Multi-cloud security
Cloud security and risk management for multi-cloud environments
The industry’s first cloud risk management solution that fuses cloud security and enterprise security operations—supercharged by Mandiant expertise and Gemini at Google scale.
Join the Security Command Center Community to find answers, build skills, stay up-to-date, and make connections.
Features
Built-in remediation
Integration of modern security operations capabilities brings together proactive and reactive security practices. Cases are automatically created for high-risk cloud misconfigurations, vulnerabilities, and threats, which are then assigned to the right owner or analyst for investigation. Custom and out-of-the-box playbooks can be attached to gather additional context and to streamline remediation. Integration with popular ITSM and ticketing solutions can augment case management.
Threat detection
World-class Mandiant threat intelligence and expertise is infused into the core solution architecture, enabling security teams to detect and stop the latest cyber threats. It identifies indicators of compromise (IOCs) to find and block newly-discovered crytpominers, command and control domains, and more. Curated threat rules are continuously applied to cloud telemetry and workload data to find active threats, while malicious files are detected when uploaded into the cloud environment.
Continuous risk engine
Count high-risk issues on one hand. The risk engine builds a deep understanding of each cloud environment, including knowledge of high-value resources and security weaknesses. It then plays the role of a sophisticated and motivated attacker by simulating millions of possible attack vectors to reach and compromise cloud resources. Risk insights are delivered via a dashboard, detailed attack paths, toxic combinations, and attack exposure scoring - all of which are used to prioritize the remediation of high-risk events and actions.
Cloud posture management
Identify cloud misconfigurations, software vulnerabilities, and compliance violations across multi-cloud environments. Get visibility of cloud assets and resources, and identify security issues that could lead to compromise. Security findings are assigned an attack exposure score and are mapped on Security Command Center’s risk dashboard to help prioritize security response.
Shift left security
Find security issues before they happen. Developers get access to thousands of software packages tested and validated by Google via Assured Open Source Software. DevOps and DevSecOps teams get posture controls to define and monitor security guardrails in the infrastructure, and can use infrastructure as code (IaC) scanning to implement consistent security policies from code to cloud by validating security controls during the build process.
Cloud Identity and Entitlement Management (CIEM)
CIEM capabilities help manage cloud identities and privileges, assisting teams in identifying excessive and dormant access that could compromise security. The feature analyzes permission usage, including inferred permissions determined via machine learning, and recommends which ones should be removed to get to least privileged access. It also analyzes which users have access to specific resources, and provides insight into service account activity.
Mandiant Hunt
Uncover threats hiding in your cloud environments with Mandiant Hunt. Our experts proactively analyze your multicloud data, armed with the latest knowledge of adversary tactics, techniques, and procedures (TTPs) targeting cloud systems. This optional, paid-for service uses continuous intelligence from Mandiant frontline experts, VirusTotal, and Google Cloud security data. You'll receive findings mapped to the MITRE ATT&CK framework, offering actionable context to strengthen your cloud security posture.
Options Table
| Security Command Center | Description | Best for | Activation and pricing |
|---|---|---|---|
Enterprise | Complete multi-cloud CNAPP security, plus integrated SecOps for built-in remediation | Protecting Google Cloud, AWS and/or Azure. Best value. Google recommended | Workload-based pricing available via subscription |
Premium | Security posture management, attack paths, threat detection, and compliance monitoring for Google Cloud only | Google Cloud customers who need pay-as-you-go billing | Workload-based, pay-as-you-go pricing with self-service activation |
Standard | Basic security posture management for Google Cloud only | Google Cloud environments with minimal security requirements | No cost self-service activation |
Learn more about Security Command Center offerings in our documentation.
Enterprise
Complete multi-cloud CNAPP security, plus integrated SecOps for built-in remediation
Protecting Google Cloud, AWS and/or Azure. Best value. Google recommended
Workload-based pricing available via subscription
Premium
Security posture management, attack paths, threat detection, and compliance monitoring for Google Cloud only
Google Cloud customers who need pay-as-you-go billing
Workload-based, pay-as-you-go pricing with self-service activation
Standard
Basic security posture management for Google Cloud only
Google Cloud environments with minimal security requirements
No cost self-service activation
Learn more about Security Command Center offerings in our documentation.
How It Works
Security Command Center brings together proactive and reactive security; delivering posture management and threat detection for code, identities, and data. Built-in remediation streamlines security response. It’s all powered by Google innovation, running on a planet-scale data lake.
Security Command Center brings together proactive and reactive security; delivering posture management and threat detection for code, identities, and data. Built-in remediation streamlines security response. It’s all powered by Google innovation, running on a planet-scale data lake.
Common Uses
Risk-centric cloud security
Prioritize cloud risks that matter
Prioritize cloud risks that matter
Quickly find the high-risk cloud security issues that could lead to significant business impact and stop combing through hundreds or thousands of security alerts. Use attack exposure scoring and hand-crafted CVE information from Mandiant to prioritize response efforts, and monitor your overall risk posture with a detailed risk dashboard.
Identifying and Prioritizing Cloud Risks with a Cloud-native Application Protection Platform
Tutorials, quickstarts, & labs
Prioritize cloud risks that matter
Prioritize cloud risks that matter
Quickly find the high-risk cloud security issues that could lead to significant business impact and stop combing through hundreds or thousands of security alerts. Use attack exposure scoring and hand-crafted CVE information from Mandiant to prioritize response efforts, and monitor your overall risk posture with a detailed risk dashboard.
Learning resources
Identifying and Prioritizing Cloud Risks with a Cloud-native Application Protection Platform
Cloud workload protection
Detect and stop active attacks
Detect and stop active attacks
Discover when bad actors have infiltrated your cloud environment. Put Mandiant threat intelligence at your fingertips to find cyber attacks, including malicious execution, privilege escalation, data exfiltration, defense evasion, and more. Get threats assigned to high-priority cases, enriched with additional evidence, and use cloud-specific playbooks to remove attackers from your cloud.
Tutorials, quickstarts, & labs
Detect and stop active attacks
Detect and stop active attacks
Discover when bad actors have infiltrated your cloud environment. Put Mandiant threat intelligence at your fingertips to find cyber attacks, including malicious execution, privilege escalation, data exfiltration, defense evasion, and more. Get threats assigned to high-priority cases, enriched with additional evidence, and use cloud-specific playbooks to remove attackers from your cloud.
Security operations
Investigate and remediate high-risk issues
Investigate and remediate high-risk issues
Add world-class SecOps capabilities to your cloud security practice and start resolving security issues faster and eliminate the backlog of unresolved risks. Use automatic case management that identifies the right resource or project owner. Then simplify investigation with Gemini AI, streamline issue remediation with out-of-the-box playbooks, and plug into your existing ITSM and ticketing system.
Tutorials, quickstarts, & labs
Investigate and remediate high-risk issues
Investigate and remediate high-risk issues
Add world-class SecOps capabilities to your cloud security practice and start resolving security issues faster and eliminate the backlog of unresolved risks. Use automatic case management that identifies the right resource or project owner. Then simplify investigation with Gemini AI, streamline issue remediation with out-of-the-box playbooks, and plug into your existing ITSM and ticketing system.
Shift left security
Fix issues before they happen
Fix issues before they happen
Mitigate supply chain risks that can be introduced during the software development process by using thousands of software packages tested and validated by Google. Scan infrastructure as code (IaC) files and CI/CD pipelines to identify resource violations, and set custom posture controls that detect and alert if cloud configurations drift from centrally-defined guardrails or compliance standards.
Tutorials, quickstarts, & labs
Fix issues before they happen
Fix issues before they happen
Mitigate supply chain risks that can be introduced during the software development process by using thousands of software packages tested and validated by Google. Scan infrastructure as code (IaC) files and CI/CD pipelines to identify resource violations, and set custom posture controls that detect and alert if cloud configurations drift from centrally-defined guardrails or compliance standards.
Security posture
Make your clouds safe for critical applications and data
Make your clouds safe for critical applications and data
Proactively find vulnerabilities and misconfigurations in your multi-cloud environment before attackers can exploit them to access sensitive cloud resources. Then use attack paths and attack exposure scoring to prioritize the security issues that pose the most risk. Monitor compliance to industry standards, such as CIS, PCI-DSS, NIST, and more. Export results to risk and compliance teams.
Tutorials, quickstarts, & labs
Make your clouds safe for critical applications and data
Make your clouds safe for critical applications and data
Proactively find vulnerabilities and misconfigurations in your multi-cloud environment before attackers can exploit them to access sensitive cloud resources. Then use attack paths and attack exposure scoring to prioritize the security issues that pose the most risk. Monitor compliance to industry standards, such as CIS, PCI-DSS, NIST, and more. Export results to risk and compliance teams.
Pricing
| How Security Command Center pricing works | Pricing is based on the total number of workloads in the cloud environments being protected. | |
|---|---|---|
| Product tier | Activation | Price USD |
Enterprise | Available via one or multi-year subscription, with built-in term discounts | |
Premium | Available via self-service activation with pay-as-you-go consumption pricing, at a project-level or organization-level | Single per-workload price (Google Cloud only) |
Standard | Available via self-service activation, at a project-level or organization-level | No cost |
How Security Command Center pricing works
Pricing is based on the total number of workloads in the cloud environments being protected.
Enterprise
Available via one or multi-year subscription, with built-in term discounts
Premium
Available via self-service activation with pay-as-you-go consumption pricing, at a project-level or organization-level
Single per-workload price (Google Cloud only)
Standard
Available via self-service activation, at a project-level or organization-level
No cost
SCC PREMIUM PRICING
SCC ENTERPRISE PRICING
Get started today
Activate SCC Premium for Google Cloud
Start a proof of concept
Take a course
Get more technical product information
