| CARVIEW |
CNAPP Security
Cloud security and AI protection
Security Command Center delivers the best security for Google Cloud environments, the best solution for managing cloud risks, and the best protection for AI workloads.
Join the Security Command Center Community to find answers, build skills, stay up-to-date, and make connections.
Features
AI Protection
Mitigate risk throughout the AI lifecycle, across your clouds and models. Discover and catalog AI assets, including the use of models, applications, and data—and their relationships. Guard against prompt injection, jailbreak, data loss, malicious URLs, and offensive content. Defend your AI systems against AI-specific threats and risks.
Built-in threat detection
Detect active threats in near real-time using specialized detectors that are built into the Google Cloud infrastructure. Quickly discover malicious and suspicious activity in Google Cloud services, including Compute Engine, GKE, BigQuery, CloudRun, and more. Protect your organization with the industry's only Cryptomining Protection Program.
Virtual red teaming
Find high-risk gaps in cloud defenses by simulating a sophisticated and determined attacker. Virtual red teaming runs millions of attack permutations against a digital twin model of an organization’s cloud environment and can discover attack paths, toxic combinations, and chokepoints that are unique to each customer’s cloud environment.
Compliance Manager
Combine policy definition, control configuration, enforcement, monitoring, and audit into a unified workflow. Get an end-to-end view of the state compliance, with easy monitoring and reporting. Use Audit Manager to automatically generate verifiable evidence to prove compliance to auditors.
Cloud posture management
Automatically scan your cloud environment to identify cloud misconfigurations and software vulnerabilities that could lead to compromise—without having to install or manage agents. High-risk findings are presented on the Security Command Center risk dashboard so you know which issues to prioritize. Built-in response capabilities, including playbooks, can help you remediate misconfigurations and vulnerabilities to improve your overall cloud security posture.
Shift left security
Find security issues before they happen. Developers get access to thousands of software packages tested and validated by Google via Assured Open Source Software. DevOps and DevSecOps teams get posture controls to define and monitor security guardrails in the infrastructure, and can use infrastructure as code (IaC) scanning to implement consistent security policies from code to cloud by validating security controls during the build process.
Cloud Infrastructure and Entitlement Management (CIEM)
Reduce identity-related risks by granting users the minimum level of access and permissions needed to perform their job. Understand which users have access to which cloud resources, get ML-generated recommendations to reduce unused and unnecessary permissions, and use out-of-the box playbooks to accelerate responses to identity-driven vulnerabilities. Compatible with Google Cloud IAM, Entra ID (Azure AD), AWS IAM, and Okta.
Data security posture management
Includes Sensitive Data Protection to automatically monitor, categorize, and manage sensitive cloud data to ensure that it has the right security, privacy, and compliance posture and controls. Use more than 150 AI-driven data classifiers to discover and classify structured and unstructured data across your organization. Automatically use high-value data findings to improve virtual red team results.
Learn more
| Security Command Center | Description | Best for | Activation and pricing |
|---|---|---|---|
Enterprise | Complete multi-cloud CNAPP security, plus automated case management and remediation playbooks | Protecting Google Cloud, AWS and/or Azure. Best value. Google recommended | Subscription-based pricing |
Premium | Security posture management, attack paths, threat detection, and compliance monitoring for Google Cloud only | Google Cloud customers who need pay-as-you-go billing | Pay-as-you-go pricing with self-service activation |
Standard | Basic security posture management for Google Cloud only | Google Cloud environments with minimal security requirements | No cost self-service activation |
Read about Security Command Center offerings in our documentation.
Enterprise
Complete multi-cloud CNAPP security, plus automated case management and remediation playbooks
Protecting Google Cloud, AWS and/or Azure. Best value. Google recommended
Subscription-based pricing
Premium
Security posture management, attack paths, threat detection, and compliance monitoring for Google Cloud only
Google Cloud customers who need pay-as-you-go billing
Pay-as-you-go pricing with self-service activation
Standard
Basic security posture management for Google Cloud only
Google Cloud environments with minimal security requirements
No cost self-service activation
Read about Security Command Center offerings in our documentation.
How It Works
Security Command Center brings together proactive and reactive security; delivering posture management and threat detection for code, identities, and data. Built-in remediation streamlines security response. It’s all powered by Google innovation, running on a planet-scale data lake.
Security Command Center brings together proactive and reactive security; delivering posture management and threat detection for code, identities, and data. Built-in remediation streamlines security response. It’s all powered by Google innovation, running on a planet-scale data lake.
Common Uses
Risk-centric cloud security
Prioritize cloud risks that matter
Prioritize cloud risks that matter
Use virtual red team capabilities to quickly find the high-risk cloud security issues that could lead to significant business impact. Leverage a detailed risk dashboard to view attack path details, toxic combinations of issues, attack exposure scoring, and hand-crafted CVE information from Mandiant to prioritize response efforts.
Identifying and Prioritizing Cloud Risks with a Cloud-native Application Protection Platform
Tutorials, quickstarts, & labs
Prioritize cloud risks that matter
Prioritize cloud risks that matter
Use virtual red team capabilities to quickly find the high-risk cloud security issues that could lead to significant business impact. Leverage a detailed risk dashboard to view attack path details, toxic combinations of issues, attack exposure scoring, and hand-crafted CVE information from Mandiant to prioritize response efforts.
Learning resources
Identifying and Prioritizing Cloud Risks with a Cloud-native Application Protection Platform
Cloud workload protection
Detect and stop active attacks
Detect and stop active attacks
Discover when bad actors have infiltrated your cloud environment. Put Mandiant threat intelligence at your fingertips to find cyber attacks, including malicious execution, privilege escalation, data exfiltration, defense evasion, and more. Get threats assigned to high-priority cases, enriched with additional evidence, and use cloud-specific playbooks to remove attackers from your cloud.
Tutorials, quickstarts, & labs
Detect and stop active attacks
Detect and stop active attacks
Discover when bad actors have infiltrated your cloud environment. Put Mandiant threat intelligence at your fingertips to find cyber attacks, including malicious execution, privilege escalation, data exfiltration, defense evasion, and more. Get threats assigned to high-priority cases, enriched with additional evidence, and use cloud-specific playbooks to remove attackers from your cloud.
Built-in security response
Investigate and fix high-risk issues
Investigate and fix high-risk issues
Add built-in response capabilities and start resolving security issues faster and eliminate the backlog of unresolved risks. Use automatic case management that groups related security issues, and identifies the right resource or project owner. Then simplify investigation with Gemini AI, streamline remediation with out-of-the-box playbooks, and plug into your existing ITSM and ticketing system.
Tutorials, quickstarts, & labs
Investigate and fix high-risk issues
Investigate and fix high-risk issues
Add built-in response capabilities and start resolving security issues faster and eliminate the backlog of unresolved risks. Use automatic case management that groups related security issues, and identifies the right resource or project owner. Then simplify investigation with Gemini AI, streamline remediation with out-of-the-box playbooks, and plug into your existing ITSM and ticketing system.
Shift left security
Fix issues before they happen
Fix issues before they happen
Mitigate supply chain risks that can be introduced during the software development process by using thousands of software packages tested and validated by Google. Scan infrastructure as code (IaC) files and CI/CD pipelines to identify resource violations, and set custom posture controls that detect and alert if cloud configurations drift from centrally-defined guardrails or compliance standards.
Tutorials, quickstarts, & labs
Fix issues before they happen
Fix issues before they happen
Mitigate supply chain risks that can be introduced during the software development process by using thousands of software packages tested and validated by Google. Scan infrastructure as code (IaC) files and CI/CD pipelines to identify resource violations, and set custom posture controls that detect and alert if cloud configurations drift from centrally-defined guardrails or compliance standards.
Security posture
Make your clouds safe for critical applications and data
Make your clouds safe for critical applications and data
Proactively find vulnerabilities and misconfigurations in your multi-cloud environment before attackers can exploit them to access sensitive cloud resources. Then use attack paths and attack exposure scoring to prioritize the security issues that pose the most risk. Monitor compliance to industry standards, such as CIS, PCI-DSS, NIST, and more. Export results to risk and compliance teams.
Tutorials, quickstarts, & labs
Make your clouds safe for critical applications and data
Make your clouds safe for critical applications and data
Proactively find vulnerabilities and misconfigurations in your multi-cloud environment before attackers can exploit them to access sensitive cloud resources. Then use attack paths and attack exposure scoring to prioritize the security issues that pose the most risk. Monitor compliance to industry standards, such as CIS, PCI-DSS, NIST, and more. Export results to risk and compliance teams.
Pricing
| How Security Command Center pricing works | Pricing is based on the total number of assets in the cloud environments being protected. | |
|---|---|---|
| Product tier | Activation | Price USD |
Enterprise | Available via one or multi-year subscription, with built-in term discounts | |
Premium | Available via self-service activation with pay-as-you-go consumption pricing, at a project-level or organization-level | |
Standard | Available via self-service activation, at a project-level or organization-level | No cost |
How Security Command Center pricing works
Pricing is based on the total number of assets in the cloud environments being protected.
Enterprise
Available via one or multi-year subscription, with built-in term discounts
Premium
Available via self-service activation with pay-as-you-go consumption pricing, at a project-level or organization-level
Standard
Available via self-service activation, at a project-level or organization-level
No cost
- Accelerate your digital transformation
- Whether your business is early in its journey or well on its way to digital transformation, Google Cloud can help solve your toughest challenges.
- Key benefits
- Not seeing what you're looking for?
- See all industry solutions
- Featured Products
- AI and Machine Learning
- Business Intelligence
- Compute
- Containers
- Data Analytics
- Databases
- Developer Tools
- Distributed Cloud
- Hybrid and Multicloud
- Industry Specific
- Integration Services
- Management Tools
- Maps and Geospatial
- Media Services
- Migration
- Mixed Reality
- Networking
- Operations
- Productivity and Collaboration
- Security and Identity
- Serverless
- Storage
- Web3
- Featured Products
- Not seeing what you're looking for?
- See all products (100+)
- Not seeing what you're looking for?
- See all AI and machine learning products
- Business Intelligence
- Not seeing what you're looking for?
- See all compute products
- Not seeing what you're looking for?
- See all data analytics products
- Not seeing what you're looking for?
- See all developer tools
- Hybrid and Multicloud
- Industry Specific
- Not seeing what you're looking for?
- See all management tools
- Media Services
- Not seeing what you're looking for?
- See all networking products
- Productivity and Collaboration
- Not seeing what you're looking for?
- See all security and identity products
- Save money with our transparent approach to pricing
- Google Cloud's pay-as-you-go pricing offers automatic savings based on monthly usage and discounted rates for prepaid resources. Contact us today to get a quote.
- Pricing overview and tools
- Learn & build
- Connect
- Accelerate your digital transformation
- Learn more
- Key benefits
- Why Google Cloud
- AI and ML
- Multicloud
- Global infrastructure
- Data Cloud
- Modern Infrastructure Cloud
- Security
- Productivity and collaboration
- Reports and insights
- Executive insights
- Analyst reports
- Whitepapers
- Customer stories
- Industry Solutions
- Retail
- Consumer Packaged Goods
- Financial Services
- Healthcare and Life Sciences
- Media and Entertainment
- Telecommunications
- Games
- Manufacturing
- Supply Chain and Logistics
- Government
- Education
- See all industry solutions
- See all solutions
- Application Modernization
- CAMP
- Modernize Traditional Applications
- Migrate from PaaS: Cloud Foundry, Openshift
- Migrate from Mainframe
- Modernize Software Delivery
- DevOps Best Practices
- SRE Principles
- Day 2 Operations for GKE
- FinOps and Optimization of GKE
- Run Applications at the Edge
- Architect for Multicloud
- Go Serverless
- Artificial Intelligence
- Customer Engagement Suite with Google AI
- Document AI
- Vertex AI Search for retail
- Gemini for Google Cloud
- Generative AI on Google Cloud
- APIs and Applications
- New Business Channels Using APIs
- Unlocking Legacy Applications Using APIs
- Open Banking APIx
- Data Analytics
- Data Migration
- Data Lake Modernization
- Stream Analytics
- Marketing Analytics
- Datasets
- Business Intelligence
- AI for Data Analytics
- Databases
- Database Migration
- Database Modernization
- Databases for Games
- Google Cloud Databases
- Migrate Oracle workloads to Google Cloud
- Open Source Databases
- SQL Server on Google Cloud
- Gemini for Databases
- Infrastructure Modernization
- Application Migration
- SAP on Google Cloud
- High Performance Computing
- Windows on Google Cloud
- Data Center Migration
- Active Assist
- Virtual Desktops
- Rapid Migration and Modernization Program
- Backup and Disaster Recovery
- Red Hat on Google Cloud
- Cross-Cloud Network
- Observability
- Productivity and Collaboration
- Google Workspace
- Google Workspace Essentials
- Cloud Identity
- Chrome Enterprise
- Security
- Security Analytics and Operations
- Web App and API Protection
- Security and Resilience Framework
- Risk and compliance as code (RCaC)
- Software Supply Chain Security
- Security Foundation
- Google Cloud Cybershield™
- Startups and SMB
- Startup Program
- Small and Medium Business
- Software as a Service
- Featured Products
- Compute Engine
- Cloud Storage
- BigQuery
- Cloud Run
- Google Kubernetes Engine
- Vertex AI
- Looker
- Apigee API Management
- Cloud SQL
- Gemini
- Cloud CDN
- See all products (100+)
- AI and Machine Learning
- Vertex AI Platform
- Vertex AI Studio
- Vertex AI Agent Builder
- Conversational Agents
- Vertex AI Search
- Speech-to-Text
- Text-to-Speech
- Translation AI
- Document AI
- Vision AI
- Contact Center as a Service
- See all AI and machine learning products
- Business Intelligence
- Looker
- Looker Studio
- Compute
- Compute Engine
- App Engine
- Cloud GPUs
- Migrate to Virtual Machines
- Spot VMs
- Batch
- Sole-Tenant Nodes
- Bare Metal
- Recommender
- VMware Engine
- Cloud Run
- See all compute products
- Containers
- Google Kubernetes Engine
- Cloud Run
- Cloud Build
- Artifact Registry
- Cloud Code
- Cloud Deploy
- Migrate to Containers
- Deep Learning Containers
- Knative
- Data Analytics
- BigQuery
- Looker
- Dataflow
- Pub/Sub
- Dataproc
- Cloud Data Fusion
- Cloud Composer
- BigLake
- Dataplex
- Dataform
- Analytics Hub
- See all data analytics products
- Databases
- AlloyDB for PostgreSQL
- Cloud SQL
- Firestore
- Spanner
- Bigtable
- Datastream
- Database Migration Service
- Bare Metal Solution
- Memorystore
- Developer Tools
- Artifact Registry
- Cloud Code
- Cloud Build
- Cloud Deploy
- Cloud Deployment Manager
- Cloud SDK
- Cloud Scheduler
- Cloud Source Repositories
- Infrastructure Manager
- Cloud Workstations
- Gemini Code Assist
- See all developer tools
- Distributed Cloud
- Google Distributed Cloud Connected
- Google Distributed Cloud Air-gapped
- Hybrid and Multicloud
- Google Kubernetes Engine
- Apigee API Management
- Migrate to Containers
- Cloud Build
- Observability
- Cloud Service Mesh
- Google Distributed Cloud
- Industry Specific
- Anti Money Laundering AI
- Cloud Healthcare API
- Device Connect for Fitbit
- Telecom Network Automation
- Telecom Data Fabric
- Telecom Subscriber Insights
- Spectrum Access System (SAS)
- Integration Services
- Application Integration
- Workflows
- Apigee API Management
- Cloud Tasks
- Cloud Scheduler
- Dataproc
- Cloud Data Fusion
- Cloud Composer
- Pub/Sub
- Eventarc
- Management Tools
- Cloud Shell
- Cloud console
- Cloud Endpoints
- Cloud IAM
- Cloud APIs
- Service Catalog
- Cost Management
- Observability
- Carbon Footprint
- Config Connector
- Active Assist
- See all management tools
- Maps and Geospatial
- Earth Engine
- Google Maps Platform
- Media Services
- Cloud CDN
- Live Stream API
- OpenCue
- Transcoder API
- Video Stitcher API
- Migration
- Migration Center
- Application Migration
- Migrate to Virtual Machines
- Cloud Foundation Toolkit
- Database Migration Service
- Migrate to Containers
- BigQuery Data Transfer Service
- Rapid Migration and Modernization Program
- Transfer Appliance
- Storage Transfer Service
- VMware Engine
- Mixed Reality
- Immersive Stream for XR
- Networking
- Cloud Armor
- Cloud CDN and Media CDN
- Cloud DNS
- Cloud Load Balancing
- Cloud NAT
- Cloud Connectivity
- Network Connectivity Center
- Network Intelligence Center
- Network Service Tiers
- Virtual Private Cloud
- Private Service Connect
- See all networking products
- Operations
- Cloud Logging
- Cloud Monitoring
- Error Reporting
- Managed Service for Prometheus
- Cloud Trace
- Cloud Profiler
- Cloud Quotas
- Productivity and Collaboration
- AppSheet
- AppSheet Automation
- Google Workspace
- Google Workspace Essentials
- Gemini for Workspace
- Cloud Identity
- Chrome Enterprise
- Security and Identity
- Cloud IAM
- Sensitive Data Protection
- Mandiant Managed Defense
- Google Threat Intelligence
- Security Command Center
- Cloud Key Management
- Mandiant Incident Response
- Chrome Enterprise Premium
- Assured Workloads
- Google Security Operations
- Mandiant Consulting
- See all security and identity products
- Serverless
- Cloud Run
- Cloud Functions
- App Engine
- Workflows
- API Gateway
- Storage
- Cloud Storage
- Block Storage
- Filestore
- Persistent Disk
- Cloud Storage for Firebase
- Local SSD
- Storage Transfer Service
- Parallelstore
- Google Cloud NetApp Volumes
- Backup and DR Service
- Web3
- Blockchain Node Engine
- Blockchain RPC
- Save money with our transparent approach to pricing
- Request a quote
- Pricing overview and tools
- Google Cloud pricing
- Pricing calculator
- Google Cloud free tier
- Cost optimization framework
- Cost management tools
- Product-specific Pricing
- Compute Engine
- Cloud SQL
- Google Kubernetes Engine
- Cloud Storage
- BigQuery
- See full price list with 100+ products
- Learn & build
- Google Cloud Free Program
- Solution Generator
- Quickstarts
- Blog
- Learning Hub
- Google Cloud certification
- Cloud computing basics
- Cloud Architecture Center
- Connect
- Innovators
- Developer Center
- Events and webinars
- Google Cloud Community
- Consulting and Partners
- Google Cloud Consulting
- Google Cloud Marketplace
- Google Cloud partners
- Become a partner