Security Command Center overview (original) (raw)

Security Command Center is a cloud-based risk management solution that helps security professionals to prevent, detect, and respond to security issues. It helps to keep your cloud environment secure by providing tools to monitor and manage the following areas:

• Vulnerability detection: Discover and remediate problems such as misconfigurations, publicly exposed resources, leaked credentials, and resources with known risks. Monitor compliance against common security benchmarks like NIST, HIPAA, PCI-DSS, and CIS.
• Threat detection and mitigation: Detect and respond to active threats such as malware, cryptocurrency miners, container runtime attacks, and distributed denial-of-service (DDoS) attacks.
• Postures and policies: Define and deploy a security posture to monitor the status of your Google Cloud resources, and address posture drift when it happens. Check for and correct over-permissioned accounts.
• Data export: Export findings to BigQuery and Pub/Sub for further analysis.

For a complete list of services, seeService tier comparison.

Services that operate in each of these areas can generate findings. Findings are records of threats or other issues that a service has found in your cloud environments. Findings are generated by the following sources:

• Built-in: Security services that are part of Security Command Center.
• Integrated: Google Cloud security services that integrate withorganization-level activations of Security Command Center. For example, Google Cloud Armor and Sensitive Data Protection.
• Third party: Security services that have registered as Cloud Marketplace partners, such as Snyk and CrowdStrike Falcon, that work with organization-level activations of Security Command Center.See all third party security services.

For a list of available built-in, integrated, and third party security services, and instructions for how to configure them, seeConfigure Security Command Center services.

Service tiers

Security Command Center is offered in three service tiers: Standard, Premium, and Enterprise. Each tier determines the features and services that are available to you in Security Command Center.

For more information on what each tier includes, seeService tiers.

Activation levels

You can activate Security Command Centeron an individual project, which is known as project-level activation, or an entire organization, which is known as organization-level activation.

The Enterprise tier requires an organization-level activation.

What's next

• Learn about service tiers.
• Activate Security Command Center.
• Learn about Security Command Centerdetection services.
• Learn how touse Security Command Center in the Google Cloud console.
• Configure your security services.