Security Command Center

Security and risk management platform for Google Cloud.

Try Google Cloud free Go to console

Gain centralized visibility and control
Discover misconfigurations and vulnerabilities
Report on and maintain compliance
Detect threats targeting your Google Cloud assets

Graphic showing that Security Command Center can help you gain visibility, discover vulnerabilities, detect threats, and maintain compliance.

VIDEO

Improve your security posture with the Security Command Center

13:42

Benefits

Gain centralized visibility and control

Understand the number of projects you have, what resources are deployed, and manage which service accounts have been added or removed.

Fix misconfigurations and compliance violations

Identify security misconfigurations and compliance violations in your Google Cloud assets and resolve them by following actionable recommendations.

Detect threats targeting your Google Cloud assets

Uncover threats targeting your resources using logs and powered by Google’s unique threat intelligence; use kernel-level instrumentation to identify potential compromises of containers.

Key features

Asset discovery and inventory

Discover and view your assets in near-real time across App Engine, BigQuery, Cloud SQL, Cloud Storage, Compute Engine, Cloud Identity and Access Management, Google Kubernetes Engine, and more. Review historical discovery scans to identify new, modified, or deleted assets.

Threat prevention

Understand the security state of your Google Cloud assets. Uncover common web application vulnerabilities such as cross-site scripting or outdated libraries in your web applications running on App Engine, GKE, and Compute Engine. Quickly resolve misconfigurations by clicking directly on the impacted resource and following the prescribed steps on how to fix it.

Threat detection

Detect threats using logs running in Google Cloud at scale. Detect some of the most common container attacks, including suspicious binary, suspicious library, and reverse shell.

VIDEO

Getting started with Security Command Center

Customers

Customer case studies

Case study

How Zebra Technologies manages security & risk using Security Command Center

5-min read

Case study

How Veolia protects its cloud environment across 31 countries with Security Command Center

3-min read

See all customers

What's new

Video

How do I detect malicious activity in my Google Cloud environment? Watch video

Security Summit 2021 Managing security posture on Google Cloud

Video

Managing security posture on Google Cloud Learn more

Blog post

How Zebra Technologies manages security & risk using Security Command Center Read the blog

Blog post

Blog: CIS 1.1 benchmarks and granular access control Read the blog

Video

How to use folder and project-level access control Watch video

Blog post

Monitor and secure your containers with new Container Threat Detection Read the blog

Documentation

Security Command Center concepts

Quickly learn about key Security Command Center concepts.

Security Command Center evaluation guide

Use this guide to set up and and evaluate the core capabilities of Security Command Center Premium.

Quotas and limits

Quotas and limits for Security Command Center.

Security Command Center FAQs

Discover the answers to frequently ask questions for Security Command Center.

Getting started with Security Command Center

Watch our six-part video series to learn how to get started with Security Command Center.

Google Cloud Skills Boost: Security in Google Cloud

This on-demand course gives participants broad study of security controls and techniques on Google Cloud.

All features

Continuous compliance monitoring	Review and export compliance reports to help ensure all your resources are meeting their compliance requirements with PCI-DSS compliance monitoring, CIS compliance monitoring, and more. Security Command Center's Security Health Analytics has been awarded CIS Security Software Certification for CIS Benchmarks: CIS Benchmark for Google Cloud Platform Foundation Benchmark, v1.0.0, Level 1 & 2.
Rest API and SIEM	Leverage the Security Command Center REST API for easy integration with your existing security systems and workflows. Export Security Command Center data to Splunk or other SIEMs for further analysis.
Access control monitoring	Native ability to surface the identity and access management policies for your cloud resources. Help ensure the appropriate access control policies are in place and get alerted when policies are misconfigured or unexpectedly change. Forseti, our open source security toolkit for Google Cloud, integrates with Security Command Center.
Sensitive data discovery	Find out which storage buckets contain sensitive and regulated data using the Cloud DLP API. Help prevent unintended exposure and ensure access is based on need-to-know. The Cloud DLP API integrates automatically with Security Command Center.
Real-time notifications and remediation	Receive notifications about new findings or updates to findings within minutes and take action. Quickly remediate security alerts by using Pub/Sub events and Cloud Functions. Receive Security Command Center alerts via Gmail, SMS, and Jira with Pub/Sub notification integration.
Audit logs	Integrate Cloud Audit Logs events for Compute Engine, Google Cloud networking, Cloud Storage, Cloud IAM, and Binary Authorization into Security Command Center to help meet regulatory requirements or provide an audit trail while investigating an incident.