Castle Unveils Industry's First Identity-Aware Bot Detection

San Francisco, CA – March 12, 2020 – Castle, the consumer identity protection company, today announced Identity-Aware Bot Detection, an industry-first product for protecting organizations against advanced bot attacks while maintaining the optimal customer experience.

Technology advancements have made it easier for organizations to identify conventional botnet attacks that use large-scale denial of service (DDoS). As a result, bot attacks have grown increasingly more complex and stealthy by mimicking legitimate user behavior, bypassing traditional perimeter technology, such as DoS security vendors. According to the 2019 Data Breach Quickview Security Report, there were more than 7,098 breaches reported in the past year that exposed over 15.1 billion records: most of which were access credentials. Bots are increasingly targeting user accounts and credentials because of the wider variety of fraudulent activities that can be performed with this data.

Unlike traditional bot detection vendors that struggle to distinguish legitimate user behavior from bot attacks, Castle protects organizations against the most advanced techniques by bringing together analytics about a user’s identity with traditional bot risk signals. While other anti-bot offerings are parsing through web traffic and attempting to understand attack signatures and patterns, Castle offers higher accuracy by analyzing these risk signals in conjunction with real-time identity behavioral analysis. As a result, Castle is able to stop attacks like account takeovers, fake account creations, and credit card stuffing, while reducing false positives by tying users to their devices and application activity, regardless of location – mobile, web or API.

“As a fast-growth fintech company, we are offering innovative ways for our investors to help generate wealth with alternative investment products. This involves large transactions in investors’ accounts, so securing every investor from compromise is a top priority,” stated Marcus Brito, Director of Engineering at Yieldstreet. “Our user base is a collection of accredited investors and a single compromise could undermine investors’ trust and loyalty. However, too much security friction could make it difficult for our investors to get any functionality out of our web and mobile applications.”

Brito continues, “Working with Castle has been a breeze, docs were very easy to navigate, and the integration was fast and painless, allowing us to protect against bot attacks on both web and mobile. Castle’s approach to stepping up security challenges based on both bot signals and dynamic behavioral context of each investor event made them the obvious choice in protecting against small- and large-scale automated attacks.”

Castle brings together security, fraud, and customer experience by giving organizations the ability to see user risk and exercise control over all account activity. Castle helps address the risk of botnets committing identity fraud at every stage of the customer lifecycle: from assessing risk at account creation to verifying user identity at login to requiring strong identity verification at password reset. Many of Castle’s defenses are continuous and invisible to end-users, allowing for fraud mitigation that is as seamless as it is secure.

“Fraud and security teams are being tasked with not only reducing high-friction fraud screening, but adding strong remediation methods when attacks are discovered on user accounts,” stated Sebastian Wallin, CTO and Co-Founder of Castle. “Previously this has left many organizations with a difficult choice of providing security or usability. With Castle Identity-Aware Bot Detection, organizations – for the first time - have the ability to address all identity protection blind spots while providing frictionless remediation. We are giving our customers the ability to dramatically improve bot detection accuracy without compromising the user experience.”

To learn more about Castle’s new approach to protecting organizations from advanced bot attacks, please see the latest blog and datasheet, and register for the “Beating Bad Bots by Knowing Good Users” webinar on April 8, 2020.

About Castle

Castle redefines consumer security by protecting a user’s identity from account takeovers, fake account creation, and other types of identity threats throughout their entire journey with your digital business. Instead of focusing exclusively on the threat, Castle puts user experience at the center of the security model by enabling good behavior as well as stopping bad behavior. With risk-based authentication, bot detection, and custom risk policies, Castle offers real-time consumer identity protection that optimizes the customer experience. Castle is headquartered in San Francisco, CA with offices in Malmo, Sweden and Krakow, Poland. For more information, please visit

Try for free

Get started in minutes

You can test and deploy a fully automated, user-centric approach to account security for free.

Create Free Account