Case Study: BBVA achieves streamlined web and API security and zero‑day protection with Check Point Software's CloudGuard WAF

How BBVA Streamlined Its Web & API Security Across Cloud Native Mobile Banking Apps

BBVA, a global financial services group headquartered in Madrid with 50,000+ employees, needed enterprise-grade protection for a large, fast-growing portfolio of web apps, mobile banking services and APIs. The bank faced visibility and management challenges across complex and partly legacy environments, required support for cloud-native DevOps and CI/CD workflows, and wanted to reduce exposure to zero-day exploits without blocking legitimate traffic.

BBVA deployed Check Point CloudGuard WAF with Automated WAAP, using ML-based, pre-emptive protection (notably against Log4J) that minimizes tuning and signature updates. The solution provided a single dashboard for granular visibility and control, smooth integration with CSPs, IaC and CI/CD pipelines, and vendor support for large-scale rollout—resulting in reliable zero-day protection, easier operations, and safer global expansion of services.

BBVA

Felipe Rodero

Security Architect