Prevent, detect, and respond to threats
With visibility into what assets are in Google Cloud Platform and their security state, Cloud Security Command Center makes it easier for you to prevent, detect, and respond to threats. Identify misconfigurations in virtual machines, networks, applications, and storage from a single pane of glass and act on them before they result in business damage or loss. Built-in threat detectors can quickly surface suspicious activity in your Stackdriver security logs or compromised virtual machines. Quickly respond to threats by following actionable recommendations or exporting data to your SIEM.
Prevent threats with visibility and control over your cloud data and services
Cloud Security Command Center gives enterprises centralized visibility into their cloud assets across App Engine, Compute Engine, and more. Built-in security analytics and threat intelligence assesses your overall security state and activity of your virtual machines, network, and storage and surfaces vulnerabilities in your applications. These insights can help you take preventative actions to reduce your exposure to threats.
Detect and respond to threats targeting your Google Cloud Platform assets
Cloud Security Command Center reveals virtual machines that have been used for malicious purposes. Event Threat Detection uses industry-leading threat intelligence, including Google Safe Browsing, to detect suspicious activity in your Stackdriver logs. In just a few clicks, you can identify high-risk incidents and focus on remediation.
Meet your security needs with a flexible platform
Cloud Security Command Center integrates with Google Cloud Platform security tools like Binary Authorization or Google Cloud Phishing Protection. You can also integrate third-party security solutions from Acalvio, Capsule8, Cavirin, Chef, Check Point CloudGuard Dome9, Cloudflare, CloudQuest, McAfee, Qualys, Reblaze, RedLock by Palo Alto Networks, StackRox, Tenable.io, and Twistlock.
Asset discovery and inventory
Discover and view your assets across App Engine, BigQuery, Cloud SQL, Cloud Storage, Compute Engine, Cloud IAM, Kubernetes Engine, and more. Review historical discovery scans to identify new, modified, or deleted assets.
Sensitive data discovery
Find out which storage buckets contain sensitive and regulated data using the Cloud DLP API. Help prevent unintended exposure and ensure access is based on need-to-know. The DLP API integrates automatically with Cloud Security Command Center.
Application vulnerability detection
Uncover common vulnerabilities such as cross-site-scripting (XSS), outdated libraries, and more that put your App Engine applications at risk with Cloud Security Scanner. Cloud Security Scanner integrates automatically with Cloud Security Command Center.
REST API and SIEM
Leverage the Cloud Security Command Center REST API for easy integration with your existing security systems and workflows. Export Cloud Security Command Center data to Splunk or other SIEMs for further analysis.
Access control monitoring
Native ability to surface the identity and access management policies for your cloud resources. Help ensure the appropriate access control policies are in place and get alerted when policies are misconfigured or unexpectedly change. Forseti, our open source security toolkit for Google Cloud Platform, integrates with Cloud Security Command Center.
Anomaly detection from Google
Identify threats such as coin mining, unusual activity, hijacked accounts, compromised machines used for botnets or DDoS attacks, and anomalous data activity with Cloud Anomaly Detection, developed by Google. Cloud Anomaly Detection integrates automatically with Cloud Security Command Center.
Automatically scan Stackdriver security logs for high-profile indicators of compromise with Event Threat Detection and further explore these findings from Cloud Security Command Center.
Third-party security tool inputs
Integrate output from your existing security tools into Cloud Security Command Center to detect security and compliance policy violations and instance vulnerabilities and threats.
Real-time notifications and remediation
Receive Cloud Security Command Center alerts via Gmail, SMS, and Jira with Cloud Pub/Sub notification integration. Quickly remediate security alerts by using Cloud Pub/Sub events and Cloud Functions.
Integrate Cloud Audit Logging events for Compute Engine, Google Cloud networking, Cloud Storage, Cloud IAM, and Binary Authorization into Cloud Security Command Center to help meet regulatory requirements or provide an audit trail while investigating an incident.
There is no separate charge for using Cloud Security Command Center. However, you will be charged if you upload more than 1 GB per day of external findings into Cloud Security Command Center. In addition, some Cloud Security Command Center detectors, such as Cloud DLP API, charge by usage. Learn more on the DLP API pricing page.
Cloud Security Command Center gives us unprecedented visibility into the security posture of our VM instances and containerized workloads running within GCP. With this security service, we can quickly review and assess risks across all our GCP assets.– Alexander Schuchman, Director Information Security, Colgate-Palmolive
Google Cloud blog
Cloud Security Command Center - Cloud Next '19
Cloud Security Command Center
Prevent, detect, and respond to threats with GCP’s comprehensive security management and data risk platform.