Cloud Security Command Center beta

A comprehensive security and data risk platform for GCP

Go To Marketplace View Documentation

Actionable security insights

Cloud Security Command Center helps security teams gather data, identify threats, and act on them before they result in business damage or loss. It offers deep insight into application and data risk so that you can quickly mitigate threats to your cloud resources and evaluate overall health. With Cloud Security Command Center, you can view and monitor an inventory of your cloud assets, scan storage systems for sensitive data, detect common web vulnerabilities, and review access rights to your critical resources, all from a single, centralized dashboard.

Gain visibility into your cloud data and services

Cloud Security Command Center gives enterprises consolidated visibility into their cloud assets across App Engine, Cloud Datastore, Cloud DNS, Cloud Load Balancing, Cloud Spanner, Cloud Storage, Compute Engine, Container Registry, Kubernetes Engine, and Virtual Private Cloud. Users can quickly understand the number of projects they have, what resources are deployed, where sensitive data is located, which service accounts have been added or removed, and how firewalls rules are configured. With ongoing discovery scans, enterprises can view asset history to understand exactly what changed in their environment and act on unauthorized modifications.

Powerful insights to help enhance your security posture

Cloud Security Command Center provides powerful security insights about your cloud resources. With this tool, security teams can answer questions like “Which cloud storage buckets contain PII?”, “Do I have any buckets that are open to the Internet?” and “Which cloud applications are vulnerable to XSS vulnerabilities?” By applying ongoing security analytics and threat intelligence, enterprises can assess their overall security health in a central dashboard and take immediate action on security risks.

Flexible platform to meet your security needs

Cloud Security Command Center integrates with Google Cloud Platform security tools like Cloud Security Scanner, the Cloud Data Loss Prevention (DLP) and third-party security solutions from Cavirin, Chef, and RedLock. Cloud security insights from partner products are aggregated in Cloud Security Command Center and can be fed into existing systems and workflows.

Cavirin logo
Chef logo
RedLock logo

Cloud Security Command Center Features

Asset Discovery and Inventory
Discover and view your assets across App Engine, Cloud Datastore, Cloud DNS, Cloud Load Balancing, Cloud Spanner, Cloud Storage, Compute Engine, Container Registry, Kubernetes Engine, and Virtual Private Cloud. Review historical discovery scans to identify new, modified, or deleted assets.
Sensitive Data Identification
Find out which storage buckets contain sensitive and regulated data using the Cloud DLP. Help prevent unintended exposure and ensure access is based on need-to-know. Cloud DLP integrates automatically with Cloud Security Command Center.
Application Vulnerability Detection
Uncover common vulnerabilities such as cross-site-scripting (XSS) and Flash injection that put your Google App Engine applications at risk with Cloud Security Scanner. Cloud Security Scanner integrates automatically with Cloud Security Command Center.
Leverage the Cloud Security Command Center REST API for easy integration with your existing security systems and workflows.
Access Control Monitoring
Help ensure the appropriate access control policies are in place across your cloud resources and get alerted when policies are misconfigured or unexpectedly change. Forseti, the open source security toolkit for Google Cloud Platform, integrates with Cloud Security Command Center.
Anomaly Detection From Google
Identify threats like botnets, cryptocurrency mining, anomalous reboots, and suspicious network traffic with built-in anomaly detection technology developed by Google.
Third-party Security Tool Inputs
Integrate output from your existing security tools such as Cavirin, Chef, and RedLock into Cloud Security Command Center to detect security and compliance policy violations and instance vulnerabilities and threats.
Real-time Notifications
Receive Cloud Security Command Center alerts via Gmail and SMS with Pub/Sub notification integration.

Cloud Security Command Center Pricing

There is no separate charge for using Cloud Security Command Center. However, the use of some Cloud Security Command Center detectors, such as Cloud Security Scanner, impacts App Engine instance quota limits, bandwidth (traffic) charges, and quotas for API calls to App Engine services. Learn more in the Security Scanner pricing guide. In addition, Cloud DLP is priced by usage. Learn more on the Cloud DLP pricing page.

Beta: This is a Beta release of Cloud Security Command Center. This feature is not covered by any SLA or deprecation policy and may be subject to backward-incompatible changes.


Cloud Security Command Center