BBVA, first European bank to rely on Google Chronicle: will analyze up to 10 TB of data daily to develop predictive security models

All BBVA’s security data will be stored in Chronicle, Google Cloud’s security analysis platform, with which the bank has signed a strategic agreement.

Analyzing up to ten TB per day

As Jorge Blanco, Global Head of Security Solutions at BBVA, explains, the information that will be uploaded to Google includes all logs, system telemetry and security information from all applications, both banking, internal and employee, as well as external ones. Similarly, it affects all data from the bank’s internal and external network.

The process of dumping all this information will be done gradually, so that there are several sources and origins of data, including also those of the public cloud, both in Google and in other providers of the bank.

The goal is for this process to be completed by 2021. Right now, five TB of information are analyzed every day with Chronicle, most of the data coming from basic communications infrastructures, such as DNS. BBVA estimates that this amount will double when all logs reside on Google’s platform.

The last sources to be added to the system will be those known as EDR (Endpoint Detection and Response) and which have to do with the jobs of the bank’s 130,000 employees. “They are the richest source of information and it is the one that will take us from 5 to 10 TB of information,” details Blanco.

It should be noted that all BBVA employees work, curiously, with Google’s office suite (Workspace), whose security data will therefore be among the last to be dumped and analyzed in Chronicle.

Machine Learning Models

Chronicle is Google Cloud’s security analysis platform. According to the company, it enables enterprise security teams to store and analyze all their security data in one place to detect and investigate threats on a large scale, without limitations on the amount of data or processing and without cost issues.

Cristina Pitarch, EMEA Director of Sales at Google Cloud’s Chronicle, explains that this security telemetry proposition enables all enterprise security data to be brought together, regardless of where it comes from. “The amount of security-related data is immense, and one of the problems that companies run into is that, in order to be fully covered, they have to analyze a lot of data. If you don’t take any of it into consideration, important details can be missed. At Chronicle we use at scale the power of Google to enable companies to analyze that data without making difficult decisions in terms of cost or data waiver.”

The goal of the agreement is to enable BBVA security personnel to create their own Machine Learning (ML) models to apply to security. One of Chronicle’s features is the ability, through the interface, for bank staff to be able to create AI models of threats. At the moment, the BBVA and Google engineering teams are working together. “The two teams will be working hand in hand on this interface, but the idea is that we will be autonomous, although some models come from the factory,” says Blanco.

This manager also assures that “it would be very difficult” to create these algorithms “if it were not in Chronicle. It allows us to scale both in volume of information and computational capacity,” adding that processing speed is one of the things he values most in this proposal.

The bank has been testing and customizing for some months now. “BBVA was interested in our solutions even before the European equipment was in place,” says Pitarch. “The pilot project has been very good, with a feeling of power. And, above all, of knowing that we are hand in hand with Google engineers. It’s not just the use of the platform, but the fact that we are working together,” emphasizes the BBVA security manager.

Focus on predictive security

Jorge Blanco says that the challenge is to be able to develop algorithms that are able to foresee what might happen and, therefore, anticipate.

In this approach, both companies agree that it is essential to collect information from the source and centralize it in one place in order to look for patterns. “The more complex the information, the more complex the algorithms we need,” says Blanco.

The BBVA security manager believes that most ML are unsupervised models that basically “look for the needle in the haystack. They process the information and anomalies are detected. This leads to alerts or incidents.

Meanwhile, the ad hoc models to be developed by BBVA will be supervised ML. “We are going to be able to program models that we want to apply to look for a specific threat. The good thing is not only to have data scientists, but also analysts to help us understand it,” specifies Blanco. “Once the models are trained and the false positives are fine-tuned to achieve quality, we will integrate these models with the alert systems, which will trigger actions that are usually automated,” he clarifies.

A strategic agreement

BBVA is the first European financial institution to trust Google to analyze all its security data. Although the economic terms have not been disclosed, Google is confident that this alliance will enable it to improve its Artificial Intelligence and Machine Learning models for the benefit of the rest of its customers.

For both, it is more than a strategic alliance. Cristina Pitarch assures that “all the collaboration we do will help us to improve our platform”, especially for other potential financial clients.

Finally, it should be noted that BBVA has one of its main lines of action with this technology in internal incidents. “One of the things we want to exploit is to detect insiders. Many of the logs are from internal systems and being able to analyze and anticipate these strange behaviors will be critical”.