--- title: Google Cloud Service Extensions description: Secure your Google Cloud Load Balancers with Datadog App & API Protection. breadcrumbs: Docs > Integrations > Google Cloud Service Extensions --- # Google Cloud Service Extensions Supported OS Integration version1.0.0 {% callout %} # Important note for users on the following Datadog sites: us2.ddog-gov.com {% alert level="info" %} To find out if this integration is available in your organization, see your [Datadog Integrations](https://app.datadoghq.com/integrations) page or ask your organization administrator. To initiate an exception request to enable this integration for your organization, email [support@ddog-gov.com](mailto:support@ddog-gov.com). {% /alert %} {% /callout %} Datadog App & API Protection provides defense-in-depth security by monitoring both the Google Cloud Load Balancer and backend services, detecting and alerting on actual exploits and attacks.App & API Protection provides detailed Security Signals that show attack details, correlated trace spans, and response actions like IP blocking at the load balancer level.Datadog App & API Protection provides edge-level visibility into attack attempts, showing how malicious requests are detected and blocked at the Google Cloud Load Balancer before they can reach your backend services. ## Overview{% #overview %} Datadog App & API Protection extends visibility and inline threat mitigation to your Google Cloud Load Balancers using [Google Cloud Service Extensions](https://cloud.google.com/service-extensions/docs/overview). With this integration, you can detect and block attacks—such as API abuse, business logic exploitation, and code-layer threats—right at the edge of your cloud infrastructure. This integration provides: - Inline threat detection and blocking at the load balancer using Datadog Security Signals - Real-time insights into application-layer attacks - Edge enforcement against OWASP API threats, credential stuffing, injection attacks, etc. ## Setup{% #setup %} ### Installation{% #installation %} See [Enabling App & API Protection for GCP Service Extensions](https://docs.datadoghq.com/security/application_security/setup/gcp/service-extensions.md?source=gcp-se-tile-setup) for installation instructions. ### Validation{% #validation %} To validate the installation of this integration, send known attack patterns to your load balancer. For example, you can trigger the Security Scanner Detected rule by running the following curl script: ```sh for ((i=1;i<=250;i++)); do # Target existing service's routes curl https://your-load-balancer-url/existing-route -A dd-test-scanner-log; # Target non existing service's routes curl https://your-load-balancer-url/non-existing-route -A dd-test-scanner-log; done ``` A few minutes after you enable the service extension and send known attack patterns, threat information appears in the Application Signals Explorer. ## Troubleshooting{% #troubleshooting %} Need help? Contact [Datadog Support](https://docs.datadoghq.com/help/). ## Further Reading{% #further-reading %} - [Enabling App and API Protection for GCP Service Extensions](https://docs.datadoghq.com/security/application_security/setup/gcp/service-extensions.md?source=gcp-se-tile-deepdive) - [Secure your APIs via Envoy, Istio, NGINX, HAProxy, and more with Datadog App and API Protection](https://www.datadoghq.com/blog/app-api-protection-envoy-istio-nginx-haproxy/) - [Service Extensions overview | Google Cloud Documentation](https://cloud.google.com/service-extensions/docs/overview)