In this article:
Automatic Vendor Detection is available with a paid SecurityScorecard plan. See our plans page for more information about levels of features and access.
Use SecurityScorecard's Automatic Vendor Detection to understand the risk within your growing third- and fourth-party vendor ecosystem. Visualize and easily pinpoint vendor risk, and verify that your direct vendors are managing the risk associated with theirs.
For example, your organization may use a vendor to manage and distribute your marketing emails (your third party), and that vendor may use a cloud services provider to manage your customer email addresses and your own organization's account information (your fourth party). A breach of latter could result in theft of data, exposing you and your customers to further cyberattacks.
Survey vendor connections
Note: Automatic Vendor Detection does not support custom Scorecards.
To see the supply chain connections for any organization, click the Vendor Connections tab on the related Scorecard.
Tip: Start with your own Scorecard to understand the risk within your immediate ecosystem. Then trace the vendor connections for your third and fourth parties that concern you the most.
Set up your view
On the Vendor Detection page, toggle between views to survey all connected third or fourth parties.
Note the supply chain risk score, which is a calculation based on data related to third- and fourth-party vendors detected for the organization.
Click a segment of the semicircle to see only vendors with that grade. For example, to focus on more problematic vendors, click the C, D, or F segment.
Or select a grade from the drop-down list above the table to see only vendors with that grade.
Filter your table view of connections by searching for specific domains. This can be especially helpful if numerous connections make it difficult to find a specific vendor that concerns you.
Review the vendors
In the table, view the listed vendors, their overall letter grades, and the method SecurityScorecard used to verify that they are connected to the organization whose Scorecard you are currently looking at.
Click the name of any listed organization to view its Scorecard, including its security issues and its own third- and fourth-party vendor connections.
Click the number of products used by the vendor to see all detected products.
The current version of AVD uses two linking methods based on findings from our regular scans and web crawls.
We analyze information in HTTP requests that a crawled website makes to other sites, as well as the responses, including headers.
Tip: Learn about Enhanced Illumination, which provides additional vendor information:
- More third- and fourth-party vendor connections
- Software products, libraries, languages and other technologies that vendors use
- Searchable vendor connections across any Portfolio
Trace all fourth-party connections
If you are viewing fourth parties, click the 3rd-Party Connections icon for any fourth-party vendor to trace all of its connections to the Scorecard you are examining.
For example, if you are looking at the fourth-party vendor connections for the Scorecard of My Organization, you can see all of My Organization's third-party vendors that connect it to the fourth party, Example, LLC.
With this knowledge, you can take protective action, such as asking any of your direct vendors to address the problematic fourth party's security issues.
To ask for help about this feature or share feedback, submit a Support request.