Drop in some intelligent security to your startup with Castle.io


    The last thing you want on your web app is to hear that sleazy people are crawling all over it, hacking your users either through brute force or using a stolen password to steal sensitive information. Despite the clamor from the technical crowd that developers should implement two-factor authentication everywhere your average user isn’t going to take the time, which means you should be more proactive with your login security. Enter Malmö-based Castle.io which offers an intelligent drop-in security tool, now available in Beta.

    According to co-founder Johan Brissmyr the idea came from their last startup, which was a risk engine and a fraud engine. When looking for tools to fight fraud the team couldn’t find any simple or inexpensive solutions – you had to contact support person for a big quote and these companies would send over a support engineer to your site. Their idea with Castle.io was to make bank-level security easy for any developer to drop in, just like you would with Twillo or Stripe.

    On your site their tool boils down to a few lines of javascript that hardly takes any time to install. Once its in there it starts listening to user behavior – and lets you know if suddenly a user logs in from a strange IP, if the credentials are seeing a brute force attack, if the login is coming from TOR, if the user has a suspicious browser configuration, or even if the user is using the keyboard differently.

    Their API works with both your home-grown login configuration or with outside tools like OAuth. “You just add it on top,” says Brissmyr. “You just call us and ask ‘is this user the real one?'”

    With that information you can use Castle.io to flag users or block logins using any sort of logic on top of it.

    The has now launched in Beta and will stay there until probably this summer. To fuel their growth, the team has raised about $300,000 from Sparklabs Global Ventures, Hampus Jakobsson (founder of TAT), Henrik Torstensson (CEO at Lifesum, former Spotify executive), Fredrik Nylander (CTO of Oscar), Tim Jackson (founded QXL) Erik Byrenius (founded OnlinePizza, sold to DeliveryHero), Anders Frankel (founded Apsis), and Johan Lorenzen (CEO at Holvi).

    As far as developer tools coming out of the region, this seems like a good one. You can find tools like this specifically designed for ecommerce money flows, but apparently nothing good really exists for general logins like what Castle.io is building. With high-profile hacks dominating the news it’s valuable to keep your users locked down.