With Policies you can create custom rules that determine how risk is addressed and analyzed. Block transactions from a specific IP address, challenge all new devices, or even combine multiple attributes to create a policy that is tailored to your business.Create New Account
From simple automated scripts to sophisticated emulators, our Bot Detection Engine analyzes hundreds of micro-signals and scans for automation and bot-like behavior.
Not all bots are bad, and not all humans access their account through a browser. Castle's industry leading ATO Risk Scoring Engine accurately detects Account Takeovers.
Tailor your policies further by selecting which signals our risk engine should look at. Choose from a wide range of signals, each representing a specific, actionable risk vector.
Define custom user segments, sort policies based on priority, and monitor before deploying. Every user base is unique therefore we provide the tools to manage yours accordingly.
Whether it’s registration spam, credential stuffing, or carding, our Policies Engine can help you identify your challenge area and build fine-tuned policies to close the gap in your security.
Policies can be fully managed from the Castle dashboard. Create, edit, test, and deploy all without pushing a single code change.
Castle assigns a risk score to each event. Manage your threat response dynamically depending on the type of attack and where its occurring.
Get a decisive inline verdict of allow, challenge, or deny, to power a UX with varying levels of friction. With sub 50ms latency, running a security check is frictionless.
Alert your team via Slack or SIEM connections, or use Castle’s Webhooks to power contextual, user-facing emails. The right people are always in the know.
Select from a rich set of user, device, and event traits to craft perfect segmentations rules. Castle’s advanced segmentation engine truly allows for endless targeting possibilities to build custom policies against.
Define segments around your own user metadata, such as email domains, user type, or user role. Decrease friction during a free trial period, or tighten security for high value accounts.
Castle provides enhanced device context out of the box. Build IP or User Agent allow or deny lists. Or target specific device types, origin country codes, or ISPs.
Build policies aligned with your business logic by passing event-based metadata. Transactions or withdrawals above a certain amount, or comments that contain certain words can all be segmented for additional scrutiny.
You can test and deploy a fully automated, user-centric approach to account security for free.Create Free Account