Automate your entire security workflow

With Policies you can create custom rules that determine how risk is addressed and analyzed. Block transactions from a specific IP address, challenge all new devices, or even combine multiple attributes to create a policy that is tailored to your business.

Create New Account
Sophisticated bot scoringNEW

From simple automated scripts to sophisticated emulators, our Bot Detection Engine analyzes hundreds of micro-signals and scans for automation and bot-like behavior.

Highly accurate ATO scoring

Not all bots are bad, and not all humans access their account through a browser. Castle's industry leading ATO Risk Scoring Engine accurately detects Account Takeovers.

Customizable risk signals

Tailor your policies further by selecting which signals our risk engine should look at. Choose from a wide range of signals, each representing a specific, actionable risk vector.

Built for your business

Define custom user segments, sort policies based on priority, and monitor before deploying. Every user base is unique therefore we provide the tools to manage yours accordingly.

Event Based Policies

Close the gap in your security

Whether it’s registration spam, credential stuffing, or carding, our Policies Engine can help you identify your challenge area and build fine-tuned policies to close the gap in your security.

No coding necessary

Policies can be fully managed from the Castle dashboard. Create, edit, test, and deploy all without pushing a single code change.

Risk based

Castle assigns a risk score to each event. Manage your threat response dynamically depending on the type of attack and where its occurring.

Synchronous verdicts

Get a decisive inline verdict of allow, challenge, or deny, to power a UX with varying levels of friction. With sub 50ms latency, running a security check is frictionless.

Flexible notifications engine

Alert your team via Slack or SIEM connections, or use Castle’s Webhooks to power contextual, user-facing emails. The right people are always in the know.


Custom policies for
the right user group

Select from a rich set of user, device, and event traits to craft perfect segmentations rules. Castle’s advanced segmentation engine truly allows for endless targeting possibilities to build custom policies against.

User properties

Define segments around your own user metadata, such as email domains, user type, or user role. Decrease friction during a free trial period, or tighten security for high value accounts.

Device properties

Castle provides enhanced device context out of the box. Build IP or User Agent allow or deny lists. Or target specific device types, origin country codes, or ISPs.

Event properties

Build policies aligned with your business logic by passing event-based metadata. Transactions or withdrawals above a certain amount, or comments that contain certain words can all be segmented for additional scrutiny.

Try for free

Get started in minutes

You can test and deploy a fully automated, user-centric approach to account security for free.

Create Free Account