Menu
Enhancing Google Cloud protection: 4 new capabilities in Security Command Center

GCP – Enhancing Google Cloud protection: 4 new capabilities in Security Command Center

,

In today’s cloud environments, security teams need more than just surface-level visibility; they require actionable insight to ensure that their cloud workloads are safe. Unlike third-party cloud security tools that rely on data available via public APIs, Security Command Center (SCC) is built directly into Google Cloud. This gives us unmatched visibility into the safety of cloud workloads and the ability to orchestrate fixes when necessary. 

We are using this unique vantage point to further enhance the ability of Security Command Center to protect customers’ Google Cloud environments. Here are four new capabilities designed to help security teams do just that:

Simplify vulnerability management: Introducing agentless scanning for Compute Engine and GKE

Exploiting software vulnerabilities is a frequently observed initial infection vector in cyber attacks. According to M-Trends 2025, 33% of initial infection vectors began with an exploited vulnerability. 

For security teams, proactively identifying and remediating these vulnerabilities is crucial, yet traditional agent-based software scanning can introduce significant overhead and deployment headaches.

Security Command Center now offers a powerful alternative: vulnerability scanning for Google Compute Engine and Google Kubernetes Engine (GKE), without the requirement to deploy and manage software on each asset. This new capability, available in preview, allows your team to discover software and OS vulnerabilities in virtual machine instances, GKE kubernetes objects, and GKE clusters — at no additional charge.

Three key benefits of agentless vulnerability scanning include:

  • Reduce operational overhead: Eliminates agent deployment, configuration, updates, and potential performance impact, helping to simplify security workflows

  • Expand coverage: Scans virtual machines (VMs) even where agent installation is challenging or restricted, and when unauthorized VMs are provisioned by an adversary.

  • Maintain data residency: Respects Google Cloud environment boundaries you’ve established for scan results and data.

1

Security Command Center displays detailed vulnerability information.

Security Command Center also enriches the vulnerability report with data from Google Threat Intelligence, derived from defending billions of users and spending hundreds of thousands of hours investigating incidents. Insights include identifying the impact and the exploitability of the identified vulnerability, which are then aggregated. Overall findings are presented in a visual heat map to help security teams gain a better understanding of the threat landscape — and which vulnerabilities should be prioritized for remediation.

2

Security Command Center’s vulnerability heat map.

Find vulnerabilities in container images with Artifact Analysis integration

In today’s cloud-native world, container images are the building blocks of modern applications. Ensuring these images are free from known software vulnerabilities is a critical first line of defense. Security Command Center now supports vulnerability scanning for container images by integrating results from Google Cloud’s Artifact Analysis service.

For Security Command Center Enterprise customers, Artifact Registry scans are now included at no additional cost. This means customers can get alerted to vulnerabilities in their container images when they are deployed to a GKE cluster, Cloud Run, or App Engine as part of their SCC Enterprise subscription — enabling vulnerability management without additional costs.

aside_block
<ListValue: [StructValue([(‘title’, ‘$300 in free credit to try Google Cloud security products’), (‘body’, <wagtail.rich_text.RichText object at 0x3e207ff67c70>), (‘btn_text’, ‘Start building for free’), (‘href’, ‘http://console.cloud.google.com/freetrial?redirectPath=/welcome’), (‘image’, None)])]>

The heart of the service is driven by automated integration. Images are stored in Artifact Registry, and then scanned by Artifact Analysis to identify known vulnerabilities in both operating system and software packages. 

Any image that has been scanned in Artifact Registry will be associated with the container image version deployed to a GKE cluster, Cloud Run job or service, or App Engine instance, and have its vulnerability data linked directly. This can help ensure that the findings you see in the Security Command Center risk dashboard are relevant to your active deployments.

3

Security Command Center shows known vulnerabilities in Cloud Run images.

The integration allows security teams to directly view potential vulnerabilities in their deployed container images alongside all other Google Cloud security findings, and discover broader risks that could result from exploitation using virtual red teaming. This consolidated view simplifies risk assessment, streamlines remediation, and also can help reduce alert fatigue and tool sprawl.

Security Command Center integration with Artifact Analysis is now generally available.

Secure your serverless applications: Threat detection for Cloud Run 

Serverless computing platforms like Google Cloud Run allow organizations to build applications and websites without needing to manage the underlying infrastructure.

Security Command Center now integrates threat detection for Cloud Run services and jobs, available in preview. It employs 16 specialized detectors that continuously analyze Cloud Run deployments for potentially malicious activities. This scope of detection is not possible with third-party products, and includes: 

  • Behavioral analysis, which can identify activities such as the execution of unexpected binaries, connections to known malicious URLs, and attempts to establish reverse shells.

  • Malicious code detection, which can detect known malicious binaries and libraries used at runtime.

  • NLP-powered analysis, which uses natural language processing techniques to analyze Bash and Python code-execution patterns for signs of malicious intent.

  • Control plane monitoring; which analyzes Google Cloud Audit Logs (specifically IAM System Event and Admin Activity logs) to identify potential security threats, such as known cryptomining commands executed in Cloud Run jobs, or the default Compute Engine service account used to modify a Cloud Run service’s IAM policy, which could indicate a post-exploit privilege escalation attempt.

This layered detection strategy provides comprehensive visibility into potential threats targeting your Cloud Run applications, from code execution to control plane activities.

Uncover network anomalies with foundational log analysis 

Because Security Command Center is built into the Google Cloud infrastructure, it has direct, first-party access to log sources that can be analyzed to find anomalous and malicious activity. For instance, Security Command Center can automatically detect connections to known bad IP addresses — public IPs flagged for suspicious or malicious behavior by Google Threat Intelligence — by analyzing this internal network traffic.

Now generally available, this built-in capability offers a distinct advantage. While third-party cloud security products require customers to undertake the costly and complex process of purchasing, ingesting, storing, and analyzing VPC Flow Logs (often at additional expense) to gain similar network insights, Security Command Center provides this critical analysis natively and without having to export logs.

Take the next step

To evaluate Security Command Center capabilities and explore subscription options, please contact a Google Cloud sales representative or authorized Google Cloud partner. You can also learn how to activate Security Command Center here.

Please join our Security Command Center user community for product news and technical advice.

Read More for the details.

Related Posts