Castle provides orgs with more flexibility in managing account security risk
Castle, the user-centric account security company, announced it has enhanced its platform with Castle Risk Policies, providing organizations with more flexibility in managing account security risk while optimizing the user experience.
Today, attackers are continuously developing more sophisticated techniques for taking over user accounts. Castle protects an organization’s users from human-powered account takeovers, automated credential stuffing, risky user transactions and attacks that rely on humans or bots impersonating valid users.
With Castle, instead of simply being locked out of an account with no context, users can actively participate in low-friction security that keeps accounts safe. Continuous user insights and behavioral analytics allow organizations to respond to threats in real-time with risk-based authentication and automated workflows for end-to-end account recovery.
“Castle’s mission is to make consumers’ online accounts more secure everywhere,” said Johan Brissmyr, co-founder and CEO of Castle.
“In an effort to give our customers the most comprehensive security solution without compromising the user experience, we’ve added Risk Policies. Organizations need to reduce both friction and risk.
“When there are scenarios that carry more risk than normal, they need flexibility. Risk Policies gives them that flexibility to fine tune risk logic and response that better aligns with the needs of the business.”
With Castle Risk Policies, customers have the ability to custom-design segmented user journeys and apply granular response and remediation flows based on risk tolerance.
Policies are built around a combination of personas, user traits, critical events, application actions, device context, and more, in order to adjust the outcome of events and influence if an event will result in an allow, challenge or deny.
With customized logic, risk scores, and responses, organizations can highly optimize the user experience yet closely align it with risk tolerance and business objectives.
Building a custom Castle Risk Policy is simple. First, organizations determine which scenarios – user, device, event traits – are most critical to the organization. Once the policy is defined, companies clarify a custom risk engine to increase or decrease friction for the segment.
This is done by defining low, medium, and high risk tiers in which companies can set risk score thresholds and associate specific threat signals to a given tier. Finally, companies define how to respond to each scenario by establishing custom inline and out-of-band response rules for each tier of their new risk policy.