Multi-cloud security

Cloud security and risk management for multi-cloud environments

The industry’s first multi-cloud security solution with virtual red teaming and built-in response capabilities—supercharged by Mandiant expertise and Gemini AI at Google scale.

Join the Security Command Center Community to find answers, build skills, stay up-to-date, and make connections.

Features

Built-in response

Take direct action on cloud security issues to reduce risk. Cloud misconfigurations, vulnerabilities, and toxic combinations of issues are automatically grouped into cases, enriched with the latest threat intelligence, and assigned to the right owner for investigation and remediation. Streamline response with custom and out-of-the-box playbooks, and integrate with popular ITSM and ticketing solutions.

Threat detection

World-class Mandiant threat intelligence and expertise is infused into the core solution architecture, enabling security teams to detect and stop the latest cyber threats. It identifies indicators of compromise (IOCs) to find and block newly-discovered crytpominers, command and control domains, and more. Curated threat rules are continuously applied to cloud telemetry and workload data to find active threats, while malicious files are detected when uploaded into the cloud environment.

Continuous virtual red teaming

Find high-risk security issues by simulating a motivated and sophisticated attacker who attempts to reach and compromise cloud resources. Millions of attack permuations run against a digital twin model of your cloud environment to predict where an external attacker could strike, identify cloud resources that could be exposed, and determine the possible blast radius of an attack. Virtual red team results, including attack paths, risk scoring, and toxic combinations, are then used to prioritize remediation.

Cloud posture management

Identify cloud misconfigurations, software vulnerabilities, and compliance violations across multi-cloud environments. Get visibility of cloud assets and resources, and identify security issues that could lead to compromise. Security findings are assigned an attack exposure score and are mapped on Security Command Center’s risk dashboard to help prioritize security response.

Shift left security

Find security issues before they happen. Developers get access to thousands of software packages tested and validated by Google via Assured Open Source Software. DevOps and DevSecOps teams get posture controls to define and monitor security guardrails in the infrastructure, and can use infrastructure as code (IaC) scanning to implement consistent security policies from code to cloud by validating security controls during the build process.

Cloud Infrastructure and Entitlement Management (CIEM)

Reduce identity-related risks by granting users the minimum level of access and permissions needed to perform their job. Understand which users have access to which cloud resources, get ML-generated recommendations to reduce unused and unnecessary permissions, and use out-of-the box playbooks to accelerate responses to identity-driven vulnerabilities. Compatible with Google Cloud IAM, Entra ID (Azure AD), AWS IAM, and Okta.

Mandiant Hunt

Uncover threats hiding in your cloud environments with Mandiant Hunt. Our experts proactively analyze your multicloud data, armed with the latest knowledge of adversary tactics, techniques, and procedures (TTPs) targeting cloud systems. This optional, paid-for service uses continuous intelligence from Mandiant frontline experts, VirusTotal, and Google Cloud security data. You'll receive findings mapped to the MITRE ATT&CK framework, offering actionable context to strengthen your cloud security posture.

Data security posture management

Automatically monitor, categorize, and manage sensitive cloud data to ensure that it has the right security, privacy, and compliance posture and controls. Use more than 150 AI-driven data classifiers to discover and classify structured and unstructured data across your organization. Automatically use high-value data findings to improve virtual red team results.

Options Table

Security Command CenterDescriptionBest forActivation and pricing

Enterprise

Complete multi-cloud CNAPP security, plus automated case management and remediation playbooks

Protecting Google Cloud, AWS and/or Azure. Best value. Google recommended



Subscription-based pricing


Premium

Security posture management, attack paths, threat detection, and compliance monitoring for Google Cloud only



Google Cloud customers who need pay-as-you-go billing

Pay-as-you-go pricing with self-service activation

Standard

Basic security posture management for Google Cloud only

Google Cloud environments with minimal security requirements

No cost self-service activation

Learn more about Security Command Center offerings in our documentation.

Enterprise

Description

Complete multi-cloud CNAPP security, plus automated case management and remediation playbooks

Best for

Protecting Google Cloud, AWS and/or Azure. Best value. Google recommended



Activation and pricing

Subscription-based pricing


Premium

Description

Security posture management, attack paths, threat detection, and compliance monitoring for Google Cloud only



Best for

Google Cloud customers who need pay-as-you-go billing

Activation and pricing

Pay-as-you-go pricing with self-service activation

Standard

Description

Basic security posture management for Google Cloud only

Best for

Google Cloud environments with minimal security requirements

Activation and pricing

No cost self-service activation

Learn more about Security Command Center offerings in our documentation.

How It Works

Security Command Center brings together proactive and reactive security; delivering posture management and threat detection for code, identities, and data. Built-in remediation streamlines security response. It’s all powered by Google innovation, running on a planet-scale data lake.

Product Architecture

Common Uses

Risk-centric cloud security

Prioritize cloud risks that matter

Use virtual red team capabilities to quickly find the high-risk cloud security issues that could lead to significant business impact. Leverage a detailed risk dashboard to view attack path details, toxic combinations of issues, attack exposure scoring, and hand-crafted CVE information from Mandiant to prioritize response efforts.

Read about our risk technology

    Prioritize cloud risks that matter

    Use virtual red team capabilities to quickly find the high-risk cloud security issues that could lead to significant business impact. Leverage a detailed risk dashboard to view attack path details, toxic combinations of issues, attack exposure scoring, and hand-crafted CVE information from Mandiant to prioritize response efforts.

    Read about our risk technology

      Identifying and Prioritizing Cloud Risks with a Cloud-native Application Protection Platform

      Threat intelligence delivered within a cloud-native application protection platform wrapper enriches and prioritizes risk scoring to deliver on a promise of holistic, unified security.
      Read the IDC Spotlight whitepaper

        Cloud workload protection

        Detect and stop active attacks

        Discover when bad actors have infiltrated your cloud environment. Put Mandiant threat intelligence at your fingertips to find cyber attacks, including malicious execution, privilege escalation, data exfiltration, defense evasion, and more. Get threats assigned to high-priority cases, enriched with additional evidence, and use cloud-specific playbooks to remove attackers from your cloud.

        Learn threat detection for Google Cloud

          Detect and stop active attacks

          Discover when bad actors have infiltrated your cloud environment. Put Mandiant threat intelligence at your fingertips to find cyber attacks, including malicious execution, privilege escalation, data exfiltration, defense evasion, and more. Get threats assigned to high-priority cases, enriched with additional evidence, and use cloud-specific playbooks to remove attackers from your cloud.

          Learn threat detection for Google Cloud

            Built-in security response

            Investigate and fix high-risk issues

            Add built-in response capabilities and start resolving security issues faster and eliminate the backlog of unresolved risks. Use automatic case management that groups related security issues, and identifies the right resource or project owner. Then simplify investigation with Gemini AI, streamline remediation with out-of-the-box playbooks, and plug into your existing ITSM and ticketing system.

            Read an ESG white paper

              Investigate and fix high-risk issues

              Add built-in response capabilities and start resolving security issues faster and eliminate the backlog of unresolved risks. Use automatic case management that groups related security issues, and identifies the right resource or project owner. Then simplify investigation with Gemini AI, streamline remediation with out-of-the-box playbooks, and plug into your existing ITSM and ticketing system.

              Read an ESG white paper

                Shift left security

                Fix issues before they happen

                Mitigate supply chain risks that can be introduced during the software development process by using thousands of software packages tested and validated by Google. Scan infrastructure as code (IaC) files and CI/CD pipelines to identify resource violations, and set custom posture controls that detect and alert if cloud configurations drift from centrally-defined guardrails or compliance standards.

                  Fix issues before they happen

                  Mitigate supply chain risks that can be introduced during the software development process by using thousands of software packages tested and validated by Google. Scan infrastructure as code (IaC) files and CI/CD pipelines to identify resource violations, and set custom posture controls that detect and alert if cloud configurations drift from centrally-defined guardrails or compliance standards.

                    Security posture

                    Make your clouds safe for critical applications and data

                    Proactively find vulnerabilities and misconfigurations in your multi-cloud environment before attackers can exploit them to access sensitive cloud resources. Then use attack paths and attack exposure scoring to prioritize the security issues that pose the most risk. Monitor compliance to industry standards, such as CIS, PCI-DSS, NIST, and more. Export results to risk and compliance teams.

                    Get an overview of Google Cloud posture

                      Make your clouds safe for critical applications and data

                      Proactively find vulnerabilities and misconfigurations in your multi-cloud environment before attackers can exploit them to access sensitive cloud resources. Then use attack paths and attack exposure scoring to prioritize the security issues that pose the most risk. Monitor compliance to industry standards, such as CIS, PCI-DSS, NIST, and more. Export results to risk and compliance teams.

                      Get an overview of Google Cloud posture

                        Pricing

                        How Security Command Center pricing worksPricing is based on the total number of assets in the cloud environments being protected.
                        Product tierActivationPrice USD

                        Enterprise

                        Available via one or multi-year subscription, with built-in term discounts


                        Premium

                        Available via self-service activation with pay-as-you-go consumption pricing, at a project-level or organization-level

                        Standard

                        Available via self-service activation, at a project-level or organization-level

                        No cost

                        How Security Command Center pricing works

                        Pricing is based on the total number of assets in the cloud environments being protected.

                        Enterprise

                        Activation

                        Available via one or multi-year subscription, with built-in term discounts


                        Price USD

                        Premium

                        Activation

                        Available via self-service activation with pay-as-you-go consumption pricing, at a project-level or organization-level

                        Price USD

                        Standard

                        Activation

                        Available via self-service activation, at a project-level or organization-level

                        Price USD

                        No cost

                        SCC PREMIUM PRICING

                        Learn about pay-as-you-go pricing for SCC Premium.

                        SCC ENTERPRISE PRICING

                        Connect with our sales team to get a quote for a one-year or multi-year subscription.

                        Get started today

                        Activate SCC Premium for Google Cloud

                        Start a proof of concept

                        Get more technical product information

                        Expand your cloud security knowledge

                        Google Cloud
                        • ‪English‬
                        • ‪Deutsch‬
                        • ‪Español‬
                        • ‪Español (Latinoamérica)‬
                        • ‪Français‬
                        • ‪Indonesia‬
                        • ‪Italiano‬
                        • ‪Português (Brasil)‬
                        • ‪简体中文‬
                        • ‪繁體中文‬
                        • ‪日本語‬
                        • ‪한국어‬
                        Console
                        Google Cloud
                          翻译: