Monitor security risks with Security Command Center

Security Command Center helps you prevent, detect, and respond to security risks across Google Cloud and other cloud providers. When you enable Security Command Center, you can use the Google Cloud console to view the highest-priority security risks that affect your Compute Engine resources.

This document explains how to activate Security Command Center and view the dashboard that it provides for your Compute Engine resources.

Activate Security Command Center

To analyze your Compute Engine resources with Security Command Center, you must activate Security Command Center. This section explains the service tiers that Security Command Center offers and explains how to activate the Standard or Premium tier in your project.

Service tiers

When you activate Security Command Center, you choose which service tier to activate:

  • Standard. Enables basic scanning for risks and misconfigurations. Applies to your Google Cloud resources.
  • Premium. Provides enhanced scanning for risks, vulnerabilities, and misconfigurations, as well as security posture management, attack paths, threat detection, and compliance monitoring. Applies to your Google Cloud resources.
  • Enterprise. Offers a complete Cloud-Native Application Protection Platform (CNAPP) solution, including automated case management and remediation playbooks. Applies to your Google Cloud resources, as well as resources hosted by other cloud providers.

You can use the Standard tier at no additional charge. To learn about pricing for the Premium and Enterprise tiers, see Security Command Center pricing.

Activate Security Command Center in your project

To activate the Security Command Center Standard or Premium tier in your project, do the following:

  1. In the Google Cloud console, go to Compute Engine Overview.

    Go to Compute Engine Overview

  2. Look for a pane titled Example security findings. This pane shows examples of the types of security findings that you might see after you enable Security Command Center. These examples don't represent actual security issues in your project.

    If you see a pane titled Top security findings, then Security Command Center is already activated. You can skip the remaining steps.

  3. In the Example security findings pane, click Turn on security scanning for free. The activation pane opens.
  4. Optional: To choose a different service tier, find the service tier that you want to enable, and then click Select for that tier.
  5. Click Enable.

After you activate Security Command Center, it starts to analyze, or scan, your resources for Compute Engine and other Google Cloud services. This initial scan is usually complete within minutes or hours.

Review high-priority security risks

After Security Command Center completes an initial scan of your Compute Engine resources, you can review high-priority findings for your resources in the Google Cloud console. Each finding represents a security risk.

To review high-priority findings for your Compute Engine resources, do the following:

  1. In the Google Cloud console, go to Compute Engine Overview.

    Go to Compute Engine Overview

  2. Find the Top security findings pane. This pane lists the most important types of findings that affect your Compute Engine resources.

    • To view the high-priority findings in each category, click the name of the category.
    • To view all of your findings, click View all findings.

Get an overview of other risks

In addition to an overview of high-priority risks, you can use the Google Cloud console to view other types of security risks that affect your Compute Engine resources.

To get an overview of these additional risks, in the Google Cloud console, go to Security Risk Overview.

Go to Security Risk Overview

This page shows the following information:

Top security findings

This table lists the most important types of findings that affect your Compute Engine resources.

All findings over time

This chart shows the total number of Security Command Center findings over time for your Compute Engine instances. Findings are categorized by severity.

To change the date range, click the list, and then select a new value.

Top 5 CVE findings on your virtual machines

This table shows the most severe Common Vulnerabilities and Exposures (CVEs) that affect your virtual machines and other instances, including the exploitability and impact of each CVE.

To get more details, click the links in each pane.

What's next