We’re excited to share that the CrowdStrike Falcon® sensor now fully supports Google Cloud Run, providing advanced security capabilities for your serverless applications. While we announced this at Google Cloud Next in April 2024, this blog post dives deeper into the integration and shares how customers leveraging Google Cloud Run and CrowdStrike can quickly deploy Falcon to improve their serverless security requirements.
In short, Google Cloud Run provides a powerful, fully managed platform for deploying containerized applications that automatically scale with demand. However, the dynamic and transient nature of serverless environments poses unique security challenges. With Falcon Sensor now integrated with Google Cloud Run, organizations can leverage industry-leading protection from CrowdStrike to secure their serverless workloads.
Figure 1. Google Cloud Run across containers is shown in the Falcon console.
Enhanced security for serverless applications
With support for Google Cloud Run, Falcon Sensor ensures that your serverless applications benefit from the same robust security measures that protect traditional, cloud-based workloads. The CrowdStrike Falcon® AI-powered cybersecurity platform provides real-time threat detection, automated incident response, and end-to-end visibility into your serverless environment. This integration helps you identify and mitigate threats before they impact your applications, ensuring continuous protection across your entire cloud infrastructure.
Figure 2. The CrowdStrike Falcon® Cloud Security host management dashboard shares information about Google Cloud Run services.
Seamless integration and continuous protection
Deploying Falcon Sensor on Google Cloud Run is easy and straightforward, allowing you to integrate security into your DevOps operations without compromising performance or flexibility. The sensor automatically scales with your workloads, providing consistent protection as your application demand fluctuates. This ensures that your security posture remains strong, regardless of the size or complexity of your serverless deployments.
Figure 3. Container sensor runtime security for Google Cloud Run services in Falcon console.
Enable DevSecOps with Real-Time Insights
With this new support, DevSecOps teams can now gain real-time insights into the security state of their serverless applications running on Google Cloud Run. Falcon’s advanced analytics and threat intelligence capabilities enable teams to make informed decisions, respond quickly to incidents, and continually improve their security practices. This proactive approach helps organizations maintain a secure and resilient application environment, fostering innovation and resilience.
We are excited about this expansion and look forward to helping our customers improve their security posture in serverless environments. For more information on how to deploy and configure Falcon sensors on Google Cloud Run, Falcon platform customers can read this official documentation.
Figure 4. The Kubernetes and Containers inventory dashboard in Falcon Cloud Security is where you can find and discover Google Cloud Run service monitoring.
Publishing Overview
Google Cloud Run is a fully managed serverless computing platform built on Knative that enables customers to run containers without having to manage underlying infrastructure. You can run your containers either fully managed with Google Cloud Run or in your own Kubernetes Engine cluster using Google Cloud Run on Anthos. With Google Cloud Run, customers can deploy applications as functions or services. Falcon Container Sensor for Linux supports both function and service deployment.
Falcon Container Sensor for Linux can extend runtime security to Google Cloud Run container workloads because it runs in user space without running any code in the system kernel or worker node OS.
Figure 5. How to deploy Falcon Sensor to secure Google Cloud Run-powered containers.
Deploying Falcon Container Sensor for Linux to Google Cloud Run requires modifying the application container image. The Falcon Container Sensor image contains a Falcon utility that supports debugging the application container image using Falcon Container Sensor for Linux and its associated dependencies.
The Falcon container consists of two elements:
Falcon Container Sensor for Linux: At runtime, Falcon Container Sensor for Linux runs inside the application container for the service or task. It uses a unique technique to run in the context of the application. Falcon Tool: Falcon Tool runs offline and takes the application container image as input to generate a new container image patched with Falcon Container Sensor for Linux and its associated dependencies. Falcon Tool also sets the Falcon entry point as the container entry point.
Here is an overview of the installation workflow:
Generate API Client Key Get CrowdStrike CID with checksum Retrieve sensor image and push it to Google Registry Run Falcon tool to build new image Push new image to Registry Deploy Falcon container sensor for Linux to Google Cloud Run sensor deployment verification
Once the verification process is complete, you're ready to go. For customers using Google Cloud Run and CrowdStrike, this process is designed to make it easy to follow and deploy.
Below is a more detailed step-by-step guide for customers using Falcon Cloud Security.
Shaping the Future of Cloud Security
The powerful combination of Google Cloud's AI-powered cloud services and Falcon's unified protection and threat hunting capabilities provides the security organizations need to stop breaches across multi-cloud, multi-vendor environments.
As threats and cloud technologies continue to evolve, staying ahead of the threat landscape is critical. Modern businesses need allies to protect their cloud-based resources, applications, and data as their reliance on cloud technology continues to grow. This synergy between CrowdStrike and Google Cloud will shape the future of cloud technology and security, setting a new standard for protecting today’s cloud environments.
