Falcon for Google Cloud Platform

The CrowdStrike Falcon platform simply and effectively protects Google Cloud Platform (GCP) workloads, including containers
Request Information


Why Choose Falcon to Protect GCP Workloads

  • complex icon

    Automatically discover GCP workload footprints

    Gain insight into the scope and nature of your GCP resources, so you can secure all virtual machines, uncover and mitigate risks, and reduce the attack surface

  • triage icon

    Comprehensive visibility

    Comprehensive visibility into GCP workload events and compute instance metadata enables detection, response, proactive threat hunting and investigation, to ensure that nothing goes unseen in your cloud environments.

  • Native integration to simplify deployment

    Native integration to simplify deployment

    Google Cloud Operating System (OS) configuration integration automates CrowdStrike Falcon® agent deployment directly from GCP, without the need for custom scripts.

Technical Features

How Falcon Protects GCP Workloads

gcp workload dashboard in the falcon platform


  • Provides insight into your GCP footprint, so you can secure all compute instances, uncover and mitigate risks, and reduce the attack surface
  • Automatically discovers existing cloud workload deployments — without installing an agent — by enumerating GCP Compute Engine instances
  • Provides real-time information about compute resources, including context-rich metadata about compute instances by state, type, region and project, as well as public-facing compute instances, total compute disks, firewalls and networks for GCP
  • Identifies compute instances that are not protected by the CrowdStrike® Falcon platform

Download Cloud Security White Paper

an example gcp process tree in the falcon platform


  • Gathers GCP metadata at the compute instance level to easily identify owners of resources involved in an alert
  • Continuously monitors events to provide visibility into GCP workload activities, including activities running inside containers; a full set of enriched data and event details enables investigations against ephemeral and decommissioned workloads
  • Offers proactive threat hunting across all compute instances and endpoints from the same console
  • Detects and investigates attacks that span multiple environments and different types of workloads, pivoting from endpoint to compute instances to containers

DEMO: How CrowdStrike Increases Container Visibility

container configurations dashboard in the falcon platform


  • Container support includes Open Container Initiative (OCI)-based containers such as Docker, orchestration platforms such as self-managed Kubernetes and hosted orchestration platforms such as GKE (Google Kubernetes Engine) and OpenShift
  • Secures the GCP host and container via a single Falcon agent running on the host, and runtime protection defends containers against active attacks
  • Investigate container incidents easily when detections are associated with the specific container and not bundled with the host events
  • Captures container start, stop, image and runtime information, and all events generated inside the container, even if it only runs for a few seconds
  • Provides visibility into container footprint including on-premises and Google Compute Engine deployments, so you can easily view container usage — including trends, uptime, images used and configuration — to identify risky and misconfigured containers

Download Container Security Solution Brief

detections dashboard filtering for linux


  • Combines the best and latest technologies to protect against active attacks and threats when GCP workloads are the most vulnerable — at runtime
  • Includes custom indicators of attack (IOAs), whitelisting and blacklisting to tailor detection and prevention
  • Offers integrated threat intelligence to block known malicious activities and delivers the complete context of an attack, including attribution
  • Provides 24/7 managed threat hunting to ensure that stealthy attacks don’t go undetected

VIDEO: How CrowdStrike Protects Linux Hosts



Built in the cloud for the cloud, the Falcon platform eliminates friction to boost cloud security efficiency.

  • Google Cloud Operating System (OS) configuration integration automates Falcon agent deployment directly from GCP without the need for custom scripts
  • Powerful APIs allow automation of CrowdStrike Falcon functionality, including detection, management, response and intelligence
  • Chef and Puppet integrations support continuous integration/continuous delivery (CI/CD) deployment workflows
  • Operates with only a tiny footprint on the host and has almost zero impact on runtime performance, even when analyzing, searching and investigating
  • Flexible consumption-based and annual-based subscription models support agile business planning

Download the Deployment Guide

Product Validation

Customers That Trust CrowdStrike

Third-Party Validation

Since 2016, CrowdStrike has demonstrated a strong commitment to continuous industry collaboration, scrutiny, and testing. Time and time again, CrowdStrike has been independently certified to replace legacy solutions.

  • Positioned as a Leader

    Download this complimentary report to learn the analysis behind CrowdStrike’s positioning as a Leader and what we believe it could mean for your organization’s cybersecurity posture.

    Read the Report

  • Named a Leader

    Read this critical report to learn why CrowdStrike was named a “Leader” in the 2019 Forrester Wave with the top ranking in strategy and high scores in 17 criteria.

    Read the Report


    Learn why CrowdStrike scores highest overall out of 20 vendors for use case Type A or “forward leaning” organizations.

    Read the Report

Visit our third-party evaluations page to see how CrowdStrike performed against the industry’s most rigorous tests and trials.

Secure your Cloud Workloads and Containers

Falcon Cloud Workload Protection