WEBINAR - How to reduce risk and prevent account takeover. Learn more
Close
Press Release
Castle Expands User-Centric Account Security Platform with Risk Policies
November 18, 2019

Enables organizations to create custom policies tailored to business objectives and risk tolerance, while optimizing the user experience

November 18, 2019 – San Francisco, CA–Castle, the user-centric account security company, today announced it has enhanced its platform with Castle Risk Policies, providing organizations with more flexibility in managing account security risk while optimizing the user experience.

Today, attackers are continuously developing more sophisticated techniques for taking over user accounts. Castle protects an organization’s users from human-powered account takeovers, automated credential stuffing, risky user transactions and attacks that rely on humans or bots impersonating valid users. With Castle, instead of simply being locked out of an account with no context, users can actively participate in low-friction security that keeps accounts safe. Continuous user insights and behavioral analytics allow organizations to respond to threats in real-time with risk-based authentication and automated workflows for end-to-end account recovery.

“Castle’s mission is to make consumers’ online accounts more secure everywhere,” said Johan Brissmyr, co-founder and CEO of Castle. “In an effort to give our customers the most comprehensive security solution without compromising the user experience, we’ve added Risk Policies. Organizations need to reduce both friction and risk. When there are scenarios that carry more risk than normal, they need flexibility. Risk Policies gives them that flexibility to fine tune risk logic and response that better aligns with the needs of the business.”

With Castle Risk Policies, customers have the ability to custom-design segmented user journeys and apply granular response and remediation flows based on risk tolerance. Policies are built around a combination of personas, user traits, critical events, application actions, device context, and more, in order to adjust the outcome of events and influence if an event will result in an allow, challenge or deny. With customized logic, risk scores, and responses, organizations can highly optimize the user experience yet closely align it with risk tolerance and business objectives.

Building a custom Castle Risk Policy is simple. First, organizations determine which scenarios - user, device, event traits - are most critical to the organization. Once the policy is defined, companies clarify a custom risk engine to increase or decrease friction for the segment. This is done by defining low, medium, and high risk tiers in which companies can set risk score thresholds and associate specific threat signals to a given tier. Finally, companies define how to respond to each scenario by establishing custom inline and out-of-band response rules for each tier of their new risk policy.

For more information, please see Castle Risk Policies.

About Castle

Castle helps businesses keep their customers’ online accounts safe from human-powered account takeovers, automated credential stuffing, risky user transactions and other attacks impersonating users. Castle’s user-centric approach to account security allows organizations to fully automate threat response and account recovery in real-time with risk-based authentication, granular access policies, and custom workflows for end-to-end account recovery. Unlike traditional solutions, Castle gives users the ability to actively participate in their own account security to keep safe. Castle has also removed complexity for security teams with an easy-to-use, fully automated and developer-friendly solution that enables strong security and keeps user satisfaction at the forefront. Castle is headquartered in San Francisco, CA with offices in Malmo, Sweden and Krakow, Poland.