
Castle (YC W16) Analyzes User Data to Stop Hackers - roymurdock
https://blog.ycombinator.com/castle-yc-w16-analyzes-user-data-to-stop-hackers
======
brissmyr
Hey! Johan, co-founder of Castle here. My and my co-founder used to work in a
financial startup and couldn't find any easy-to-use solutions for account
monitoring. We built Castle to be a drop-in solution against account
compromise. You track events in your web and mobile apps, and we analyze
device, location and usage patterns to make sure they are consistent for each
user.

We have lots of plans for improving the product: more 3rd-party integrations,
built-in 2FA/captcha, APIs to build your own "security page" with device and
session history. Would love to hear the feedback from the HN community!

~~~
Eridrus
I'm curious what verticals your customers are in. Unless your company is
liable for account takeover it seems like this is a tough sell.

The risk of FPs and the lack of clear benefit to the company paying you you
seems like a hard place to make money.

~~~
brissmyr
Thanks, this is valid feedback. You're right, account takeover is not the best
description unless you're a big financial institution. When working with
startups they use us for the (risk-based) authentication, and we're working in
that direction, offering 2FA flows, security emails among other things.

------
chatmasta
> As easy to integrate as any analytics API

Seems equally easy to circumvent, if you are a malicious user. Just block the
analytics from loading.

~~~
brissmyr
If you would block the analytics script for a user that normally have it
enabled, that looks fishy to our detection. We don't (only) compare the
collected data with known fraud profiles, but also with how the current user
normally accesses the service.

