Meet Rippling Behavioral Detection Rules: Better security, automated
In this article
How rules are triggered
When a user signs in, Rippling will run their IP address details through the custom rules you’ve set up in your company’s security settings.
If a user is blocked from signing in, your admins will get an email notification. This will show which triggered rules caused the restriction. If the sign-in looks legitimate, you’ll be able to unblock the employee.
Which rules are included
For behavioral detection, we’ve baked in two default rules for all new Rippling accounts. They protect against common security risks, like brute force attacks and traffic from Tor Exit Nodes.
The first of these default rules will be triggered after 5 consecutive incorrect attempts. Even if the password is right on the sixth attempt, the sign-in will still be blocked. The second default rule will block any traffic from Tor exit nodes.
In addition to these default rules, you can choose custom triggers for different groups within your organization. Rippling supports triggers for when a user tries to sign in:
From a specific IP address type
From a new city
From a new state
From a new country
Using a new IP address
From pre-approved VPN IP addresses
Using an IP address not listed in a predetermined list
After a specified number of incorrect attempts
With an impossible velocity between 2 successive attempts
And remember, you can combine multiple triggers for your rules.
Taking action
When a rule is triggered, an action occurs in response. You, as the administrator, can choose actions to correspond with rules. Rippling supports the following actions:
Allow the user access, using an “allowlist”
Limit session lifetime, which will override session lifetimes defined in other apps
Require an additional factor for MFA
Block the user’s access
In the last of these, you can select how severely to block a user. It can be for just a single attempt. It can be for a period of time, ranging from 15 minutes to a full day. Or you can simply block a user until an admin goes in and manually unblocks them.
Disclaimer
Rippling and its affiliates do not provide tax, accounting, or legal advice. This material has been prepared for informational purposes only, and is not intended to provide or be relied on for tax, accounting, or legal advice. You should consult your own tax, accounting, and legal advisors before engaging in any related activities or transactions.
Author
Sam Gnesin
Product Lead
Explore more
What is threat detection and response (TDR)? Complete guide
Learn about threat detection and response and its importance in protecting your business. Get best practices for responding to security threats.
Intrusion detection system (IDS) vs. intrusion prevention system (IPS): Differences and similarities
Compare IDS vs. IPS and discover which is the best option for your business. Learn what IPS and IDS are, their differences, and similarities.
Endpoint protection: The impact of AI and ML on threat detection
Explore the impact of AI and ML on modern endpoint protection, enabling organizations to detect and respond to advanced threats efficiently and effectively.
Introducing Rippling + YubiKey: Better security, less busywork
Introducing Rippling YubiKey Ordering: Simplify security with easy, integrated YubiKey procurement directly through Rippling.
7 powerful (yet simple) steps to secure your Rippling tenant
Your HRIS holds sensitive data, which is why we built powerful IT products on our platform to secure your company and still keep your teams productive.
Strength in layers: Why a layered approach to security is your best bet
As the cyber landscape evolves, a single line of defense isn’t enough. Learn the 7 layers of cybersecurity and why the layered approach is necessary to secure your company.
Engineering a SIEM part 3: Creating cost-effective, scalable detections
Streamlining the alert and detection flow of Security Information and Event Management system.
Introducing Rippling + Tilt: The easy way to automate leave management
The Rippling + Tilt integration is the simplest way to automate leave management with dedicated leave-law support.
See Rippling in action
Increase savings, automate busy work, and make better decisions by managing HR, IT, and Finance in one place.