Security Command Center
A security management and data risk platform that helps with security vulnerabilities and threats.Try Google Cloud free
- Gain centralized visibility and control with built-in cyber risk management
- Improve your vulnerability management
- Report on and maintain compliance
- Detect threats targeting your Google Cloud assets
Gain centralized visibility and control
Understand the number of projects you have, what resources and partner solutions are deployed, and manage sensitive data and which service accounts have been added or removed.
Fix misconfigurations and compliance violations
Identify security misconfigurations and compliance violations in your Google Cloud assets and resolve them by following actionable recommendations.
Detect threats targeting your Google Cloud assets
Uncover threats targeting your resources using logs and powered by Google’s unique threat intelligence; use kernel-level instrumentation to identify potential compromises of containers.
Asset discovery and inventory
Discover and view your assets in near-real time across App Engine, BigQuery, Cloud SQL, Cloud Storage, Compute Engine, Cloud Identity and Access Management, Google Kubernetes Engine, and more. Review historical discovery scans to identify new, modified, or deleted assets.
Understand the security state of your Google Cloud assets. Uncover common web application vulnerabilities such as cross-site scripting or outdated libraries in your web applications running on App Engine, GKE, and Compute Engine. Quickly resolve misconfigurations by clicking directly on the impacted resource and following the proscribed steps on how to fix it.
Detect treats using logs running in Google Cloud at scale. Detect some of the most common container attacks, including suspicious binary, suspicious library, and reverse shell.
Sign up for Google Cloud newsletters to receive product updates, event information, special offers, and more.
Security Command Center concepts
Quickly learn about key Security Command Center concepts.
Quotas and limits
Quotas and limits for Security Command Center.
Security Command Center FAQs
Discover the answers to frequently ask questions for Security Command Center.
Qwiklab: Security in Google Cloud
This on-demand course gives participants broad study of security controls and techniques on Google Cloud.
|Sensitive data discovery||Find out which storage buckets contain sensitive and regulated data using the Cloud DLP API. Help prevent unintended exposure and ensure access is based on need-to-know. The Cloud DLP API integrates automatically with Security Command Center.|
|Compliance||Review and export compliance reports to ensure all your resources are meeting their compliance requirements.|
|Rest API and SIEM||Leverage the Security Command Center REST API for easy integration with your existing security systems and workflows. Export Security Command Center data to Splunk or other SIEMs for further analysis.|
|Access control monitoring||Native ability to surface the identity and access management policies for your cloud resources. Help ensure the appropriate access control policies are in place and get alerted when policies are misconfigured or unexpectedly change. Forseti, our open source security toolkit for Google Cloud, integrates with Security Command Center.|
|Real-time notifications and remediation||Receive notifications about new findings or updates to findings within minutes and take action. Quickly remediate security alerts by using Pub/Sub events and Cloud Functions. Receive Security Command Center alerts via Gmail, SMS, and Jira with Pub/Sub notification integration.|
|Audit logs||Integrate Cloud Audit Logs events for Compute Engine, Google Cloud networking, Cloud Storage, Cloud IAM, and Binary Authorization into Security Command Center to help meet regulatory requirements or provide an audit trail while investigating an incident.|