Complexity has become a defining security challenge as organizations expand across hybrid and multi-cloud environments. In fact, 52% of surveyed organizations ranked multi/hybrid cloud complexity among their top three infrastructure concerns.1 This complexity creates fragmented visibility across cloud providers, workloads, and Kubernetes environments — gaps that adversaries increasingly exploit to move undetected.
Cloud-conscious intrusions rose 37% year-over-year in 2025, the CrowdStrike 2026 Global Threat Report found. Emerging eCrime adversaries are advancing their tactics to abuse trusted relationships and compromise downstream victims. Adversaries are also accelerating — the fastest observed eCrime breakout time was just 27 seconds — leaving little room for delayed detection and response.
Yet with the tooling available today, this remains difficult in practice. Three key gaps persist:
- Fragmented runtime visibility: Limited or siloed visibility across multi-cloud environments slows investigation and obscures attacker activity.
- Delayed detection and response: Reliance on log post-processing introduces lag, giving adversaries time to move laterally and establish persistence.
- Kubernetes control plane blind spots: Limited visibility into the Kubernetes API layer allows attackers to abuse legitimate actions to escalate privileges and modify configurations without triggering traditional defenses.
Closing these gaps requires a cloud-native application protection platform (CNAPP) approach that extends beyond posture management to deliver real-time, unified detection and response across cloud environments.
Today, we’re introducing expanded real-time cloud detection and response (CDR) support for Google Cloud, along with new Kubernetes threat detections for Google Kubernetes Engine (GKE). These innovations are designed to close critical visibility gaps and enable faster detection and response to modern cloud threats.
We’re also extending the CrowdStrike Falcon® platform to regional Google Cloud infrastructure, enabling organizations to adopt and consolidate on the industry’s leading AI-native cybersecurity platform using the underlying cloud provider that best aligns to their operational and data sovereignty requirements.
With these new innovations, CrowdStrike continues to advance its mission of helping organizations stop cloud breaches across hybrid and multi-cloud environments.
Real-Time CDR for Google Cloud: Expanding Detection and Response Across Multi-Cloud Environments
CrowdStrike Falcon® Cloud Security now extends real-time CDR to Google Cloud, in addition to support for AWS, delivering unified, real-time detection and response across multi-cloud environments. By bringing Google Cloud activity into a single detection pipeline, security teams gain visibility into attacker behavior across their multi-cloud attack surface and eliminate the gaps of fragmented visibility that adversaries leverage.
Many approaches to processing agentless cloud telemetry introduce delays in detection. Falcon Cloud Security analyzes Google Cloud activity as it happens and instantly applies detections. This enables SOC teams to identify malicious cloud activity in seconds and interrupt attacker activity before it can progress, reducing dwell time and limiting potential blast radius.
CrowdStrike powers CDR with the breadth of the broader Falcon platform, in which teams can correlate cloud telemetry with sensor activity and threat intelligence, and accelerate with CrowdStrike® Charlotte AI for deeper threat hunting and faster investigations.
With multi-cloud support, CrowdStrike continues to lead as the only CNAPP delivering real-time, cross-cloud detection and response designed to stop breaches.
Watch it in action in this demo:
This new capability is in beta and will be generally available in the coming months.
Kubernetes Threat Detection: Exposing Attacker Activity in the Control Plane
As organizations increasingly rely on Kubernetes to run mission-critical and AI-driven applications, visibility into the control plane has become essential to stopping modern attacks. Without it, adversaries can operate through legitimate orchestration workflows and bypass traditional runtime defenses to remain undetected.
Falcon Cloud Security now extends detection coverage into the Kubernetes control plane to provide visibility into attacker activity within the orchestration layer that manages and deploys workloads. While the Falcon sensor protects the runtime environment, Kubernetes threat detection enhances coverage by ingesting and monitoring Kubernetes audit logs to expose how adversaries exploit resources — such as service accounts or secrets — to gain access, escalate privileges, and maintain persistence beyond the workload.
Each detection is enriched with cloud, workload, and identity context and correlated across the Falcon platform so security teams can trace attacker activity across Kubernetes and the broader cloud environment. This allows teams to connect control plane actions with runtime behavior and identity activity, and gain a unified view of how attacks unfold across domains.
By extending detection into the control plane, Falcon Cloud Security provides comprehensive Kubernetes protection that helps organizations detect and stop attacks that would otherwise remain hidden.
