We’re thrilled to share that the CrowdStrike Falcon® sensor now fully supports Google Cloud Run, bringing advanced security capabilities to your serverless applications. While we announced this at Google Cloud Next in April 2024, this blog goes deeper into the integration and shares how customers leveraging Google Cloud Run and CrowdStrike can deploy Falcon quickly to enhance their serverless security requirements.

To recap, Google Cloud Run offers a powerful, fully managed platform for deploying containerized applications that scale automatically with demand. However, the dynamic and ephemeral nature of serverless environments poses unique security challenges. With the Falcon sensor now integrated with Google Cloud Run, organizations can leverage CrowdStrike’s industry-leading protection to secure their serverless workloads.

Enhanced Security for Serverless Applications

By supporting Google Cloud Run, the Falcon sensor ensures that your serverless applications benefit from the same robust security measures that protect traditional and cloud-based workloads. The AI-native CrowdStrike Falcon® cybersecurity platform provides real-time threat detection, automated incident response and comprehensive visibility into your serverless environment. This integration helps you identify and mitigate threats before they can impact your applications, ensuring continuous protection across your entire cloud infrastructure.

Seamless Integration and Continuous Protection

Deploying the Falcon sensor on Google Cloud Run is straightforward and seamless, allowing you to integrate security into your DevOps processes without compromising performance or agility. The sensor automatically scales with your workloads, providing consistent protection as your application demand fluctuates. This ensures that your security posture remains strong, regardless of the size or complexity of your serverless deployments.

Empowering DevSecOps with Real-Time Insights

With this new support, DevSecOps teams can now gain real-time insights into the security status of their serverless applications running on Google Cloud Run. The Falcon platform’s advanced analytics and threat intelligence capabilities empower teams to make informed decisions, swiftly respond to incidents and continuously improve their security practices. This proactive approach helps organizations maintain a secure and resilient application environment, fostering innovation and agility.

We’re excited about this expansion and look forward to helping our customers enhance their security posture in serverless environments. For more information on how to deploy and configure the Falcon sensor on Google Cloud Run, Falcon platform customers can read this official documentation.

Deployment Overview

Google Cloud Run is a fully managed serverless compute platform built from Knative that enables customers to run containers without the need to manage the underlying infrastructure. You can run your containers either fully managed with Google Cloud Run or in your Kubernetes Engine cluster with Google Cloud Run on Anthos. In Google Cloud Run, customers can deploy applications as jobs or services. The Falcon container sensor for Linux supports both job and service deployments.

The Falcon container sensor for Linux can extend runtime security to container workloads in Google Cloud Run because it runs in the user space with no code running in the kernel or the worker node OS.

 

Deploying the Falcon container sensor for Linux to Google Cloud Run requires modification of the application container image. The Falcon container sensor image contains a Falcon utility that supports patching the application container image with Falcon container sensor for Linux and its related dependencies.

The Falcon container consists of two components:

1. The Falcon container sensor for Linux: At runtime, the Falcon container sensor for Linux is launched inside the application container of the service or job. It uses unique technology to run in the application context.
2. Falcon utility: The Falcon utility runs offline and takes the application container image as an input to generate a new container image patched with the Falcon container sensor for Linux and its related dependencies. The Falcon utility also sets the Falcon entry point as the container entry point.

Here is an overview of the installation workflow:

1. Create an API client Key
2. Get your CrowdStrike CID with checksum
3. Retrieve the sensor image and push to Google Registry
4. Run the Falcon utility to build a new image
5. Push the new image to the registry
6. Deploy the Falcon container sensor for Linux to Google Cloud Run
7. Verify the sensor deployment

Once verification is over, you’re ready to go. For customers leveraging Google Cloud Run and CrowdStrike, this process is designed to make it easy to follow and deploy.

Here’s a more detailed step-by-step guide for customers using Falcon Cloud Security.

Shaping the Future of Cloud Security

The powerful combination of AI-powered cloud services from Google Cloud and the unified protection and threat hunting capabilities of the Falcon platform provides the security that organizations need to stop breaches in multi-cloud and multi-vendor environments.

As cloud threats and technology continue to evolve, staying ahead of threats is paramount. Modern businesses need allies to protect their cloud-based resources, applications and data as their reliance on cloud technology continues to grow. This synergy between CrowdStrike and Google Cloud will shape the future of cloud technology and security, setting a new standard for protecting today’s cloud environments.

Additional Resources

• Learn how Falcon Cloud Security can protect your Google Cloud resources.
• See why Forrester named CrowdStrike a Leader in The Forrester Wave: Cloud Workload Security, Q1 2024.
• Get a free Cloud Security Health Check and experience Falcon Cloud Security in action for yourself.

CrowdStrike and Google Cloud today debuted an expanded strategic partnership with a series of announcements that demonstrate our ability to stop cloud breaches with industry-leading AI-powered protection. These new features and integrations are built to protect Google Cloud and multi-cloud customers against adversaries that are increasingly targeting cloud environments.

At a time when cloud intrusions are up 75% year-over-year and adversaries continue to gain speed and stealth, organizations must adjust their security strategies to stay ahead. They need a unified security platform that removes complexity and empowers security and DevOps teams. As organizations navigate the evolving threat and technology landscapes, they turn to providers like CrowdStrike for best-in-class protection from code to cloud, delivered through a unified platform.

Today we are announcing that CrowdStrike is bringing industry-leading breach protection with integrated offerings like CrowdStrike Falcon® Cloud Security, CrowdStrike Falcon® Next-Gen SIEM, CrowdStrike Falcon® Identity Protection and CrowdStrike Falcon endpoint protection bundles as preferred vendor products on Google Cloud Marketplace, accelerating time-to-value and our unified platform adoption for all Google Cloud customers. Now, more businesses than ever will have access to industry-leading security to protect their growing environments from the most advanced threats they face.

But that’s not all. CrowdStrike is innovating and leading to address the critical cloud security needs of today’s organizations by empowering them with unified visibility across their cloud environments, industry-leading threat detection and response, the ability to secure the application life cycle and prioritize remediation, and shift-left capabilities to prevent security issues early in development. Together with Google, we’re bringing these benefits to Google Cloud customers to stop breaches and protect their cloud environments from modern threats.

Below are some key announcements we’re excited to make at Google Cloud Next ’24.

Deeper Integrations

CrowdStrike Supports Google Cloud Run: CrowdStrike is providing support for organizations seeking to pair Google Cloud Run with Falcon Cloud Security. Today, we’re announcing deeper integrations and support for Google Cloud Run. Customers using Google Cloud Run to automatically scale containerized workloads and build container images will be able to secure those processes with Falcon Cloud Security, expanding their coverage and gaining world-class security at the speed of DevOps.

CrowdStrike Supports GKE Autopilot: Falcon Cloud Security now supports Google Kubernetes Engine (GKE) Autopilot, a critical automation tool for Kubernetes cluster deployments. Organizations operating with lean teams and resources can use GKE Autopilot and Falcon Cloud Security to identify critical risks, remediate them faster and run their business more efficiently.

Faster Breach Protection 

OS Configuration Support: Falcon Cloud Security will be able to support a single-click agent deployment to customers in Google Cloud with OS Config support. This support provides customers with a simple way to deploy the CrowdStrike Falcon® sensor across Google Cloud workloads for real-time visibility and breach protection in the cloud.

Enhanced Productivity

Falcon Cloud Security Kubernetes Admission Controller: Falcon Cloud Security is now the only cloud security tool on the market with a Kubernetes admission controller as part of a complete code-to-cloud, cloud-native application protection platform (CNAPP). Kubernetes admission controllers simplify the lives of DevSecOps teams by preventing non-compliant containers from deploying and allowing DevSecOps teams to easily stop frustrating crash loops — which cost developers and security teams valuable time — without writing complex Rego rules.

 

Google Workspace Bundles: CrowdStrike is now providing support to secure the millions of customers using the Google Workspace productivity suite with CrowdStrike’s leading endpoint security and next-generation antivirus protection.

CrowdStrike: Built to Protect Businesses in the Cloud

Our expanded strategic alliance with Google marks a significant milestone for cloud security. The powerful combination of AI-powered cloud services from Google Cloud and the unified protection and threat hunting capabilities of the AI-native CrowdStrike Falcon platform provides the security that organizations need to stop breaches in multi-cloud and multi-vendor environments.

As cloud threats and technology continue to evolve, staying ahead of threats is paramount. Modern businesses need a powerful and leading ally to protect their cloud-based resources, applications and data as their reliance on cloud technology continues to grow. This industry-defining synergy between CrowdStrike and Google Cloud — both leaders in their own right — will shape the future of cloud technology and security, setting a new standard for protecting today’s cloud environments.

Additional Resources

• Read the press release to learn more.
• Learn how Falcon Cloud Security can protect your Google Cloud resources.
• See why Forrester named CrowdStrike a Leader in The Forrester Wave: Cloud Workload Security, Q1 2024. 
• Get a free Cloud Security Health Check and experience Falcon Cloud Security in action for yourself.  

In the ever-evolving landscape of cloud security, staying ahead of the curve is paramount. Today, we are announcing an exciting enhancement: CrowdStrike Falcon® Cloud Security now supports Google Kubernetes Engine (GKE) Autopilot. This integration marks an important milestone in our commitment to providing cutting-edge DevSecOps-focused security and solutions for modern cloud environments.

This new capability will greatly expand support — customers who depend on Falcon Cloud Security to protect their Kuberbetes workloads can now deploy them in their clusters using GKE Autopilot, greatly simplifying their Kubernetes deployment process and saving time through automation.

A Paradigm Shift in Kubernetes Management

GKE Autopilot, a fully managed Kubernetes service by Google Cloud Platform (GCP), has revolutionized the way organizations deploy, manage and scale containerized applications. It simplifies the complexities of Kubernetes with unparalleled levels of automation, enabling teams to focus on application development and innovation rather than infrastructure management. As organizations increasingly adopt GKE Autopilot due to its efficiency and ease of use, ensuring the security of these dynamic environments is critical.

 

This enhancement to Falcon Cloud Security — known for its industry-leading cloud protection, threat intelligence and security operations capabilities — enables organizations to seamlessly secure their containerized workloads, providing a unified security solution across their cloud infrastructure.

 

What are the key benefits for GCP users? Falcon Cloud Security offers real-time detection and response, container security, broad visibility, time-saving automation tools and powerful threat intelligence built into cloud-specific indicators of misconfiguration (IOMs) and indicators of attack (IOAs) — all delivered from a scalable and adaptable platform. Below is a deeper look at some of the ways Falcon Cloud Security is securely powering GCP customers in their Kubernetes deployments.

Key Features and Benefits

• Real-time Threat Detection and Response:

• • Leverage CrowdStrike’s advanced threat detection capabilities to identify and respond to potential security threats in real time.

• • Gain visibility into containerized workloads running on GKE Autopilot, ensuring comprehensive security coverage.

• Containerized Workload Protection:

• • Extend Falcon’s protection to containerized environments, ensuring GKE Autopilot workloads are shielded from evolving cyber threats.

• • Implement container-aware security policies to maintain a secure and compliant Kubernetes environment.

• Automated Security:

• • Take advantage of CrowdStrike’s automation capabilities to streamline security operations in dynamic containerized environments.

• • Automate response actions based on predefined security policies, reducing manual intervention and enhancing overall efficiency.

• Threat Intelligence Integration:

• • Integrate CrowdStrike Falcon’s threat intelligence feeds to enhance the detection and prevention of known and emerging threats.

• • Stay ahead of attackers with up-to-date intelligence on the latest cyber threats and vulnerabilities.

• Scalable Security:

• • Adapt security measures dynamically as GKE Autopilot workloads scale, ensuring security grows seamlessly with your containerized applications.

• • Benefit from Falcon Cloud Security’s scalability, supporting the evolving needs of organizations with varying workloads.

 

Falcon Cloud Security becoming a trusted allowlist partner for GKE Autopilot builds on CrowdStrike’s growing and exciting partnership with Google. Organizations can confidently embrace the benefits of a fully managed Kubernetes service without compromising on security.

This synergy between leading-edge technologies empowers teams to innovate securely, safeguarding their containerized workloads from the ever-evolving threat landscape. As we continue to advance in the realm of cloud security, this collaboration sets a new standard for protecting modern cloud environments. Another recent collaboration, in addition to GKE Autopilot support, is OSConfig Support Enhancements. CrowdStrike has updated its OSConfig integration to ensure the broadest possible support for OS sensors with Falcon Cloud Security.

To learn more about how CrowdStrike Falcon Cloud Security can enhance the security of your GKE Autopilot workloads, visit our website or contact our sales team.

Additional Resources

• Determine your cloud security posture with a CrowdStrike Cloud Security Assessment.
• Identify threat activity in your cloud environment with a CrowdStrike Cloud Compromise Assessment.
• See for yourself how the industry-leading CrowdStrike Falcon platform protects against modern threats. Start your 15-day free trial today.