Vendor Data Collection Methods Ingrid Vendor Discovery uses technical and non-technical observations to connect companies and vendors. A connection’s certainty level is based on these observations. Technical Observations Technical observations are externally-collected observations, such as: A certificate authority that can be identified by looking at the root certificate in a company’s certificate chain (e.g., GoDaddy, GlobalSign). An email provider that can be identified by looking at providers’ SPF records.(e.g., Gmail, Yahoo! Mail). A hosting provider that can be identified by the IP range the company’s website is running on (e.g., GoDaddy, BlueHost). A DNS provider that can be identified by the use of known nameservers (e.g - Azure DNA, Cloudflare). A CDN provider that can be identified by the hostname or IP address used to fetch resources on a company’s website (e.g., Akamai, Cloudflare). Other technology providers that can be identified by their use on a company’s website. Non-Technical Observations Non-technical observations are collected using natural language processing methods that reference technologies listed on resumes, job descriptions, and Uniform Commercial Code (UCC) filings to infer connections. December 1, 2023: Published. Related articles Vendor Risk: Vendor Discovery Company Relationships Finding Behavior The Bitsight Security Ratings' Correlation to Ransomware Bulk Portfolio Changes Feedback 0 comments Please sign in to leave a comment.