Abnormal Security, a pioneer in protecting large enterprises from Business Email Compromise (BEC) attacks, introduces VendorBase, a global, federated database that tracks the reputations of an organisation’s vendors and customers, and improves the detection accuracy of advanced social engineering attacks.
With VendorBase, the Abnormal Cloud Email Security platform aggregates communication in one place to provide customers with deeper insight and visibility into a vendor’s reputation and transactions. This unprecedented access gives organisations the ability to see detailed views of all vendors, including profile information, the VendorBase risk assessment score, explanations on risk scores, a timeline view of relevant email communication, and security activity for that vendor.
Vendor-based attacks
Abnormal also releases research detailing a $700,000 invoice fraud BEC attack on a large telecommunications company. Detected and prevented by VendorBase, this particular attack is notable for its patient engagement of multiple parties over the course of two months and leveraged both simple and sophisticated techniques to execute and progress this attack. Abnormal plans to release similar research on vendor-based attacks in the coming months.
Abnormal plans to release similar research on vendor-based attacks in the coming months
“Our goal from the beginning is to provide the industry’s best detection accuracy of sophisticated BEC attacks,” said Evan Reiser, CEO and Co-Founder, Abnormal Security. “Before VendorBase, organisations lacked clear visibility of the BEC risk from their supply chains. This new capability greatly mitigates this risk and makes it much easier for organisations to directly remediate and investigate BEC attacks from compromised vendors.”
Evaluating email communication
Through VendorBase, the Abnormal Security platform automatically computes a risk score for each vendor by evaluating email communication across three areas: if the vendor’s domains have been impersonated or spoofed; if the vendor has been compromised; if the vendor is not legitimate or is a suspicious vendor. VendorBase also gathers reports from all customers and uses the results as part of the risk score computation, which is fed back into the VendorBase so it can be used by all Abnormal Security customers.
“Before VendorBase, ensuring that organisations had the necessary visibility of the risk coming in from the supply chain, and even from customers, required a good deal of manual effort on their side,” said Rami Habal, CPO, Abnormal, “VendorBase automates this process, removing manual burden and providing insight into which vendors are known risk vectors. This makes it simple for our customers to mitigate risk, and detect supply chain fraud over email, that otherwise would have been unknown and gone unnoticed until it was too late.”
