<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2815180&amp;fmt=gif">
Alienvault USM Anywhere Logo
Skip to content

FAQ

Frequently asked questions about our products and services

  • Castra Privacy Policy

    Privacy Policy

    Castra Managed Services LLC (“Castra”, “we”, “our”, and “us”) believes privacy is paramount and understands and cares about your privacy and your right to your information. We strive to be stewards of your information, just as you would do with your information.

    This Privacy Policy (the “Policy”) applies to personal information collected through the Castra website, online services, and web pages that post, reference, and incorporate this Policy (all of the foregoing, collectively, the “Site”), whether accessed via computer, mobile device or other device (collectively, “Device”).

    Your privacy matters to us, thus Castra has some basic principles:

    • We don’t ask you for personal information unless we truly need it
    • We don’t share your personal information with anyone except to comply with the law, develop our products, or protect our rights
    • We don’t store personal information on our servers unless required for the on-going operation of one of our services.

    If you have questions about deleting or correcting your personal data, please contact our team at info@castra.io

    Consent

    Consent to Data Collection and Processing

    You hereby agree with and consent to the collection and processing of your personal information as described in this Policy.

    Consent to International Data Transfers

    Your personal information may be collected, processed and stored by Castra or its direct services partners in the United States and other countries where our servers reside. Please be aware that the privacy protections and legal requirements, including the rights of authorities to access your personal information, in some of these countries may not be equivalent to those in your country. You hereby agree with and consent to the transfer of your personal data to the United States and other countries where Castra operates.

    Withdrawal of Consent

    You have the right, at any time, to withdraw your consent to Castra’s collection and processing of your information, or to the transfer of your personal data to the United States and other countries where Castra operates. You may withdraw your consent by contacting us at info@castra.io

    Privacy Over the Internet

    Castra understands that some individuals have special privacy concerns around information transmitted or collected over the Internet or through web sites. This Policy also describes how you can reach us to update your personal information, access and control the use of the personal information, or get answers to questions you may have about our privacy practices. Please read this Policy carefully, because by accessing and using this Site you are acknowledging that you understand and agree to the terms of this Policy. In addition, please review our Terms of Use, which governs your use of this Site.

    Security of Your Information

    Castra uses reasonable organizational, technical, and administrative measures designed to protect your personal information under our control, although “perfect security” does not exist on the Internet. Online, we guard the privacy and confidentiality of your personally identifiable information with audited safeguards. We do not currently collect any sensitive information, such as credit card numbers or social security numbers. This Policy will be updated to reflect any changes, should they arise.

    How The Online Information Castra Collects Is Used

    As you interact with Castra, there may be opportunities for you to provide us with your information. Additionally, we may collect certain information about you as further described below.

    The types of information that Castra collects about you may include, but are not limited to:

    • Contact information (such as name, address, city, state and ZIP code, occupation, email address and telephone number);
    • Payment information (such as your bank account information, and payment history);
    • Information about your connected Devices (such as IP address, browser type, unique device identifier, cookie data, and associated identifying and usage information);
    • Marketing profile information;
    • The kind of Castra service product you purchased; and
    • The kind of service provided to you.

    To gauge the effectiveness of the Site, we do collect some non-individually-identifiable generic information about our visitors. Our web servers automatically recognize a visitor’s Internet service provider, the IP address, the domain name, the type of browser, the operating system, which pages are viewed on the Site, the web page a visitor was on when they linked to the Site, how much time is spent on each page, and other information related to the operation and interaction of the Site. This information does not reveal a visitor’s identity. We aggregate this information and use it to evaluate and improve the Site.

    Identifiable Information – You can choose to provide individually-identifiable information to Castra in a number of ways as described below. When visitors supply information about themselves for a specific purpose, Castra uses the information for that purpose (such as to provide the information the visitor has requested or to consider a visitor for a particular job). In addition, when visitors use the Site to request information about our services, we may use the individually-identifiable information as we would use the same information obtained o-line – for example, to evaluate your service needs and contact you regarding additional services you may find useful.

    Castra will not ever sell, trade, or disclose to third parties any individually identifiable information derived from the registration for or use of Castra online service – including customer names and addresses (except as required by subpoena, search warrant, or other legal process or in the case of imminent physical harm to the customer or others).

    Castra collects, discloses, and uses your personal information: for the purpose of determining your qualifications for employment and reaching a hiring decision; to comply with any legal process, applicable laws, and/or regulations; to defend ourselves in claims under such laws; to respond to your inquiries and fulfill your requests, such as to send you documents you request or e-mail; to send you important information regarding our relationship with you or regarding this Site, changes to our terms, conditions, and policies and/or other administrative information; for our business purposes, such as marketing new products and services, data analysis, audits, developing new products or services, enhancing our Site, improving our products and services, identifying Site usage trends, providing products and services, maintaining customer relationships, improving the quality, safety, and security of our products and services, administering your account(s), troubleshooting, supporting electronic signature, customizing and improving communication content, evaluating product performance, providing customer support and product support, warranty administration, and determining the eectiveness of our Site; to our third party service providers who provide services such as website hosting and moderating, mobile application hosting, data analysis, infrastructure provision, credit card processing, IT services, e-mail services, marketing services, auditing services, and other services, in order to enable them to provide services; to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings); and when we otherwise have your consent.

    In addition, we use and disclose personal information collected through this Site as we believe to be necessary or appropriate: (a) as permitted by applicable law, including laws outside your country of residence; (b) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; (c) to enforce our Terms of Use; (d) to protect our operations or those of any of our affiliates; (e) to protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or others; and (f) to allow us to pursue available remedies or limit the damages that we may sustain.

    Third Party Web Sites

    This Policy does not address, and we are not responsible for, the privacy, information, or other practices of any third parties, including any third party operating any site or web property that is available through this Site or to which this Site contains a link. The Site may contain hyperlinks to other web sites. When you click onto one of these hyperlinks, and leave the Site, you are moving to another web site that we do not control. We encourage you to read the privacy statements of these linked web sites, as their privacy policy may differ from ours and we cannot take any responsibility for the content or policies adopted by other web sites. The availability of any third party site, or the inclusion of a link to any third party site, on this Site does not imply endorsement of it by us or by our affiliates.

    How We Collect Personal Information about You

    Most of the personal information Castra collects about you is collected directly from you, such as when you (1) submit your personal information to receive product updates and marketing information, (2) contact us via the online “Contact” portal on the Site, (3) send e-mail messages or feedback, or transmit other information by e-mail, and (4) apply for a job. To elect to engage in such activities, we may ask that you provide us personal information.

    Passive Information Collection and Use

    As you navigate around this Site, certain information can be passively collected (that is, gathered without you actively providing the information), using various technologies. We passively collect and use information in a variety of ways, including:

    • Through your browser: Certain information is collected by most browsers, such as your Media Access Control (MAC) address, computer type (Windows or Macintosh), screen resolution, operating system version, and Internet browser type and version. We may collect similar information, such as your device type and identifier, if you access this Site through a mobile Device.
    • Cookies: Cookies are pieces of information stored directly on the computer you are using. Cookies allow us to collect information such as browser type, time spent on this Site, pages visited, and language preferences. We and our service providers may use the information for security purposes, to facilitate navigation, and display information more effectively. In addition, we may use cookies to gather statistical information about
    • Site usage in order to continually improve its design and functionality, understand how individuals use it, and to assist us with resolving questions regarding it.

    You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser settings to decline cookies if you prefer. If you would prefer not to accept cookies, most browsers will allow you to: (i) change your browser settings to notify you when you receive a cookie, which lets you choose whether or not to accept it; (ii) to disable existing cookies; or (iii) to set your browser to automatically reject any cookies. If you set your browser to reject cookies, part of the Site may not work for you.

    • Pixel tags, web beacons, clear GIFs, or other similar technologies: These may be used in connection with some Site pages to, among other things, track the actions of Site users and compile statistics about Site usage and response rates.
    • IP Address: Your IP Address is a number that is automatically assigned to the computer that you are using by your Internet Service Provider. An IP Address is identified and logged automatically in our server log files whenever a user visits this Site, along with the time of the visit and the page(s) that were visited. Collecting IP Addresses is standard practice on the Internet and is done automatically by many web sites. We use IP Addresses for purposes such as calculating Site usage levels, helping diagnose server problems, and administering this Site.
    • Device Information: We may collect information about your Device, such as a unique device identifier.

    Privacy Policy Changes

    Although most changes are likely to be minor, Castra may change its Privacy Policy from time to time, and at Castra’s sole discretion. Castra encourages visitors to frequently check this page for any changes to its Privacy Policy. Your continued use of this site after any change in this Privacy Policy will constitute your acceptance of such change.

    Business Transfers

    If Castra, or substantially all of its assets, were acquired, or in the unlikely event that Castra goes out of business or enters bankruptcy, user information would be one of the assets that is transferred or acquired by a third party. You acknowledge that such transfers may occur, and that any acquirer of Castra may continue to use your personal information as set forth in this policy.

    Rights to Access, Correct, or Delete Your Information, and Closing Your Account

    You have a right to (1) access, modify, correct, or delete your personal information controlled by Castra regarding your profile, (2) change or remove your content, and (3) close your account. You can request your personal information that is not viewable on your profile or readily accessible to you (for example, your IP access logs) by emailing us at info@castra.io. If you close your account(s), your information will generally be removed from the Service within one (1) week. We generally delete closed account information and will de-personalize any logs or other backup information through the deletion process within thirty (30) days of account closure, except as noted below.

    Data Retention

    We retain the personal information you provide while your account is in existence or as needed to provide you services. We may retain your personal information even after you have closed your account if retention is reasonably necessary to comply with our legal obligations, meet regulatory requirements, prevent fraud and abuse, or enforce this Privacy Policy. We may retain personal information, for a limited period of time, if requested by law enforcement.

    Email Communications

    Castra or its business partners may use email to communicate with customers or prospective customers about events or new products and services or to respond to visitor’s emails. If you receive unwanted email from us you may also remove yourself from our email list by simply following the “unsubscribe” instructions in the email. We will not send commercial solicitations to customers who request it not be sent. Please note that if you do go through this process, some email messages may still come to you, although not those dealing with commercial solicitations.

    Use of Site By Minors

    We do not intentionally collect information from individuals under the age of 18. The Site is not directed to individuals under the age of 18 and we re-quest that these individuals not provide personal information through this Site.

    Compliance with Local Laws

    This Policy is meant to guide Castra with respect to personal information collected from or about you at this Site. While this Policy applies to personal information generally, the local laws, rules and regulations of jurisdictions that are applicable to Castra (“Local Laws”) may require standards which are stricter than this Policy and, in such event, Castra will comply with applicable Local Laws. Specific privacy policies may be adopted to address the specific privacy requirements of particular jurisdictions.

    Security and Breach Notification

    Castra is committed to the security of your information, and has in place physical, administrative and technical measures designed to prevent unauthorized access to that information. Castra security policies cover the management of security for both its internal operations as well as the services. These policies, which are aligned with the ISO/IEC 27001:2013 and SOC2 Type2 standards, govern all areas of security applicable to services and apply to all Castra employees.

    Castra is also committed to reducing risks of human error, theft, fraud, and misuse of Castra facilities. Castra’s efforts include making personnel aware of security policies and training employees to implement security policies. Castra employees are required to maintain the confidentiality of services data. Employees’ obligations include written confidentiality agreements, regular training on information protection, and compliance with company policies concerning protection of confidential information.

    Castra promptly evaluates and responds to incidents that create suspicions of unauthorized handling of services data. Castra Management is informed of such incidents and, depending on the nature of the activity, define escalation paths and response teams to address the incidents. If Castra determines that your services data has been misappropriated (including by an Castra employee) or otherwise wrongly acquired by a third party, Castra will promptly report such misappropriation or acquisition to you.

    European Economic Area (EEA) Residents

    We may transfer your personal information outside the European Economic Area (EEA) to the United States or any country that Castra or its service providers may have operations.

    Such countries do not have the same data protection laws as the United Kingdom and EEA. While the European Commission has not given a formal decision that such countries provide an adequate level of data protection similar to those which apply in the United Kingdom and EEA, any transfer of your personal information will be subject to a European Commission approved contract (as permitted under the General Data Protection Regulation) that are designed to help safeguard your privacy rights and give you remedies in the unlikely event of a misuse of your personal information. To obtain a copy of the safeguards please contact us.

    If you would like further information please contact us. We will not otherwise transfer your personal data outside of the United Kingdom OR EEA or to any organization (or subordinate bodies) governed by public international law or which is set up under any agreement between two or more countries.

    Under the General Data Protection Regulation you have a number of important rights free of charge. In summary, those include rights to:

    • Fair processing of information and transparency over how we use your use personal information
    • Access to your personal information and to certain other supplementary information that this Policy is already designed to address
    • Require us to correct any mistakes in your information which we hold
    • Require the erasure of personal information concerning you in certain situations
    • Receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
    • Object at any time to processing of personal information concerning you for direct marketing
    • Object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
    • Object in certain other situations to our continued processing of your personal information
    • Otherwise restrict our processing of your personal information in certain circumstances

    For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Oce (ICO) on individual’s rights under the General Data Protection Regulation.

    If you would like to exercise any of those rights, please:

    • Email, call, or write to us – info@castra.io
    • Let us have enough information to identify you
    • Let us have proof of your identity and address
    • Let us know the information to which your request relates

    If you would like to unsubscribe from any email newsletter, you can also click on the unsubscribe button at the bottom of the email newsletter. It may take a few days for this to take place.

    How to Complain

    We hope that we can resolve any query or concern you raise about our use of your information. To contact us, please use info@castra.io

    The General Data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority, particularly in the European Union (or European Economic Area) state where you work, normally live, or where any alleged infringement of data protection laws occurred.

    Response to Do Not Track signals

    Some web browsers incorporate a “Do Not Track” (DNT) or similar feature that signals to digital devices that a visitor does not want to have his/her online activity tracked. Because not all web browsers offer DNT options and DNT signals are not yet uniform, we and many other digital service opera-tors do not respond to DNT signals.

    Compliance

    Castra will use a self-assessment approach to verify compliance with this Policy and periodically verify that the Policy is accurate, comprehensive for the information intended to be covered, prominently displayed, implemented and accessible.

    If you believe that your personal information has been processed or disclosed in violation of this Policy, Castra encourages you to raise any concerns using the contact information provided in this Policy. Castra will investigate and attempt to resolve any complaints and disputes regarding use and disclosure of personal information.

    Cross-Border Transfer

    Personal information may be transferred, accessed and stored globally as necessary in accordance with this privacy policy.

    Castra complies with formal recognized legal policies (US / EU / other) regarding the collection, use, and retention of personal information transferred from the European Union to the United States. Castra is also responsible for ensuring that third parties acting as an agent our behalf do the same.

    Dispute Resolution

    If you have any complaints regarding our compliance with this privacy policy, you should first contact us at info@castra.io or at the address listed below. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with this privacy policy.

    Individuals with inquiries and complaints regarding our policy should contact Castra at:

    Castra Managed Services, LLC
    ATTN: Privacy Officer ISO
    3308 Durham Chapel Hill Blvd
    Durham NC 27707

    Castra has further committed to refer unresolved complaints to American Arbitration Association, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://www.adr.org/Support for more information or to file a complaint. The services of American Arbitration Association are provided at no cost to you.

    If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact your local EU Data Protection Agency (DPA) at https://webgate.ec.europa.eu/odr/main/?event=main.home.show. Under certain conditions, you may have the right to invoke a binding arbitration to resolve the matter.

    Your Access to Your Personal Information

    We give you choices regarding our use and disclosure of your personal information. You may opt-out of our collection of your personal information at any time by contacting us as specified below. We will seek to comply with your request(s) as soon as reasonably practicable.If applicable and you would like to review, correct, update, or delete the personal information that you have provided via this Site, please contact us as specified below. We will try to comply with your request as soon as reasonably practicable.

    Retention Period

    We retain your personal information for the period necessary to fulfill the purposes outlined in this Policy, unless a longer retention period is required or allowed by law or to otherwise fulfill a legal obligation.

    Changes to the Policy

    To improve the services it can offer you, Castra may modify, change or expand its capabilities for obtaining and using information received from or about users of our web site. Castra will update this privacy policy as necessary so that you have an opportunity to remain up-to-date of developments in this area. Please continue to check our privacy policy from time to time to learn about any of these changes or developments.

    Arbitration clause

    If a dispute arises from or relates to this contract or the breach thereof, and if the dispute cannot be settled through direct discussions, the parties agree to endeavor first to settle the dispute by mediation administered by the American Arbitration Association under its Commercial Mediation Procedures before resorting to arbitration. The parties further agree that any unresolved controversy or claim arising out of or relating to this contract, or breach thereof, shall be settled by arbitration administered by the American Arbitration Association in accordance with its Commercial Arbitration Rules and judgment on the award rendered by the arbitrator(s) may be entered in any court having jurisdiction thereof.

    https://www.adr.org/Clauses

    The AAA provides world-class-third-party case management that offers clients a variety of value added services to ensure efficient and effective administration of arbitration and mediation cases AAA Case Filing Services provides customers with an easy, fast and efficient process for filing any type of dispute resolution case, regardless of geographical location For more information on Case Filing Services, please click on www.adr.org/fileacase

    Inquiries or Questions

    If you have questions or concerns about Castra’s policies and practices for handling applicant personal information, or otherwise, please contact us:By E-mail: info@castra.io

  • How does this product/service answer the specific market need or application for which it was designed and is being nominated?

    The #1 problem in our industry is resources and human expertise. There are no shortages of tools and tech. Castra’s CoFounders spent years building and managing global SOC teams, and quickly learned what provided real value to our clients. Businesses need security monitoring, data retention and audit capabilities in addition to detection and prevention tools and they need it to be transparent, integrated, and most importantly, affordable. Castra’s Elite service helps clients get a total picture of their risk from a practical perspective, and provides mechanisms to mitigate concerns immediately. We choose platforms and tools that provide significant insight into client networks, and that can take action or simply provide clarity with respect to ongoing shifts in their environment. More importantly, though, we do so in a way that is open and transparent to the client so that they remain in control of their tools and data.

  • What are the business and technical advantages to enterprises or SMEs investing in this product/service?

    Castra focuses on transparency, integration and affordability .  We pride ourselves on being a partner not just a provider. Castra wants clients to be able to view and interact with the same tools we operate on their behalf. We understand clients have outsourced for various reasons, yet we want our clients to be able to monitor us and direct outcomes. There are no “black boxes” in our service and clients are encouraged to audit us as much as they see fit.  The client can see the platform, use it, and work on it with us to achieve their goals.

  • How does this product/service significantly differ from its competitors?

    To Castra, the client owns the platform, the data and the outcome.  Many of our competitors prefer to deliver "black box" systems, claiming that their proprietary and hidden solutions deliver more value. Castra knows this is simply not true, so we implement best-of-breed tools that are available on the open market and transparent to our clients. Our focus is always on making the client empowered and in control, while doing all of our work in the open for them to see.  Everything belongs to the client - always - and as such our work and all data belong to them.  We're so confident in our approach that on Day One we literally teach clients how to disconnect us.

  • What is this product's/service's total cost of ownership?

    Is it possible that some of your customers find that scalability issues, management of updates/configurations and more, increase costs associated with deployment of your solution/service?

    While the TCO will vary depending on the size and needs of the client, Castra is always up-front and clear in our pricing.  There are no hidden costs.  Importantly, the actual cost of the services will always be far less than if the end client chose to build it themselves.  In most cases we cost less than a single FTE, and in others still far less than trying to staff your own 24x7 team to monitor, manage, improve, refine and analyze the data put into the system.  Even when clients outgrow their platform and need to expand, we do not immediately raise management costs in those situations, but instead defer that until proper growth, stability and performance are achieved and we can measure the impact.

  • If applicable, what is the frequency of updates to the product/service?

    Castra's security services are updated with a near daily frequency and in perpetuum, and that is not hyperbole.  Threat detection and mitigation is never “set it and forget it.”  Threats evolve daily and as such strategies for detecting them must as well.  Threat Intelligence, a core piece of our service lines, updates hourly in most cases.  Detection methodologies, such as correlation rules and behavioral models, are updated weekly to monthly by the vendors and on an ongoing, ad-hoc basis by Castra for specific threats or client needs.  Moreover, as we learn and adjust in one environment, we propagate those improvements to all of our customers so that everyone gets the benefits.  Our team is constantly working to tune out false positives, apply the latest in detection methodology and refine results in order to ensure we provide clients with actionable alarms and alerts.

  • How has this product/service helped customers to meet/surpass corporate budgetary expectations?

    Castra delivers an excellent price point for clients given our long history in the mid-market with more budget-conscious customers. We have deployed SIEM in over 2,000 organizations all over the world, and the biggest common denominator amongst all of our customers  was their budget. We know what it’s like working with lean and mean teams. In most cases we cost less than a single FTE, and in others still far less than trying to staff your own 24x7 team to monitor, manage, improve, refine and analyze the data put into the system. All of our pricing is up-front and clear and there are no hidden costs or extra charges.  Our average sales price is less than a single full time employee and we have a 12 month commitment as opposed to the industry average 36 month commitment.

  • How does this product/service show a sound business benefit and/or return on investment? That is, how is it enabling customers and their businesses?

    Castra is able to show clear cost advantages over our competitors and can help demonstrate the business impacts of choosing to do nothing at all or select a competing solution. Our long history as security service providers gives us the experience and expertise needed to advise clients across their entire security architecture, portfolio, and demonstrate where our solutions fit with client goals and needs.