Castle Raises $2M for Account Takeover Technology

Castle aims to make it easier to detect online fraud. The funding will be used to help the company grow its engineering and go-to-market efforts.

Download the authoritative guide: The Ultimate Guide to IT Security Vendors

Castle, account takeover

Security vendor Castle announced on Nov. 9 that it raised a $2 million seed round of funding from First Round Capital with participation from F-Prime Capital and FundersClub.

Castle graduated from the Y Combinator cyber accelerator six months ago, bringing its account takeover technology to market. The seed funding will be used to help grow the early stage company's engineering as well as go-to-market efforts.

The idea behind Castle is to make security capabilities easy to deploy and use, explained Johan Brissmyr, CEO and co-founder. "Organizations just need to take a JavaScript snippet and put it on their website," Brissmyr told eWEEK. "Once the JavaScript is deployed, we build a behavioral profile for each individual user."

The Castle technology learns usage and activity patterns from the user behavior, including how users interact with a given site. Once the user behavior profile has been built, Castle looks for outliers and deviations to help identify potential risks.

Identifying potential malicious behavior is one thing, but actually blocking users is another. Castle has three basic levels of risk categorization: unusual, suspicious and malicious, Brissmyr explained. Based on the level of risk (with unusual being the lowest level), Castle will provide an appropriate response. At the lowest risk level, the response is typically some form of email.

"I think the magic is not to actually freak out end users," Brissmyr said.

The outbound email needs to be worded and presented in a non-threatening way that won't scare users, Brissmyr said, adding that a non-threatening email tells users that everything is fine, but "oh, by the way" there was something that occurred with the user account that hadn't been seen before. The email will tell the user that the unknown action was probably generated by the user, but if it wasn't, it can be reported, he said.

Additionally, for the higher risk incidents, user interaction can be restricted to require users to provide an additional layer of authentication, such as responding to a Short Message Service (SMS) text, before full capabilities are restored, Brissmyr explained.

Castle runs on the Amazon Web Services (AWS) cloud infrastructure and makes use of a big data backend that includes Apache Kafka, Spark and DynamoDB. Castle is now also moving to use a Docker container approach along with Kubernetes for orchestration and container management, Brissmyr explained.

Castle isn't Brissmyr's first attempt at building a security company. In 2014, he co-founded security startup Userbin, which was an authentication service for consumer-facing applications. The initial promise of Userbin was to provide an easy way for end users to secure online accounts. Brissmyr noted that the consumer authentication space is a difficult market to break into as there are many choices, including open-source options, and that Userbin did not succeed as a company.
Brissmyr is looking to further improve Castle's technology. Among the capacities he's looking to add are self-service features as well as directly integrated two-factor authentication options.

"Our mission is to build a full platform for customer security," Brissmyr said.

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.