Security Command Center is a cloud-based risk management solution that helps securityprofessionals to prevent, detect, and respond to security issues. It helps tokeep your cloud environment secure by providing tools to monitor and manage thefollowing areas:

• Vulnerability detection: Discover and remediate problems such asmisconfigurations, publicly exposed resources, leaked credentials, andresources with known risks. Monitor compliance against common securitybenchmarks like NIST, HIPAA, PCI-DSS, and CIS.
• Threat detection and mitigation: Detect and respond to active threats suchas malware, cryptocurrency miners, container runtime attacks, and distributeddenial-of-service (DDoS) attacks.
• Postures and policies: Define and deploy a security posture to monitor thestatus of your Google Cloud resources, and address posture drift when ithappens. Check for and correct over-permissioned accounts.
• Compliance and data security frameworks: Defineand deploy frameworks and cloud controls to monitor the status of yourGoogle Cloud resources, enforce data security, and address drift when ithappens.
• Data export: Export findings to BigQuery and Pub/Sub forfurther analysis.

For a complete list of services, seeService tier comparison.

Services that operate in each of these areas can generatefindings. Findingsare records of threats or other issues that a service has found in your cloudenvironments. Findings are generated by the following sources:

• Built-in: Security services that are part of Security Command Center.
• Integrated: Google Cloud security services that integrate withorganization-level activations of Security Command Center. Forexample, Google Cloud Armor and Sensitive Data Protection.
• Third party: Security services that have registered as Cloud Marketplacepartners, such asSnyk andCrowdStrike Falcon, that work with organization-level activations ofSecurity Command Center.See all third party security services.

For a list of available built-in, integrated, and third party security services,and instructions for how to configure them, seeConfigure Security Command Center services.

Service tiers

Security Command Center is offered in three service tiers: Standard, Premium, andEnterprise. Each tier determines the features and services that are available toyou in Security Command Center.

For more information about what each tier includes, seeService tiers.

Activation levels

You canactivate Security Command Centeron an individual project, which is known asproject-level activation, or anentire organization, which is known asorganization-level activation.

The Enterprise tier requires an organization-level activation.

What's next

• Learn aboutservice tiers.
• Activate Security Command Center.
• Learn about Security Command Centerdetection services.
• Learn how touse Security Command Center in the Google Cloud console.
• Configure your security services.