{"id":1447,"date":"2018-04-10T12:17:02","date_gmt":"2018-04-10T16:17:02","guid":{"rendered":"https:\/\/solutionsreview.com\/security-information-event-management\/?p=1447"},"modified":"2018-04-10T12:17:02","modified_gmt":"2018-04-10T16:17:02","slug":"4-questions-w-2s-false-positives-ryan-stolte-bay-dynamics","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/security-information-event-management\/4-questions-w-2s-false-positives-ryan-stolte-bay-dynamics\/","title":{"rendered":"4 Questions on W-2s and Security False Positives with Ryan Stolte of Bay Dynamics"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-1448\" src=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/04\/w-2-and-false-positives-Mod.jpg\" alt=\"false positives and W-2s\" width=\"800\" height=\"400\" srcset=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/04\/w-2-and-false-positives-Mod.jpg 800w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/04\/w-2-and-false-positives-Mod-300x150.jpg 300w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/04\/w-2-and-false-positives-Mod-768x384.jpg 768w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/04\/w-2-and-false-positives-Mod-540x270.jpg 540w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/04\/w-2-and-false-positives-Mod-162x81.jpg 162w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/04\/w-2-and-false-positives-Mod-360x180.jpg 360w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Tax Day is April 17<\/span><span style=\"font-weight: 400\">th<\/span><span style=\"font-weight: 400\">. Chances are your enterprise already prepared and shipped off the necessary documents. But what about your employees? Is the looming deadline putting pressure on them?<\/span><\/p>\n<div class=\"widget\"><div class=\"aside-card\">\t\t\t<div class=\"textwidget\"><p><a title=\"Download link to SIEM Buyers Guide\" href=\"https:\/\/solutionsreview.com\/security-information-event-management\/siem-buyers-guide-security-information-and-event-management\/\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-1682\" src=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/02\/SIEM_SB_BG.gif\" alt=\"Download Link to SIEM Buyers Guide\" width=\"800\" height=\"100\" \/><\/a><\/p>\n<\/div>\n\t\t<\/div><\/div>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Recently, the IRS sent out a warning about a W-2 phishing email scam putting enterprises at risk. Cybersecurity experts are warning about the false positives that could result from employees doing their taxes at work. This may not seem like an enterprise-level concern, but your employee\u2019s behaviors often determine your cybersecurity\u2019s solidity against cybercriminals. <\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">To learn more about this and how enterprise IT cybersecurity teams can deal with false positives in general, we spoke with Ryan Stolte, Co-Founder and CTO of <\/span><a href=\"https:\/\/solutionsreview.com\/security-information-event-management\/look-security-analytics-solution\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400\">security analytics<\/span><\/a><span style=\"font-weight: 400\"> vendor <\/span><a href=\"https:\/\/baydynamics.com\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400\">Bay Dynamics<\/span><\/a><span style=\"font-weight: 400\">. Here\u2019s our conversation, edited slightly for readability: \u00a0\u00a0<\/span><\/p>\n<h4 style=\"text-align: justify\"><b>Solutions Review: What is the W-2 <\/b><a href=\"https:\/\/solutionsreview.com\/security-information-event-management\/phishing-stay-safe\/\"><b>phishing<\/b><\/a><b> email scam? It seems to have become fairly prevalent if the IRS is warning people about it.<\/b><\/h4>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Ryan Stolte: Yes. Every tax season, this scam comes to surface however this year the attackers expanded their victim pool. In February 2018, the IRS released an<\/span><a href=\"https:\/\/www.irs.gov\/newsroom\/dangerous-w-2-phishing-scam-evolving-targeting-schools-restaurants-hospitals-tribal-groups-and-others\" target=\"_blank\" rel=\"noopener\"> <span style=\"font-weight: 400\">alert<\/span><\/a><span style=\"font-weight: 400\"> warning that W-2 email phishing scams have evolved. The scams involve cybercriminals sending emails that appear to come from a trusted executive to someone in human resources or payroll, requesting a list of all employees and their W-2 forms.<\/span><\/p>\n<h4 style=\"text-align: justify\"><b>SR: But now there is a false positives problem arising from the phishing scam? Why is that happening?<\/b><\/h4>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">RS: Data Loss Prevention (DLP) technology is typically the gatekeeper for these kinds of scams, as it is designed to flag and stop sensitive data from walking out the door. However, every tax season, employees oftentimes work on their own personal taxes while at work using work assets. They email their W-2s back and forth from their corporate to their own personal email address or that of their accountant.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">The problem is that due to the sensitivity of the information on W-2 documents, DLP flags this activity as a high-level alert, when in reality it\u2019s employees simply working on their taxes. As a result, already overwhelmed DLP analysts waste time investigating these alerts, only to discover that while risky they are not critical threats. In the meantime, the real threats like those warned about in the IRS alert fall through the cracks.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">The other issue is that because analysts are so accustomed to seeing this type of \u201cbusiness as usual\u201d activity during this time of year, they write rules so that security tools do not flag the behavior at all. This is dangerous because if an employee is compromised and the bad actor is sending personal, sensitive information to a malicious external party, the tool would miss the activity.<\/span><\/p>\n<h4 style=\"text-align: justify\"><b>SR: If employees doing their personal taxes at work, with work equipment and on company time, shouldn\u2019t the solution be to just prevent employees from doing that? Or is it more complicated than that?<\/b><\/h4>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">RS: Security Awareness Training can help in one regard. It shows employees why this behavior is risky and advises them to not work on personal taxes using work assets. However, that is far from foolproof. People will continue the activity considering most of their time is spent in the office and they face a looming deadline. Technology is needed to reduce the false positive problem while also catching real threats before sensitive data leaves the organization.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Companies should integrate DLP with user and entity behavior analytics (<\/span><a href=\"https:\/\/solutionsreview.com\/security-information-event-management\/5-questions-ueba-samir-jain-of-logrhythm\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400\">UEBA<\/span><\/a><span style=\"font-weight: 400\">). UEBA looks at the employee\u2019s behavior, which in this case is an employee sending a W-2 form to his personal email address. It then analyzes the behavior, comparing that behavior to the person\u2019s peers and overall team, and uses that information to determine if the alert is indeed a malicious insider trying to steal data or a false positive.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">For example, if an employee is sending his own W-2 to his personal email address, in addition to many others on their team doing that same activity, it\u2019s most likely employees simply working on their taxes while at work and not a malicious threat. UEBA would identify that those employees are sending W-2 documents to themselves and deprioritize these activities or move them to a queue for training. If an employee in human resources sends a list of W-2 information to an external party that is unrecognized, UEBA would identify the behavior as abnormal for the employee\u2019s self, peers, and overall team, and prioritize the alert before sensitive data walks out the door.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">UEBA can also help identify broken business processes. For example, if groups of employees are violating a policy in a consistent way, like sending their documents with sensitive data to their attorneys, UEBA will identify the activity as non-malicious but risky and recommend they be targeted for process improvement, and\/or perhaps provide them with an encrypted email tool.<\/span><\/p>\n<h4 style=\"text-align: justify\"><b>SR: What advice do you have to help IT teams recognize false positives? Are there telltale signs?<\/b><\/h4>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">RS: Identifying false positives involves behavior comparisons and understanding the receiver. If an employee sends a batch of tax-related documents to an external email address, UEBA would compare the behavior to the employee\u2019s self, peers, and overall team. UEBA can also determine if the receiver is unusual, such as an external email address or the personal email address of the employee. If it\u2019s the personal email address, it\u2019s a low-risk item and can be deprioritized. If it\u2019s an external address, and the behavior is unusual across the person\u2019s peers and overall team, the behavior would be prioritized as a high alert. UEBA also factors in contextual information such as the value of the asset at risk of a compromise.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">For example, if the information is a list of social security numbers, that\u2019s of high value, and if compromised would most likely damage the company significantly. UEBA would factor that in and prioritize the alert as critical. However, if it was a database of press releases that were already distributed publicly, UEBA would deprioritize the alert being that it\u2019s not of high value and would cause little impact if compromised.<\/span><\/p>\n<h4 style=\"text-align: justify\"><b>Thanks again to Ryan Stolte of Bay Dynamics for his time and expertise!<\/b><\/h4>\n<p style=\"text-align: justify\">\u00a0<span style=\"font-weight: 400\">\u00a0<br \/>Widget not in any sidebars<br \/><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Tax Day is April 17th. Chances are your enterprise already prepared and shipped off the necessary documents. But what about your employees? Is the looming deadline putting pressure on them? Recently, the IRS sent out a warning about a W-2 phishing email scam putting enterprises at risk. Cybersecurity experts are warning about the false positives [&hellip;]<\/p>\n","protected":false},"author":41,"featured_media":1448,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[551],"tags":[639,95,145,112,86,21,57,280,636,637],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>4 Questions on Security False Positives with Ryan Stolte of Bay Dynamics<\/title>\n<meta name=\"description\" content=\"To learn more about how enterprise IT cybersecurity teams can deal with false positives, we spoke with Ryan Stolte, Co-Founder &amp; CTO of Bay Dynamics.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/security-information-event-management\/4-questions-w-2s-false-positives-ryan-stolte-bay-dynamics\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"4 Questions on Security False Positives with Ryan Stolte of Bay Dynamics\" \/>\n<meta property=\"og:description\" content=\"To learn more about how enterprise IT cybersecurity teams can deal with false positives, we spoke with Ryan Stolte, Co-Founder &amp; CTO of Bay Dynamics.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/solutionsreview.com\/security-information-event-management\/4-questions-w-2s-false-positives-ryan-stolte-bay-dynamics\/\" \/>\n<meta property=\"og:site_name\" content=\"Best Information Security SIEM Tools, Software, Solutions &amp; Vendors\" \/>\n<meta property=\"article:published_time\" content=\"2018-04-10T16:17:02+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/04\/w-2-and-false-positives-Mod.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"400\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Ben Canner\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ben Canner\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/4-questions-w-2s-false-positives-ryan-stolte-bay-dynamics\/\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/4-questions-w-2s-false-positives-ryan-stolte-bay-dynamics\/\",\"name\":\"4 Questions on Security False Positives with Ryan Stolte of Bay Dynamics\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/4-questions-w-2s-false-positives-ryan-stolte-bay-dynamics\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/4-questions-w-2s-false-positives-ryan-stolte-bay-dynamics\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/04\/w-2-and-false-positives-Mod.jpg\",\"datePublished\":\"2018-04-10T16:17:02+00:00\",\"dateModified\":\"2018-04-10T16:17:02+00:00\",\"author\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\"},\"description\":\"To learn more about how enterprise IT cybersecurity teams can deal with false positives, we spoke with Ryan Stolte, Co-Founder & CTO of Bay Dynamics.\",\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/4-questions-w-2s-false-positives-ryan-stolte-bay-dynamics\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/security-information-event-management\/4-questions-w-2s-false-positives-ryan-stolte-bay-dynamics\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/4-questions-w-2s-false-positives-ryan-stolte-bay-dynamics\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/04\/w-2-and-false-positives-Mod.jpg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/04\/w-2-and-false-positives-Mod.jpg\",\"width\":800,\"height\":400,\"caption\":\"Why You Need Better Cybersecurity Audits (and Audit Practices)\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/4-questions-w-2s-false-positives-ryan-stolte-bay-dynamics\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/security-information-event-management\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"4 Questions on W-2s and Security False Positives with Ryan Stolte of Bay Dynamics\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#website\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/\",\"name\":\"Best Information Security SIEM Tools, Software, Solutions &amp; Vendors\",\"description\":\"Buyer&#039;s Guide and Best Practices\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/security-information-event-management\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\",\"name\":\"Ben Canner\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"caption\":\"Ben Canner\"},\"description\":\"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/author\/bcanner\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"4 Questions on Security False Positives with Ryan Stolte of Bay Dynamics","description":"To learn more about how enterprise IT cybersecurity teams can deal with false positives, we spoke with Ryan Stolte, Co-Founder & CTO of Bay Dynamics.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/security-information-event-management\/4-questions-w-2s-false-positives-ryan-stolte-bay-dynamics\/","og_locale":"en_US","og_type":"article","og_title":"4 Questions on Security False Positives with Ryan Stolte of Bay Dynamics","og_description":"To learn more about how enterprise IT cybersecurity teams can deal with false positives, we spoke with Ryan Stolte, Co-Founder & CTO of Bay Dynamics.","og_url":"https:\/\/solutionsreview.com\/security-information-event-management\/4-questions-w-2s-false-positives-ryan-stolte-bay-dynamics\/","og_site_name":"Best Information Security SIEM Tools, Software, Solutions &amp; Vendors","article_published_time":"2018-04-10T16:17:02+00:00","og_image":[{"width":800,"height":400,"url":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/04\/w-2-and-false-positives-Mod.jpg","type":"image\/jpeg"}],"author":"Ben Canner","twitter_misc":{"Written by":"Ben Canner","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/4-questions-w-2s-false-positives-ryan-stolte-bay-dynamics\/","url":"https:\/\/solutionsreview.com\/security-information-event-management\/4-questions-w-2s-false-positives-ryan-stolte-bay-dynamics\/","name":"4 Questions on Security False Positives with Ryan Stolte of Bay Dynamics","isPartOf":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/4-questions-w-2s-false-positives-ryan-stolte-bay-dynamics\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/4-questions-w-2s-false-positives-ryan-stolte-bay-dynamics\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/04\/w-2-and-false-positives-Mod.jpg","datePublished":"2018-04-10T16:17:02+00:00","dateModified":"2018-04-10T16:17:02+00:00","author":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541"},"description":"To learn more about how enterprise IT cybersecurity teams can deal with false positives, we spoke with Ryan Stolte, Co-Founder & CTO of Bay Dynamics.","breadcrumb":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/4-questions-w-2s-false-positives-ryan-stolte-bay-dynamics\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/security-information-event-management\/4-questions-w-2s-false-positives-ryan-stolte-bay-dynamics\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/4-questions-w-2s-false-positives-ryan-stolte-bay-dynamics\/#primaryimage","url":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/04\/w-2-and-false-positives-Mod.jpg","contentUrl":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/04\/w-2-and-false-positives-Mod.jpg","width":800,"height":400,"caption":"Why You Need Better Cybersecurity Audits (and Audit Practices)"},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/4-questions-w-2s-false-positives-ryan-stolte-bay-dynamics\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/security-information-event-management\/"},{"@type":"ListItem","position":2,"name":"4 Questions on W-2s and Security False Positives with Ryan Stolte of Bay Dynamics"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#website","url":"https:\/\/solutionsreview.com\/security-information-event-management\/","name":"Best Information Security SIEM Tools, Software, Solutions &amp; Vendors","description":"Buyer&#039;s Guide and Best Practices","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/security-information-event-management\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541","name":"Ben Canner","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","caption":"Ben Canner"},"description":"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.","url":"https:\/\/solutionsreview.com\/security-information-event-management\/author\/bcanner\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts\/1447"}],"collection":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/users\/41"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/comments?post=1447"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts\/1447\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/media\/1448"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/media?parent=1447"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/categories?post=1447"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/tags?post=1447"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}