Jump to

Security Command Center

Security and risk management platform for Google Cloud.

  • Gain centralized visibility and control

  • Discover misconfigurations and vulnerabilities

  • Report on and maintain compliance

  • Detect threats targeting your Google Cloud assets

Benefits

Gain centralized visibility and control

Understand the number of projects you have, what resources are deployed, and manage which service accounts have been added or removed.

Fix misconfigurations and compliance violations

Identify security misconfigurations and compliance violations in your Google Cloud assets and resolve them by following actionable recommendations.

Detect threats targeting your Google Cloud assets

Uncover threats targeting your resources using logs and powered by Google’s unique threat intelligence; use kernel-level instrumentation to identify potential compromises of containers.

Key features

Key features

Asset discovery and inventory

Discover and view your assets in near-real time across App Engine, BigQuery, Cloud SQL, Cloud Storage, Compute Engine, Cloud Identity and Access Management, Google Kubernetes Engine, and more. Review historical discovery scans to identify new, modified, or deleted assets.

Threat prevention

Understand the security state of your Google Cloud assets. Uncover common web application vulnerabilities such as cross-site scripting or outdated libraries in your web applications running on App Engine, GKE, and Compute Engine. Quickly resolve misconfigurations by clicking directly on the impacted resource and following the prescribed steps on how to fix it.

Threat detection

Detect threats using logs running in Google Cloud at scale. Detect cryptomining threats and some of the most common container attacks, including suspicious binary, suspicious library, and reverse shell.

Documentation

Documentation

Google Cloud Basics
Security Command Center concepts

Quickly learn about key Security Command Center concepts.

Tutorial
Security Command Center evaluation guide

Use this guide to set up and and evaluate the core capabilities of Security Command Center Premium.

Google Cloud Basics
Quotas and limits

Quotas and limits for Security Command Center.

Best Practice
Security Command Center FAQs

Discover the answers to frequently ask questions for Security Command Center.

Tutorial
Getting started with Security Command Center

Watch our six-part video series to learn how to get started with Security Command Center.

Tutorial
Google Cloud Skills Boost: Security in Google Cloud

This on-demand course gives participants broad study of security controls and techniques on Google Cloud.

Tutorial
Securing Web Applications with Web Security Scanner

In this lab, you will learn how Web Security Scanner, a built-in service in the Security Command Center, helps identify web application vulnerabilities. 

All features

All features

Security posture management Native ability to surface the misconfigurations and vulnerabilities in your Google Cloud resources. Helps ensure the appropriate policies are in place and get alerted when policies are misconfigured or unexpectedly change.
Built-in threat detection Security Command Center Premium provides comprehensive threat detection for Google Cloud that includes Event Threat Detection, Container Threat Detection, and Virtual Machine Threat Detection as built-in services.
Compliance monitoring Review and export compliance reports to help ensure all your resources are meeting their compliance requirements with PCI-DSS 3.2.1, OWASP Top Ten, NIST 800-53, ISO 27001, and CIS benchmarks for Google Cloud foundation (v1.0, v1.1, v1.2). 
SIEM and SOAR integrations Leverage the Security Command Center built-in integrations to easily integrate with your SIEM and SOAR platforms. You can automatically send Security Command Center data to SIEM/SOAR platforms for further analysis and manage responses to security findings.
Granular access control Uses Identity and Access Management (IAM) roles to enable fine-grained access control at folder and project levels. It helps you to control who can do what with assets, findings, and security sources in your Security Command Center environment. 
Real-time notifications and remediation Receive notifications about new findings or updates to findings within minutes and take action. Quickly remediate security alerts by using Pub/Sub events and Cloud Functions. Receive Security Command Center alerts via Gmail, SMS, and Jira with Pub/Sub notification integration.

Pricing

Pricing

Please contact your account executive to learn more about Security Command Center’s pricing.

Partners

Partners

Take advantage of existing security solutions you’re using on-premises and use them in Google Cloud.