Cloud Blog: Strengthen GCE and GKE security with new dashboards powered by Security Command Center

Sep 19, 2025

—

Source URL: https://cloud.google.com/blog/products/identity-security/new-gce-and-gke-dashboards-strengthen-security-posture/
Source: Cloud Blog
Title: Strengthen GCE and GKE security with new dashboards powered by Security Command Center

Feedly Summary: As cloud infrastructure evolves, so should how you safeguard that technology. As part of our efforts to help you maintain a strong security posture, we’ve introduced powerful capabilities that can address some of the thorniest challenges faced by IT teams who work with Google Compute Engine (GCE) virtual machines and Google Kubernetes Engine (GKE) containers.
Infrastructure administrators face critical security challenges such as publicly accessible storage, software flaws, excessive permissions, and malware. That’s why we’ve introduced new, integrated security dashboards in GCE and GKE consoles, powered by Security Command Center (SCC). Available now, these dashboards can provide critical security insights and proactively highlight potential vulnerabilities, misconfiguration risks, and active threats relevant to your compute engine instances and Kubernetes clusters.
Embedding crucial security insights directly in GCE and GKE environments can empower you to address relevant security issues faster, and play a key role in maintaining a more secure environment over time.
Gain better visibility, directly where you work
The GCE Security Risk Overview page now shows top security findings, vulnerability findings over time, and common vulnerabilities and exploits (CVEs) on your virtual machines. These security insights, powered by Google Threat Intelligence, provide dynamic analysis based on the latest threats uncovered by Mandiant expert analysts. With these insights, you can make better decisions such as which virtual machine to patch first, how to better manage public access, and which CVEs to prioritize for your engineering team.
The top security findings can help prioritize the biggest risks in your environment such as misconfigurations that lead to overly accessible resources, critical software vulnerabilities, and potential moderate risks that may pose a combined critical risk.
Vulnerability findings over time can help assess how well your software engineering team is addressing known software vulnerabilities. CVE details are presented in two widgets: a heatmap distribution on the exploitability and potential impact of the vulnerabilities in your environment, and a list of the top five CVEs found in your virtual machines.

New GCE Security Risk Dashboard highlights top security insights.

The updated GKE console is similar, designed to help teams make better remediation decisions and catch threats before they escalate. A dedicated GKE security page displays streamlined findings on misconfigurations, top threats, and vulnerabilities:

The Workloads configuration widget highlights potential misconfigurations, such as over-permissive containers and pod and namespace risks.

Top threats highlight Kubernetes and container threats, such as cryptomining, privilege escalation, and malicious code execution.

Top software vulnerabilities highlight top CVEs and prioritize them based on their prevalence in your environment and the severity impact.

New GKE Security Posture Dashboard highlights key security insights.

Fully activate dashboards by upgrading to Security Command Center Premium
The GCE and GKE security dashboards, powered by Security Command Center, include the security findings widget (in the GCE dashboard) and the workload configurations widget (in the GKE dashboard).
To access the vulnerabilities and threats widgets, we recommend upgrading to Security Command Center Premium directly from the dashboards, available as a 30-day free trial. You can review the GCE documentation and GKE documentation to learn more about the security dashboards. To learn more about Security Command Center Premium and our different service tiers review the service tier documentation. You can learn more about Security Command Center Premium here.

AI Summary and Description: Yes

Summary: The text discusses the evolution of security features in Google Cloud’s infrastructure, specifically targeting the Google Compute Engine (GCE) and Google Kubernetes Engine (GKE). It highlights new capabilities that address various security challenges faced by infrastructure administrators, offering security insights and dashboards to manage vulnerabilities and threats effectively.

Detailed Description: The passage outlines significant enhancements to security for Google Cloud’s infrastructure services, particularly focusing on GCE and GKE. Here are the key insights and implications for security professionals:

– **Integrated Security Dashboards**:
– New security dashboards introduced in GCE and GKE consoles help users gain visibility into security findings and vulnerabilities.
– The dashboards are powered by Security Command Center (SCC), which enhances security oversight.

– **Critical Security Challenges**:
– Infrastructure administrators are often confronted with issues like publicly accessible storage, software vulnerabilities, excessive permissions, and malware.
– The dashboards are designed to tackle these issues by highlighting potential misconfigurations, active threats, and vulnerability trends.

– **GCE Security Risk Overview page**:
– This feature presents key metrics such as vulnerability findings over time, a list of common vulnerabilities and exploits (CVEs), and top security findings.
– Insights derived from Google Threat Intelligence, based on analysis by Mandiant, enable administrators to prioritize specific vulnerabilities.

– **Prioritization and Decision-Making**:
– With the information provided, users can make informed decisions about patch management, public access management, and vulnerability prioritization for their engineering teams.
– The dashboards assist in identifying and prioritizing critical risk factors, such as misconfigurations and software vulnerabilities.

– **GKE Security Console**:
– A dedicated security page in the GKE console mirrors these features, targeting container and Kubernetes-related threats.
– Key components include:
– Workloads configuration widget to identify misconfigurations like over-permissive containers.
– Highlighting top threats such as cryptomining and privilege escalation.

– **Accessing Enhanced Features**:
– The text encourages upgrading to Security Command Center Premium for full functionalities of the dashboards.
– Users can avail themselves of a free trial to explore the premium features.

These enhancements are significant for security and compliance professionals as they provide practical tools to mitigate security risks, enhance visibility over cloud-based environments, and foster a proactive approach to addressing vulnerabilities in real time.

3 a access access management Act active threats administrators ads age AI All analysis and app art as at ated AWS based based environments Bi board by C capabilities challenge challenges CI CIA Cloud cloud infrastructure cloud-based cluster co code code execution command Command Center Common Vulnerabilities compliance compliance professionals compute Compute Engine Configuration configurations Console container containers critical critical risk Crypto cryptomining CVE CVEs D dashboard dashboards day de decision decision-making decisions design document documentation dynamic analysis e effective end Engineer engineering engineering teams environment environments escalation execution exp expert exploit exploitability exploits face fact fast faster feature features first flaws for free front full function g Gen GKE Go Google Google Cloud Google Compute Engine Google Kubernetes Google Kubernetes Engine Google Threat Intelligence grading gs H high Highlight HR http HTTPS identity impact implications implications for security in information infrastructure infrastructure services insights Instance integrated security Intel intelligence io Iron IRS issue k Key Kubernetes Kubernetes clusters Kubernetes Engine l law led Li line load M mac machine making malicious code malware man management Mandiant media metrics Mila mini Mir Misconfiguration misconfiguration risks misconfigurations mission ML Mode N namespace new NIST no o of off on one ons oS out over oversight Patch Patch Management per permissions play post potential Power powered pre premium features prioritization privilege privilege escalation pro proactive proactive approach product products professionals ps public R rag rate RCE re real red remediation resource resources review Risk risk factors risks Ro Role s safe sec secure secure environment security security and compliance security challenges Security Command Center security features security issues security oversight security posture Security Posture Dashboard security professionals security risk Security Risk Overview security risks service services severity Sig Sim software software engineer software engineering software flaw software flaws software vulnerabilities source space specific SSE storage T Tails target team Teams tech technology ted test text the threat threat intel threat intelligence threats Time to tool tools Tor TP trends trial two Uber up update upgrading US use user Users V val virtual virtual machine virtual machines visibility vulnerabilities vulnerability vulnerability prioritization Ware Well Wi widgets workload workloads x z