Step 1: Go to CSC and View the Security Score
1. Log in to the CSC console. In the left-side navigation pane, select Overview. 2. On the Overview page, view the core metrics:
|
Security Score | A score ranging from 0 to 100 comprehensively reflects the overall security posture of your cloud environment. A lower security score indicates a higher concentration of current risks. Prioritizing the handling of high-priority to-do items can quickly improve the security score. |
Step 2: Handle High-Risk Issues Based on the Security Score
1. On the Overview page, click the number for High-Priority To-Do or View All Risks.
2. The system automatically sorts items by risk level and prioritizes the display of critical and high risks.
3. For each high-priority risk, click to go to its details page:
View the Risk Description: understand the harm and scope of impact of this risk.
View the Impacted Assets: identify which hosts or cloud products are affected.
Click Handle Now: follow the guide to complete the remediation.
Note:
Prioritize handling high-priority risks on assets exposed to the public network, as these risks have the highest probability of being attacked.
Step 3: Go to Vulnerability Management and Fix System Vulnerabilities
Entry: Log in to the CSC console. In the left-side navigation pane, choose Risk Governance > Vulnerability Governance. 3.1 Viewing the Vulnerability List
The system is automatically sorted by priority. Focus on the following:
3.2 Performing Vulnerability Fixing
The CWPP (Professional Edition) product supports one-click remediation of system vulnerabilities.
Remediation Tip: You can filter out vulnerabilities by host to centrally handle all vulnerabilities on the same host, reducing repeated login operations.
Step 4: Check and Fix Cloud Product Configuration Risks
Entry: Log in to the CSC console. In the left-side navigation pane, choose Risk Governance > Cloud Security Posture Management > Cloud Resource Configuration Check. 4.1 Viewing Configuration Check Results
The system automatically scans the security configurations of cloud products such as buckets, security groups, and databases, with a focus on check items in high-risk status:
|
Highly risky | The configuration has security risks and must be rectified immediately. | Click Configuration Item Name and adjust it by referring to the fixing suggestions. |
4.2 Handling High-Risk Configuration Issues with Priority
Focus on the following types of non-compliant items:
|
Public bucket access | COS bucket configured as publicly readable. | Data Leakage |
Overly permissive security group rules | Opening high-risk ports to 0.0.0.0/0 | Exposed attack surfaces |
Database exposed to the public network | Database instance bound to a public IP address | Direct attack risk |
Excessive access key permissions | Sub-account granted full administrative permissions. | Permission abuse risk |
4.3 Completing Configuration Fixing as Guided
1. Click the Configuration Item Name of the non-compliant item to view the Fixing Suggestions.
2. Complete the configuration modifications step by step in the corresponding cloud product console.
3. Return to the Cloud Resource Configuration Check page and click Check Now to verify whether it has passed.
Step 5: Next Steps
|
Handling intrusion alarms and responding to security incidents | |
Performing compliance checks | |
Enable log analysis and retain security audit logs. | |