CrowdStrike Expands Real-Time Cloud Detection and Response to Google Cloud

BLOG Featured Recent Video Category Start Free Trial CrowdStrike Expands Real-Time Cloud Detection and Response to Google Cloud CrowdStrike expands cloud runtime security leadership and enables defenders to stop cloud breaches in seconds across hybrid and multi-cloud environments. April 22, 2026 | Karishma Asthana - Grace Ural | Cloud & Application Security Complexity has become a defining security challenge as organizations expand across hybrid and multi-cloud environments. In fact, 52% of surveyed organizations ranked multi/hybrid cloud complexity among their top three infrastructure concerns.1 This complexity creates fragmented visibility across cloud providers, workloads, and Kubernetes environments — gaps that adversaries increasingly exploit to move undetected. Cloud-conscious intrusions rose 37% year-over-year in 2025, the CrowdStrike 2026 Global Threat Report found. Emerging eCrime adversaries are advancing their tactics to abuse trusted relationships and compromise downstream victims. Adversaries are also accelerating — the fastest observed eCrime breakout time was just 27 seconds — leaving little room for delayed detection and response. Yet with the tooling available today, this remains difficult in practice. Three key gaps persist: Fragmented runtime visibility: Limited or siloed visibility across multi-cloud environments slows investigation and obscures attacker activity. Delayed detection and response: Reliance on log post-processing introduces lag, giving adversaries time to move laterally and establish persistence. Kubernetes control plane blind spots: Limited visibility into the Kubernetes API layer allows attackers to abuse legitimate actions to escalate privileges and modify configurations without triggering traditional defenses. Closing these gaps requires a cloud-native application protection platform (CNAPP) approach that extends beyond posture management to deliver real-time, unified detection and response across cloud environments. Today, we’re introducing expanded real-time cloud detection and response (CDR) support for Google Cloud, along with new Kubernetes threat detections for Google Kubernetes Engine (GKE). These innovations are designed to close critical visibility gaps and enable faster detection and response to modern cloud threats. We’re also extending the CrowdStrike Falcon® platform to regional Google Cloud infrastructure, enabling organizations to adopt and consolidate on the industry’s leading AI-native cybersecurity platform using the underlying cloud provider that best aligns to their operational and data sovereignty requirements.  With these new innovations, CrowdStrike continues to advance its mission of helping organizations stop cloud breaches across hybrid and multi-cloud environments. Real-Time CDR for Google Cloud: Expanding Detection and Response Across Multi-Cloud Environments CrowdStrike Falcon® Cloud Security now extends real-time CDR to Google Cloud, in addition to support for AWS, delivering unified, real-time detection and response across multi-cloud environments. By bringing Google Cloud activity into a single detection pipeline, security teams gain visibility into attacker behavior across their multi-cloud attack surface and eliminate the gaps of fragmented visibility that adversaries leverage. Many approaches to processing agentless cloud telemetry introduce delays in detection. Falcon Cloud Security analyzes Google Cloud activity as it happens and instantly applies detections. This enables SOC teams to identify malicious cloud activity in seconds and interrupt attacker activity before it can progress, reducing dwell time and limiting potential blast radius.  CrowdStrike powers CDR with the breadth of the broader Falcon platform, in which teams can correlate cloud telemetry with sensor activity and threat intelligence, and accelerate with CrowdStrike® Charlotte AI™ for deeper threat hunting and faster investigations. With multi-cloud support, CrowdStrike continues to lead as the only CNAPP delivering real-time, cross-cloud detection and response designed to stop breaches. Watch it in action in this demo: This new capability is in beta and will be generally available in the coming months. Kubernetes Threat Detection: Exposing Attacker Activity in the Control Plane As organizations increasingly rely on Kubernetes to run mission-critical and AI-driven applications, visibility into the control plane has become essential to stopping modern attacks. Without it, adversaries can operate through legitimate orchestration workflows and bypass traditional runtime defenses to remain undetected. Falcon Cloud Security now extends detection coverage into the Kubernetes control plane to provide visibility into attacker activity within the orchestration layer that manages and deploys workloads. While the Falcon sensor protects the runtime environment, Kubernetes threat detection enhances coverage by ingesting and monitoring Kubernetes audit logs to expose how adversaries exploit resources — such as service accounts or secrets — to gain access, escalate privileges, and maintain persistence beyond the workload. Each detection is enriched with cloud, workload, and identity context and correlated across the Falcon platform so security teams can trace attacker activity across Kubernetes and the broader cloud environment. This allows teams to connect control plane actions with runtime behavior and identity activity, and gain a unified view of how attacks unfold across domains. By extending detection into the control plane, Falcon Cloud Security provides comprehensive Kubernetes protection that helps organizations detect and stop attacks that would otherwise remain hidden. Figure 1. Kubernetes detections are enriched with cloud, workload, and identity context This new capability is generally available. CrowdStrike Expands Falcon Platform to Google Cloud CrowdStrike is extending the Falcon platform to Google Cloud regional infrastructure, delivering the multi-cloud flexibility global organizations demand. Starting next quarter, organizations can consolidate their security stack on the unified Falcon platform without being tethered to a specific cloud provider or forced to manage fragmented security across diverse environments.  Multi-cloud flexibility enables data to be processed, correlated, and acted on within regional environments to help meet strict operational and sovereignty requirements. This architecture anchors data residency within regional boundaries while maintaining unified global intelligence, helping companies stop breaches in a world where attacks do not respect borders. Stop Breaches with Unified Cloud Coverage These innovations in Falcon Cloud Security deliver unified detection and response across multi-cloud environments and every layer of the cloud stack. From real-time CDR for Google Cloud to deep visibility into the Kubernetes control plane, organizations gain the coverage needed to close blind spots and track attacker behavior end to end. With added availability for Google Cloud regional infrastructure, organizations can achieve this level of protection while working to meet data residency and operational requirements without fragmenting their security stack. Together, these capabilities enable security teams to detect threats earlier, accelerate investigations, and stop attacks before they escalate into breaches, making CrowdStrike the platform of choice for securing modern cloud environments. Additional Resources Fal.Con 2026 registration is now open. Join us in Las Vegas to explore what’s next in cybersecurity. Learn more about CDR with CrowdStrike on our product page. Download the Cloud Detection and Response Survival Guide for the SOC to strengthen your CDR approach. Check out how CrowdStrike Falcon Cloud Security performed in MITRE’s first-ever cloud evaluation: 2025 MITRE ATT&CK® Enterprise Evaluations. Forward-Looking Statements This blog may include discussion of unreleased services or features. Any unreleased services or features referenced here are still in development and subject to change. Customers should make their purchase decisions based upon features that are currently available. 1 HashiCorp 2025 Cloud Complexity Report Tweet Share CrowdStrike 2026 Global Threat Report AI threats have reached a critical turning point. Access the definitive look at the cyber threat landscape. Download Related Content CrowdStrike Falcon Cloud Security Delivered 264% ROI Through Unified Cloud Protection CrowdStrike Advances CNAPP with Industry-First Adversary-Informed Risk Prioritization Advanced Web Shell Detection and Prevention: A Deep Dive into CrowdStrike's Linux Sensor Capabilities CATEGORIES Agentic SOC 50 Cloud & Application Security 142 Data Protection 22 Endpoint Security & XDR 353 Engineering & Tech 86 Executive Viewpoint 180 Exposure Management 118 From The Front Lines 203 Next-Gen Identity Security 68 Next-Gen SIEM & Log Management 113 Public Sector 42 Securing AI 28 Threat Hunting & Intel 212 CONNECT WITH US FEATURED ARTICLES April 22, 2026 April 22, 2026 April 21, 2026 April 21, 2026 SUBSCRIBE Sign up now to receive the latest notifications and updates from CrowdStrike. Sign Up CrowdStrike Falcon Cloud Security Delivered 264% ROI Through Unified Cloud Protection Copyright © 2026 CrowdStrike Privacy Request Info Blog Contact Us 1.888.512.8906 Accessibility ABOUT COOKIES ON THIS SITE In order to provide you with the most relevant content and best browser experience, we use cookies to remember and store information about how you use our website. See how we use this information in our Privacy Notice and more information about cookies in our Cookie Notice. Privacy Preference Center Privacy Preference Center Your Privacy Strictly Necessary Cookies Performance Cookies Functional Cookies Targeting Cookies Your Privacy When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer. More information Strictly Necessary Cookies Always Active These cookies are necessary for the website to function and cannot be switched off in our systems. They may be set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies may process limited personal information, such as technical or device identifiers, where necessary to ensure the security, functionality, and integrity of the website or web portal. Such processing is strictly limited to what is required for these purposes and is not used for advertising or marketing. Cookies Details Performance Cookies Performance Cookies These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore does not identify you. If you do not allow these cookies, your visit to our website will not be included in our analytics, and our ability to monitor website performance and make improvements will be reduced. Cookies Details Functional Cookies Functional Cookies These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly. Cookies Details Targeting Cookies Targeting Cookies These cookies may be set on our site by our advertising partners. They assign a unique identifier to your browser or device and may track your activity across sites to build a profile of your interests and show you relevant adverts on other sites. If you do not allow these cookies, you will still see ads, but they may be less relevant to you. Cookies Details Cookie List Consent Leg.Interest checkbox label label checkbox label label checkbox label label Clear checkbox label label Apply Cancel Confirm My Choices Allow All