abnormal-security-vendorslisted

# Abnormal Security VendorBase Vendor Risk Assessment ## Overview Abnormal Security's VendorBase provides AI-driven vendor risk assessment by analyzing email communication patterns between your organization and its vendors. It detects compromised vendor accounts, assesses vendor risk levels, and alerts on suspicious vendor behavior. This is critical for protecting against supply chain email attacks where a trusted vendor's account is taken over and used to send malicious emails. ## Vendor Risk Levels | Level | Score Range | Description | Action | |-------|------------|-------------|--------| | **Critical** | 90-100 | Active compromise detected or high-confidence indicators | Immediate investigation, block vendor emails | | **High** | 70-89 | Strong indicators of compromise or suspicious behavior | Priority investigation within 24 hours | | **Medium** | 40-69 | Some risk factors present, warrants monitoring | Monitor, review within 1 week | | **Low** | 0-39 | Normal vendor behavior, minimal risk | Routine monitoring | ## Risk Factors | Factor | Description | Weight | |--------|-------------|--------| | **Authentication Failures** | SPF/DKIM/DMARC failures from vendor domain | High | | **Sending Pattern Change** | Vendor sending from new IPs or mail servers | High | | **Domain Age** | Vendor domain recently registered or changed | Medium | | **Content Anomalies** | Unusual email content compared to historical patterns | High | | **Financial Requests** | Vendor requesting