Castle - The easiest way to protect your users from getting hacked

by

Add a comment

Replies

Best
Thanks Justin for launching Castle to the world! Hi Product Hunters! Johan, co-founder of Castle here. Castle protects your users from being hacked. You track events in your web and mobile apps, and we analyze device, location and usage patterns to make sure they are consistent for each user. You’ll get a Slack notification or email when a user acts out of the ordinary, e.g. they log in from a distant country, repeatedly fails to log in, or change their password from a recently added device. Use the dashboard to see live user activity, and filter on properties like Tor, proxy or bot-like browsing. We have lots of plans for improving the product: more 3rd-party integrations, built-in 2FA/captcha, Gmail-style login notifications. Would love to hear your feedback! Product Hunters get 50% off your first 6 months! Cheers!
great stuff! reminds me a bit of siftscience.com but applied to security. Do you track users across your entire customer base for even deeper analysis, or is there a wall between each customer?
Sift Science is awesome and we're really inspired by how they transformed the anti-fraud tool into something modern and easy to use, both for customers and developers. Castle looks across sites for patterns of whats normal globally e.g. in terms of browsing speed, browser configuration, number of IPs per user, etc, and then use those anonymous stats to find anomalies in each app and user account.
If I ran a startup today, I would use this and sleep better at night.
You already are. In fact you're running the ultimate startup :-)
Met these guys about a year and a half ago. and his co-founder are really nice and sharp entrepreneurs.
thanks, your too kind!
Wow, fantastic idea. With startups growing so fast and often under resourced security often isn't prioritised, certainly not enough to build the kind of security and alerts the likes of Facebook and Google have at their disposal. If this is as easy to integrate as it looks then this is a big step in the right direction!
Thanks James! What we've seen is that startups actually care about security but time isn't allocated. We thought we might be able to hack this by making it dead simple to get started with the analytics part and gradually expand into further integrations, notifications, rules etc as you see results.
We've been using Castle for a while now at Naritiv and we love it. It makes it super easy to understand user signup and flow, devices they're using, and keeping our users' security in check. Great job and on the launch!!
In the middle of getting our Segment set up. Any chance of an integration in the near future?
Awesome Evan! We're working on it as we speak. Really excited about the single-click Segment installation button.
Dope!
Castle looks great Johan. Congrats on your launch! Do you also have a mechanism to track/alert if there is a suspected attempt at scraping data or information off web pages?
Thank you! Currently we try to stay away from external fraud such as web scraping, and in fact most fraud that isn't associated with user account takeover. Scraping, and bots fiddling around with your external APIs is pretty much addressed by other products. In the future we would like to expand into those areas however. Siftery looks pretty amazing by the way. Would love to be on your list!
Cool! Will be very useful fore something I'm working on right now. Does it detect different users that are sharing the same account?
We detect when there are multiple device active on the same account simultaneously and generate a signal which you'll see in the interface. We don't yet *classify* a user as an account sharer but we try to make it easier to spot them.
This is a great idea. I can really see a place for this in the B2B SaaS space.
Thanks. Actually that's our primary focus. There are so many B2B SaaS out there that aren't necessarily financial or health care services, but their customers are still high-value/risk.
Great product! Any plans of integrating something like into your system? Some way to flag users as at risk because they've been previously hacked somewhere else, or their information has been leaked etc.
That's a fantastic idea! We could even add that as a signal to our scoring so that people with compromised credentials would have a higher risk level when suspicious activity is detected. One issue might be that the compromised users aren't necessarily using the same password at your site. But maybe that's not a problem.
123
Next
Last