and security precautions through the Yundun security center console. It also configures its own defense strategy and carries out security protection to meet the needs of self service operations and industry cloud operations.
All safety products achieve unified management and control
In order to facilitate the centralized management and real-time grasp of the security risks of the cloud platform, the proprietary Yundun security products provide a unified management view. Users can uniformly manage the security policies in all security protection modules on the Yundun centralized management and control system, and can also perform correlation analysis on logs on the centralized management and control system.
Professional cloud security operation service system
Based on rich professional cloud security operation experience, it provides a full life cycle of proprietary cloud security services, including security operation on-site services, security operation support services, security escort services, security consulting services, penetration testing services, etc., to help users complete security monitoring, daily security inspection, Yundun security product management Cloud product security strategy and configuration optimization, security drill, emergency response, etc.

Application scenarios

Proprietary cloud and other protection
Government specific cloud
Financial proprietary cloud
Proprietary cloud and other protection
Alibaba Cloud's proprietary cloud is the first cloud platform in China that has passed the evaluation of the four level security capability requirements of Equal Protection 2.0. Customers can deploy a proprietary Yundun host security, network security, application security, data security, operation and maintenance audit and unified management security system on the computing resource platform to achieve defense in depth and grasp the platform and business security risks in real time, In terms of safety capability, it meets the safety technical requirements of Level III and Level IV equal protection. At the same time, customer business security and stable operation are guaranteed through on-site security operation services and equal assurance consulting services. The security products provided by the proprietary Yunyundun, together with professional on-site and consulting services, combined with the overall security solution, can help users pass the equal assurance evaluation of equal assurance level 3 or level 4 security requirements, while improving the overall security protection level.
Able to solve
Build a manageable, controllable and trusted security system
From the management and technology aspects, build a manageable, controllable and reliable security assurance system to protect the safe and stable operation of the proprietary cloud application system and the security of business data.
Assist customers to ensure compliance
Assist customers to meet security compliance requirements and better respond to national policy requirements for defense of key infrastructure through the third or fourth level evaluation of equal protection 2.0.
Recommended combination
ECS
VPC
SLB
Container Service ACK
Government specific cloud
A government cloud customer built a private cloud government unified service platform to build intelligent convenient services and intelligent government office, greatly improving internal work efficiency and convenient service for the people. Customers deploy cloud DDoS and web protection to form the first outermost line of defense, and ensure the operation security, data security, and operation and maintenance security of the government cloud business system through proprietary Yunyundun security products, and help users build security management organizational structure, management system, and security awareness through security services.
Able to solve
Three dimensional security guarantee
From the management and technology aspects, build a manageable, controllable and reliable security assurance system to protect the safe and stable operation of the proprietary cloud application system and the security of business data.
Assist customers to ensure compliance
Assist customers to meet security compliance requirements and better respond to national policy requirements for defense of key infrastructure through the third or fourth level evaluation of equal protection 2.0.
Recommended combination
ECS
VPC
SLB
Container Service ACK
Financial proprietary cloud
A financial cloud customer built a security in depth protection system, deployed Beaver, Aliguard, and cloud firewall at the private cloud outlet to conduct in-depth detection and protection of network layer attacks; In the application layer, deploy WAF to filter application layer attacks; Install the Knight host protection client on the host to protect the terminal security. On this basis, collect the security logs of the whole network, conduct unified security big data modeling and analysis, and open up security islands. The security protection system is deployed in the cloud based on the X86 architecture, saying goodbye to traditional security dedicated hardware.
Able to solve
Get rid of hardware constraints
At the same time of financial business agility, it has completed the security agility capability, got rid of the shackles of proprietary hardware, and obtained higher reliability and performance elastic capacity expansion capability.
Financial Compliance
In the process of business cloudization, the security capability construction meets the requirements of traditional bank security supervision specifications.
Cloud primordial
Unified cloud native security scheme.
Recommended combination
ECS
VPC
SLB
Container Service ACK

Product sales mode

Product licensing mode
More flexible choice and traditional commercial procurement forms
Buy Now
Product subscription mode
Less TCO, lower initial investment, more flexible choice
Buy Now
Submit cooperation consultation
Submit the cooperation intention to Alibaba Cloud and describe the project background and budget.
Cooperation consulting
Cloud security product procurement planning
Professional Alibaba Cloud security architects will assist users in planning for private cloud security
Cooperation consulting
Transfer to offline purchase process
Purchase according to the content of cloud security planning, and select the package price discount.
Cooperation consulting

Product package

The proprietary Yunyundun security products better meet the cloud native security needs of customers in various industries
Proprietary Yunyundun security products
Situation awareness
Host Security Knight
Web Application Protection (WAF)
Traffic safety monitoring (Beaver)
Physical Machine Security Knight
security audit
Cloud firewall
Cloud Security Management Center (SOC)
DDoS cleaning (Aliguard)
Fortress machine
Database audit
Vulnerability scanning
Key management service
Cryptographic Services (HSM)
Data discovery and desensitization
Sensitive data protection
Trusted computing
Standard package
Equal protection package
Premium package
Whether subscription is supported

Documentation and Tools

Technical documents of proprietary Yunyundun security products
Hybrid Cloud Best Practices
Best Practices for Hybrid Cloud Practical Application Scenarios
API interface document
View API Usage Document
Security white paper
View the security product white paper
Upgrade Download
View product upgrade downloads