{"id":190,"date":"2012-08-16T08:48:00","date_gmt":"2012-08-16T15:48:00","guid":{"rendered":"http:\/\/marcbook.local\/wds\/playground\/cybertrust\/2012\/08\/16\/threat-modeling-from-the-front-lines\/"},"modified":"2023-08-07T16:13:33","modified_gmt":"2023-08-07T23:13:33","slug":"threat-modeling-from-the-front-lines","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2012\/08\/16\/threat-modeling-from-the-front-lines\/","title":{"rendered":"Threat Modeling from the Front Lines"},"content":{"rendered":"<p><span style=\"font-family: Calibri; font-size: small;\">During my first 7 years at Microsoft, I spent most of my time working on security features such as access control, authentication, cryptography and so on. The next 12 years were spent in product groups and the Security Development Lifecycle (<\/span><a href=\"http:\/\/www.microsoft.com\/sdl\"><span style=\"color: #0000ff; font-family: Calibri; font-size: small;\">SDL<\/span><\/a><span style=\"font-size: small;\"><span style=\"font-family: Calibri;\">) team working on software design, development and testing practices across the company in order to help defend against security threats. The past year was a big change for me, as I am now working directly with Microsoft customers helping them implement security software development practices based on the SDL. One of the most valuable and important SDL practices is threat modeling which is a systematic way to find design-level security and privacy weaknesses in a system. It also helps guide a designer or architect to determine the correct mitigation(s) to use to reduce the overall risk to a system and the data.<\/span><\/span><\/p>\n<p><span style=\"font-size: small;\"><span style=\"font-family: Calibri;\">Threat modeling applies equally well to both development projects and design\/implementation projects for existing software products.\u00a0 <\/span><\/span><\/p>\n<p><span style=\"font-size: small;\"><span style=\"font-family: Calibri;\">If you already know about threat modeling, then skip to the section titled, \u201cIn the Wild.\u201d<\/span><\/span><\/p>\n<h1><span style=\"color: #365f91;\"><span style=\"font-family: Cambria;\">What is Threat Modeling?<\/span><\/span><\/h1>\n<p><span style=\"font-size: small;\"><span style=\"font-family: Calibri;\">As I mentioned, threat modeling helps you uncover potential insecure design issues in a system. The process of building a threat model is straightforward, and involves identifying the core elements of the system such as the processes, the data storage systems, how the data flows through the system and the external entities that interact with the system. Once this is known, the list of potential threats is automatically determined using the STRIDE mnemonic. The elements of STRIDE are:<\/span><\/span><\/p>\n<p><span style=\"font-size: small;\"><span style=\"font-family: Calibri;\">S \u2013 Spoofing. The ability to pose as someone or something else.<\/span><\/span><\/p>\n<p><span style=\"font-size: small;\"><span style=\"font-family: Calibri;\">T \u2013 Tampering. The unauthorized ability to change something.<\/span><\/span><\/p>\n<p><span style=\"font-size: small;\"><span style=\"font-family: Calibri;\">R \u2013 Repudiation. The ability to disavow a transaction.<\/span><\/span><\/p>\n<p><span style=\"font-size: small;\"><span style=\"font-family: Calibri;\">I \u2013 Information Disclosure. The unauthorized ability to view something.<\/span><\/span><\/p>\n<p><span style=\"font-size: small;\"><span style=\"font-family: Calibri;\">D \u2013 Denial of service. The ability to degrade service.<\/span><\/span><\/p>\n<p><span style=\"font-size: small;\"><span style=\"font-family: Calibri;\">E \u2013 Elevation of privilege. The ability to elevate capabilities.<\/span><\/span><\/p>\n<p><span style=\"font-size: small;\"><span style=\"font-family: Calibri;\">Think of STRIDE as CIA (Confidentiality, Integrity and Availability) but more fine-grained, and from an attacker\u2019s viewpoint. <\/span><\/span><\/p>\n<p><span style=\"font-size: small;\"><span style=\"font-family: Calibri;\">Elements in the application diagram are subject to various STRIDE categories. For example a data flow between two processes (think: web browser to web server, or web server to database server) is subject to T, I &amp; D. The next step is to determine which of these threats are a real risk. For example, do you care if an attacker can view (Information Disclosure) the data on the wire that flows from the web server to the web browser? If the answer is \u2018Yes\u2019 then that threat must be mitigated, and the way \u2018I\u2019 threats are mitigated is with confidentiality techniques such as access control policies or encryption. At this point, the appropriate mitigation is selected. This often requires using defenses and mitigations specified in the enterprise architecture.<\/span><\/span><\/p>\n<p><span style=\"font-size: small;\"><span style=\"font-family: Calibri;\">This process continues until all STRIDE elements for each application diagram element are addressed.<\/span><\/span><\/p>\n<h1><span style=\"color: #365f91;\"><span style=\"font-family: Cambria;\">In the Wild<\/span><\/span><\/h1>\n<p><span style=\"font-size: small;\"><span style=\"font-family: Calibri;\">The last nine months or so has seen me spend most of my time with our customers, and in every engagement we have built one or more threat models. I thought it would be worthwhile to explain some of the things I\u2019ve learned from building threat models outside of Microsoft product groups.<\/span><\/span><\/p>\n<h2><span style=\"font-size: medium;\"><span style=\"color: #4f81bd;\"><span style=\"font-family: Cambria;\">Observation One: You WILL find Vulnerabilities<\/span><\/span><\/span><\/h2>\n<p><span style=\"font-size: small;\"><span style=\"font-family: Calibri;\">In every engagement, bar none, we have found insecure design issues that could render a system vulnerable to attack and compromise. <\/span><\/span><\/p>\n<p><span style=\"font-size: small;\"><span style=\"font-family: Calibri;\">For example, when building a threat model for a law enforcement organization last year, the client said, \u201cWe know we have an issue, let\u2019s see if the threat modeling process can find it.\u201d The issue was uncovered in 20 minutes in the threat modeling session, and we found three more issues! <\/span><\/span><\/p>\n<p><span style=\"font-size: small;\"><span style=\"font-family: Calibri;\">In another example, we uncovered a very serious vulnerability. This customer had a system that used devices to monitor critical infrastructure. The data flow between their monitoring system and the remote devices was subject to tampering (T) and information disclosure (I) threats, but those threats were addressed using cryptographic means. The remote devices are subject to all the STRIDE threats because processes are subject to S, T, R, I, D and E threats. Let\u2019s look at \u2018S\u2019 \u2013 spoofing. The devices can be spoofed. In other words an attacker could replace a valid device with a rogue device, and the rogue device could continue to send back \u201cSystem Nominal\u201d signals to the central monitoring system while the critical infrastructure being monitored is attacked. You have probably seen scenarios like this in the movies! Clearly this is a real threat that must be mitigated. But there was no good mitigation being used by the system. Spoofing threats are mitigated with authentication, but there was no device authentication whatsoever in this system. The channel was encrypted between the two end-points, so the monitoring system had private communication with, well, something! <\/span><\/span><\/p>\n<p><span style=\"font-size: small;\"><span style=\"font-family: Calibri;\">I have plenty more stories like this!\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span><\/p>\n<h2><span style=\"font-size: medium;\"><span style=\"color: #4f81bd;\"><span style=\"font-family: Cambria;\">Observation Two: Threat Modeling is Easy<\/span><\/span><\/span><\/h2>\n<p><span style=\"font-size: small;\"><span style=\"font-family: Calibri;\">Every customer I have worked with falls into one of two camps: the first has never used or heard of threat modeling, the second has built one or more threat models, and found it too hard. The good news is threat modeling is easy! If it\u2019s hard, you\u2019re doing it wrong.<\/span><\/span><\/p>\n<p><span style=\"font-size: small;\"><span style=\"font-family: Calibri;\">A customer I am working with told me they had abandoned threat modeling because it was a waste of time owing to the investment involved. It was too complex, too time-consuming and provided little benefit. When I looked at what they were doing, they were drilling down to a FUNCTION CALL level! Remember, threat modeling is a design-phase task, not an implementation-phase task. You don\u2019t need to go to a function call depth<\/span><\/span><\/p>\n<p><span style=\"font-size: small;\"><span style=\"font-family: Calibri;\">After a little re-education, we spent a mere 45 minutes building a threat model for a critical application, and we uncovered three unmitigated issues. The customer is now a believer, and they now require threat models for all new applications.<\/span><\/span><\/p>\n<h2><span style=\"font-size: medium;\"><span style=\"color: #4f81bd;\"><span style=\"font-family: Cambria;\">Observation Three: Everyone is messing up SSL\/TLS!<\/span><\/span><\/span><\/h2>\n<p><span style=\"font-size: small;\"><span style=\"font-family: Calibri;\">I know this isn\u2019t a true threat modeling topic, but the answer to many people\u2019s threats seems to be \u201cwe use SSL\/TLS\u201d which unfortunately is rarely the correct mitigation for many threats. The problems arise when developers build a system and use SSL\/TLS programmatically. SSL\/TLS isn\u2019t simple, there are many details programmers must bake into their code to check that SSL\/TLS and the certificate used by the server and potentially the client are correct to fully mitigate threats such as information disclosure and spoofing. <\/span><\/span><\/p>\n<p><span style=\"font-size: small;\"><span style=\"font-family: Calibri;\">Getting SSL\/TLS wrong in code may not seem like a big deal, but it really is, especially if you want to design a robust and secure system.<\/span><\/span><\/p>\n<h2><span style=\"font-size: medium;\"><span style=\"color: #4f81bd;\"><span style=\"font-family: Cambria;\">So What Should You Do?<\/span><\/span><\/span><\/h2>\n<p><span style=\"font-family: Calibri; font-size: small;\">If you want to learn more about threat modeling, take a look at the <\/span><a href=\"https:\/\/www.microsoft.com\/en-us\/securityengineering\/sdl\/\"><span style=\"color: #0000ff; font-family: Calibri; font-size: small;\">design section of the SDL web site<\/span><\/a><span style=\"font-size: small;\"><span style=\"font-family: Calibri;\">. If you want learn EVEN MORE please feel free to leave a note below and we can get in touch. <\/span><\/span><\/p>\n<p>Michael Howard,<\/p>\n<p>Principal Cybersecurity Architect<\/p>\n<div style=\"clear: both;\"><\/div>\n","protected":false},"excerpt":{"rendered":"<p>During my first 7 years at Microsoft, I spent most of my time working on security features such as access control, authentication, cryptography and so on. The next 12 years were spent in product groups and the Security Development Lifecycle (SDL) team working on software design, development and testing practices across the company in order [&hellip;]<\/p>\n","protected":false},"author":61,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ep_exclude_from_search":false,"_classifai_error":"","footnotes":""},"content-type":[3662],"topic":[3683],"products":[],"threat-intelligence":[],"tags":[3898,3822],"coauthors":[3640],"class_list":["post-190","post","type-post","status-publish","format-standard","hentry","content-type-news","topic-security-management","tag-elevation-of-privilege","tag-microsoft-security-insights"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Threat Modeling from the Front Lines | Microsoft Security Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2012\/08\/16\/threat-modeling-from-the-front-lines\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Threat Modeling from the Front Lines | Microsoft Security Blog\" \/>\n<meta property=\"og:description\" content=\"During my first 7 years at Microsoft, I spent most of my time working on security features such as access control, authentication, cryptography and so on. The next 12 years were spent in product groups and the Security Development Lifecycle (SDL) team working on software design, development and testing practices across the company in order [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2012\/08\/16\/threat-modeling-from-the-front-lines\/\" \/>\n<meta property=\"og:site_name\" content=\"Microsoft Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2012-08-16T15:48:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-08-07T23:13:33+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-microsoft_logo_element.png\" \/>\n\t<meta property=\"og:image:width\" content=\"512\" \/>\n\t<meta property=\"og:image:height\" content=\"512\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Michael Howard\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Michael Howard\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2012\/08\/16\/threat-modeling-from-the-front-lines\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2012\/08\/16\/threat-modeling-from-the-front-lines\/\"},\"author\":[{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/michael-howard\/\",\"@type\":\"Person\",\"@name\":\"Michael Howard\"}],\"headline\":\"Threat Modeling from the Front Lines\",\"datePublished\":\"2012-08-16T15:48:00+00:00\",\"dateModified\":\"2023-08-07T23:13:33+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2012\/08\/16\/threat-modeling-from-the-front-lines\/\"},\"wordCount\":1156,\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"keywords\":[\"Elevation of privilege\",\"Microsoft Security Insights\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2012\/08\/16\/threat-modeling-from-the-front-lines\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2012\/08\/16\/threat-modeling-from-the-front-lines\/\",\"name\":\"Threat Modeling from the Front Lines | Microsoft Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\"},\"datePublished\":\"2012-08-16T15:48:00+00:00\",\"dateModified\":\"2023-08-07T23:13:33+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2012\/08\/16\/threat-modeling-from-the-front-lines\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2012\/08\/16\/threat-modeling-from-the-front-lines\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2012\/08\/16\/threat-modeling-from-the-front-lines\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Threat Modeling from the Front Lines\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"name\":\"Microsoft Security Blog\",\"description\":\"Expert coverage of cybersecurity topics\",\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\",\"name\":\"Microsoft Security Blog\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"width\":512,\"height\":512,\"caption\":\"Microsoft Security Blog\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Threat Modeling from the Front Lines | Microsoft Security Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2012\/08\/16\/threat-modeling-from-the-front-lines\/","og_locale":"en_US","og_type":"article","og_title":"Threat Modeling from the Front Lines | Microsoft Security Blog","og_description":"During my first 7 years at Microsoft, I spent most of my time working on security features such as access control, authentication, cryptography and so on. The next 12 years were spent in product groups and the Security Development Lifecycle (SDL) team working on software design, development and testing practices across the company in order [&hellip;]","og_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2012\/08\/16\/threat-modeling-from-the-front-lines\/","og_site_name":"Microsoft Security Blog","article_published_time":"2012-08-16T15:48:00+00:00","article_modified_time":"2023-08-07T23:13:33+00:00","og_image":[{"width":512,"height":512,"url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-microsoft_logo_element.png","type":"image\/png"}],"author":"Michael Howard","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Michael Howard","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2012\/08\/16\/threat-modeling-from-the-front-lines\/#article","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2012\/08\/16\/threat-modeling-from-the-front-lines\/"},"author":[{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/michael-howard\/","@type":"Person","@name":"Michael Howard"}],"headline":"Threat Modeling from the Front Lines","datePublished":"2012-08-16T15:48:00+00:00","dateModified":"2023-08-07T23:13:33+00:00","mainEntityOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2012\/08\/16\/threat-modeling-from-the-front-lines\/"},"wordCount":1156,"publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"keywords":["Elevation of privilege","Microsoft Security Insights"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2012\/08\/16\/threat-modeling-from-the-front-lines\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2012\/08\/16\/threat-modeling-from-the-front-lines\/","name":"Threat Modeling from the Front Lines | Microsoft Security Blog","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website"},"datePublished":"2012-08-16T15:48:00+00:00","dateModified":"2023-08-07T23:13:33+00:00","breadcrumb":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2012\/08\/16\/threat-modeling-from-the-front-lines\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.microsoft.com\/en-us\/security\/blog\/2012\/08\/16\/threat-modeling-from-the-front-lines\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2012\/08\/16\/threat-modeling-from-the-front-lines\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/"},{"@type":"ListItem","position":2,"name":"Threat Modeling from the Front Lines"}]},{"@type":"WebSite","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","name":"Microsoft Security Blog","description":"Expert coverage of cybersecurity topics","publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization","name":"Microsoft Security Blog","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","width":512,"height":512,"caption":"Microsoft Security Blog"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/"}}]}},"msxcm_display_generated_audio":false,"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Microsoft Security Blog","distributor_original_site_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog","push-errors":false,"_links":{"self":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/190"}],"collection":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/users\/61"}],"replies":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/comments?post=190"}],"version-history":[{"count":0,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/190\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/media?parent=190"}],"wp:term":[{"taxonomy":"content-type","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/content-type?post=190"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/topic?post=190"},{"taxonomy":"products","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/products?post=190"},{"taxonomy":"threat-intelligence","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/threat-intelligence?post=190"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/tags?post=190"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/coauthors?post=190"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}