{"id":4641,"date":"2023-07-31T20:27:00","date_gmt":"2023-07-31T20:27:00","guid":{"rendered":"http:\/\/www.sumologic.com\/blog\/sec-cybersecurity-disclosure-rules"},"modified":"2025-06-17T10:07:42","modified_gmt":"2025-06-17T18:07:42","slug":"sec-cybersecurity-disclosure-rules","status":"publish","type":"blog","link":"https:\/\/www.sumologic.com\/blog\/sec-cybersecurity-disclosure-rules","title":{"rendered":"The SEC&#8217;s new cybersecurity disclosure rules &#8211; are you ready?"},"content":{"rendered":"\n<section class=\"e-stn e-stn-0d652506f82b000a392973813b918ee25d5b4211 e-stn--glossary-inner-content e-stn--table-of-content\"><div class=\"container\">\n<div class=\"wp-block-b3rg-row e-row row\">\n<div class=\"wp-block-b3rg-column e-col e-col-1f7b3997080fc292474d26ff00c905d99d3520fa e-col--content-wrapper  col-sm-12 col-lg-12 col-xl-12\">\n<div class=\"e-div e-div-a1b32f66e1749758df41d5aea14f647cd10e362c e-div--card-btn-link\"><div class=\"e-img \">\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1400\" height=\"400\" src=\"http:\/\/www.sumologic.com\/wp-content\/uploads\/SEC-passed-new-cybersecurity-rules-header-1.png\" alt=\"SEC rules on cybersecurity disclosure\" class=\"wp-image-4640\" title=\"\"><\/figure>\n<\/div>\n\n\n<p><\/p>\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-a53b03b5468f20b48afc516e365c24fc\">The U.S. Securities and Exchange Commission (SEC) announced <a href=\"https:\/\/www.sec.gov\/news\/press-release\/2023-139\" target=\"_blank\" rel=\"noopener\">new regulations<\/a> for public companies requiring them to disclose a \u201cmaterial cybersecurity incident\u201d via formal report due four business days after a company determines that a cybersecurity incident is material. This is <a href=\"https:\/\/www.infosecurity-magazine.com\/news\/sec-cyberincident-disclosure-four\/\" target=\"_blank\" rel=\"noopener\">creating a lot of buzz<\/a>, with companies worried if they will be prepared.<br><\/p>\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-bcd625facbec499654948ba7a7d7e328\">But something else folks aren\u2019t focusing on is the SEC will require companies to provide annual ongoing disclosure on their \u201ccybersecurity risk management, strategy, and governance\u201d. Whether or not you work in security for a public company, your customers and vendors could be affected. <\/p>\n\n\n\n<h2 class=\"wp-block-heading has-eigengrau-color has-text-color has-link-color wp-elements-1f98ed961f91219d9e42cc50b5c341ab\" id=\"understanding_recent_developments\">Understanding recent developments<\/h2>\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-a6b52973ef41efbc64b7077e46715203\"><a href=\"https:\/\/www.sumologic.com\/glossary\/cyber-security\/\">Cybersecurity<\/a> <a href=\"https:\/\/www.sumologic.com\/blog\/australia-privacy-legislation-cybersecurity\/\">regulations<\/a> and <a href=\"https:\/\/www.sumologic.com\/blog\/how-sumo-logic-helps-you-comply-with-the-cert-in-directions-2022\/\">requirements<\/a> constantly evolve to address the ever-changing cyber threat landscape. And that\u2019s a good thing. But with so many different regulatory bodies and frameworks to abide by, let\u2019s unpack what the SEC is saying and why companies are concerned.<\/p>\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-544f7c49983ac31995c2b5f504b2e568\">The SEC is responsible for regulating and overseeing the securities industry, including stock and options exchanges. Cybersecurity regulations issued by the SEC are purposefully designed to enhance the protection of sensitive and confidential information held by companies and financial institutions. These critical regulations aim to safeguard the integrity of financial markets and protect investors from cyber threats.<\/p>\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-a9cebb7cda4e946736c11e5b0b9ddb66\">As you may expect, publicly-traded companies get worried whenever regulations change and most of them can identify with any one (or all) of these challenges and concerns:<br><\/p>\n\n\n\n<ul>\n<li dir=\"ltr\">\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-b5f0b85e3b2dc78393910039d53f2c5c\"><strong>Compliance requirements:<\/strong> Companies must comply with the SEC&#8217;s cybersecurity regulations, and failure to do so can result in significant fines, penalties, or legal actions. Non-compliance may also harm a company&#8217;s reputation and shareholder trust.<\/p>\n\n\n\n<\/li>\n<li dir=\"ltr\">\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-01bbe60a568c88c4c9f3f2a6eee5964a\"><strong>Cybersecurity risks:<\/strong> As cyber threats evolve and become more sophisticated, companies worry about their ability to adequately protect sensitive data, financial assets, and critical systems from cyberattacks and data incidents.<\/p>\n\n\n\n<\/li>\n<li dir=\"ltr\">\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-2fe6cee566251c1d4ee999dce5d3d727\"><strong>Cost of implementation:<\/strong> Implementing robust cybersecurity measures can be costly, especially for smaller companies with limited resources. Compliance with new regulations may require investments in technology, staff training, and regular security audits.<\/p>\n\n\n\n<\/li>\n<li dir=\"ltr\">\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-cd4f57dde79118acfaa318b0aa8dc1d3\"><strong>Reputation and investor confidence:<\/strong> A cybersecurity incident can lead to reputational damage and erode investor confidence. Companies understand that losing customer trust and shareholder value can have long-lasting effects.<\/p>\n\n\n\n<\/li>\n<li dir=\"ltr\">\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-14d63f46549b2dbf87b9765f64aa785e\"><strong>Potential legal liability:<\/strong> In a cybersecurity incident, companies may face legal liabilities and potential lawsuits from affected customers or investors, further impacting their financial stability.<\/p>\n\n\n\n<\/li>\n<li dir=\"ltr\">\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-2d5d954a919b8e7daa2a0ff7aacbb842\"><strong>The complexity of regulation:<\/strong> Some companies may need help to interpret and comply with complex regulatory requirements, leading to potential mistakes and vulnerabilities.<\/p>\n\n\n\n<\/li>\n<\/ul>\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-bd9296be3488eea8b5177c26b684ddde\">So to address these concerns to date, companies often invest in comprehensive cybersecurity strategies, hire cybersecurity experts, conduct regular risk assessments, and implement robust security measures to safeguard their digital assets and sensitive data. Additionally, they may seek guidance from cybersecurity consultants and legal experts to ensure compliance with relevant regulations.<\/p>\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-16c392295dab639d2bc690cc29f83f01\">With this recent SEC <a href=\"https:\/\/www.sec.gov\/files\/33-11216-fact-sheet.pdf\" target=\"_blank\" rel=\"noopener\">ruling<\/a>, the SEC has adopted requirements around \u201cdisclosure of material cybersecurity incidents on Form 8-K and periodic disclosure of a registrant\u2019s cybersecurity risk management, strategy, and governance in annual reports.\u201d These new rules will require companies to disclose via an updated 8-K form whether they determined any cybersecurity incident to be material. They also have to describe the material aspects of the incident&#8217;s \u201cnature, scope, and timing, as well as its material impact or reasonably likely material impact on the registrant.\u201d<br><\/p>\n\n\n\n<h2 class=\"wp-block-heading has-eigengrau-color has-text-color has-link-color wp-elements-5ea7c3fd9c9246ec2858987ea34f7e69\" id=\"this_is_the_way\">This is the way<\/h2>\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-331fb3f053ebb5eb6e03819e9ea3664d\">Traditionally, the steps to disclose material cybersecurity incidents and the tools and processes used can vary depending on the organization, their industry, and the nature of the event, but here are some common steps and practices you likely know all too well:<br><\/p>\n\n\n\n<ol>\n<li dir=\"ltr\">Detection and confirmation\n<ol type=\"a\">\n<li dir=\"ltr\">\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-76b877eeded47aa9efe1395ba0101b0e\">Detect the incident: Use monitoring tools, intrusion detection systems (IDS), intrusion prevention systems (IPS), <a href=\"https:\/\/www.sumologic.com\/glossary\/siem\/\">security information and event management (<\/a><a href=\"https:\/\/www.sumologic.com\/guides\/siem\" data-type=\"resource\" data-id=\"3026\">SIEM<\/a><a href=\"https:\/\/www.sumologic.com\/glossary\/siem\/\">)<\/a> solutions, or other security mechanisms to detect potential cybersecurity incidents.<\/p>\n\n\n\n<\/li>\n<li dir=\"ltr\">\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-016919704348a348c53b134af9f69aa3\">Confirm the incident: Conduct a thorough investigation to validate the cybersecurity incident and assess its scope and impact.<\/p>\n\n\n\n<\/li>\n<\/ol>\n<\/li>\n<li dir=\"ltr\">Initial response\n<ol type=\"a\">\n<li dir=\"ltr\">\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-25ef944d1cc1c570040f5512f0f41833\">Activate <a href=\"https:\/\/www.sumologic.com\/glossary\/incident-response\/\">incident response<\/a> plan: Organizations should have a well-defined incident response plan (IRP) in place. The IRP outlines the roles, responsibilities, and actions to be taken during an incident.<\/p>\n\n\n\n<\/li>\n<li dir=\"ltr\">\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-1a49c1597924d79c2d03465956c68204\">Assemble the incident response team: Bring together a cross-functional team, including IT, security, legal, public relations, and management representatives.<\/p>\n\n\n\n<\/li>\n<\/ol>\n<\/li>\n<li dir=\"ltr\">Containment\n<ol type=\"a\">\n<li dir=\"ltr\">\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-62274d7a18f022a49542354b39981676\">Isolate affected systems: Prevent further spread of the incident by isolating affected systems from the network to limit the attacker&#8217;s lateral movement.<\/p>\n\n\n\n<\/li>\n<li dir=\"ltr\">\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-07a26f7104e5ea311bd5983584c7951a\">Implement temporary fixes: Apply temporary patches or mitigations to prevent the incident from worsening.<\/p>\n\n\n\n<\/li>\n<\/ol>\n<\/li>\n<li dir=\"ltr\">Forensics and analysis\n<ol type=\"a\">\n<li dir=\"ltr\">\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-022cffdbe0cf07818e00bba450910667\">Preserve evidence: Ensure the preservation of digital evidence for further analysis and potential legal proceedings.<\/p>\n\n\n\n<\/li>\n<li dir=\"ltr\">\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-0885a2eab97cb946479daf4084ffcde2\">Investigate the incident: Use forensic tools and techniques to determine the cause of the incident, the entry point, and the data accessed or compromised.<\/p>\n\n\n\n<\/li>\n<\/ol>\n<\/li>\n<li dir=\"ltr\">Notification and reporting\n<ol type=\"a\">\n<li dir=\"ltr\">\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-4ace72ec262698917a96a603a202fb97\">Regulatory authorities: Report the incident to relevant regulatory authorities as required by law or industry regulations.<\/p>\n\n\n\n<\/li>\n<li dir=\"ltr\">\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-73eea2f8e0d579ffb2ddb9ece01dbd48\">Affected parties: Notify affected individuals or customers whose data may have been compromised.<\/p>\n\n\n\n<\/li>\n<li dir=\"ltr\">\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-a4c7a598ceddff59aed7abc2ff34e852\">Business partners and stakeholders: Inform business partners and stakeholders about the incident.<\/p>\n\n\n\n<\/li>\n<\/ol>\n<\/li>\n<li dir=\"ltr\">Remediation\n<ol type=\"a\">\n<li dir=\"ltr\">\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-bc9247516e18a5fab22691cacad5ef19\">Remediate vulnerabilities: Address the root cause of the incident by fixing vulnerabilities and security gaps that allowed the incident to occur.<\/p>\n\n\n\n<\/li>\n<li dir=\"ltr\">\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-02c358856341a24e9c0af630150ac01e\">Update security policies: Revise security policies and procedures to prevent similar incidents in the future.<\/p>\n\n\n\n<\/li>\n<\/ol>\n<\/li>\n<li dir=\"ltr\">Monitoring and follow-up\n<ol type=\"a\">\n<li dir=\"ltr\">\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-9a19b9a503cbcb0eafbe413435e2fa2e\">Continuously monitor systems: Implement enhanced monitoring to identify any signs of recurring or new attacks.<\/p>\n\n\n\n<\/li>\n<li dir=\"ltr\">\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-0a7f2145252ce3dcaba319d0bba6601f\">Learn from the incident: Conduct a post-incident review to analyze the organization&#8217;s response and identify areas for improvement.<\/p>\n\n\n\n<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-bc6b1d94557eec601435302e609a979e\">Realize that while doing this, your security team is likely still challenged with an explosion of data, <a href=\"https:\/\/www.sumologic.com\/blog\/how-using-cloud-siem-dashboards-and-metrics-for-daily-standups-improves-soc-efficiency\/\">alert fatigue<\/a>, working with tools that weren\u2019t built for the cloud, and ongoing personnel gaps. I bet most organizations are already working with a lean security team, and they have many requirements to fulfill. Adding to the existing mission of incident detection and response, now the team feels the crushing pressure to perform to this new SEC rigor that\u2019s established. The level of scrutiny and burden of responsibility to the business just got cranked up to 11.<br><\/p>\n\n\n\n<h2 class=\"wp-block-heading has-eigengrau-color has-text-color has-link-color wp-elements-9c367c30cc47178d5507c1d0eded8f8f\" id=\"missing_the_time_element\">Missing the time element<\/h2>\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-92c52e164fbe3c7a2163f6988217d5a4\">Organizations have adapted their incident reporting and response processes based on their own needs and requirements, typically based on the best practices above. But take a moment to breathe all that in and appreciate all the complexity and coordination involved for success.<\/p>\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-3b899c1b8f75f7b0c665ad539dcd2856\">Now couple that with the fact that until now, there was no specific federal law in the United States that mandated a <strong>specific<\/strong> <strong>timeframe<\/strong> for publicly traded companies to report material cybersecurity incidents to the public or regulatory authorities. Well, unless you count SOX regulations that articulate a <strong>subjective<\/strong> <strong>timeframe<\/strong> of \u201crapid and current\u201d in that federal regulation\u2019s section 409. <\/p>\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-c5cc42dad27e52b09eff5f46848a13bd\">This timeframe from the SEC is specific. But when does the clock for the SEC actually start?<br><\/p>\n\n\n\n<h2 class=\"wp-block-heading has-eigengrau-color has-text-color has-link-color wp-elements-85aedeb5850fe597bd6f9143e829295b\" id=\"what_exactly_is_\u2018materiality\u2019?\">What exactly is \u2018materiality\u2019?<\/h2>\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-42d88e8d61be9dd531b0f31ecdc788f9\">Technically, a company could investigate indicators of attack or compromise as they determine whether something is considered material. And this is well before this new four-day clock has even started. This will test not only your governance but also your detection tools and workflows that you have put in place to determine whether a cyber incident has occurred.<\/p>\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-ee329d0ef6c5eb51305800573acd763e\">The first company that gets its hand slapped for not disclosing a \u201cmaterial\u201d incident will help the SEC zero in on what \u201cmaterial\u201d means. And that will further define what incidents are included or in scope. Then other companies will be better aware of what that definition is, but will soon realize they will be held to this new definition.<br><\/p>\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-e7e51bf2d72c1f6450f02000a0648334\">Although not mentioned specifically by the SEC, most security folks know that fines will likely be announced shortly and will be in the millions of dollars. The SEC menu of punishments for failing to abide by their rules could be broad. So it will be interesting to see what the depth and breadth of fines will look like.<\/p>\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-b2ef0d95f1b9335614cbaa734e120c9e\">Here are just a couple examples of how tough this materiality decision might be:<\/p>\n\n\n\n<ul>\n<li dir=\"ltr\">\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-7fdc3374f9f23dc2efde246b266c0545\"><strong>Losing or exposing secrets publicly in an open-source library (i.e., API keys):<\/strong> Maybe that\u2019s material, depending on where those keys were providing programmatic access to.<\/p>\n\n\n\n<\/li>\n<li dir=\"ltr\">\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-3302e5560b18cd81b877a7a3dfbdf6b2\"><strong>CEO laptop was lost\/stolen but had a live session still logged in (i.e., SSO):<\/strong> Sure, that\u2019s material, depending on how that laptop is now used. Could it impact your investors? Maybe. Will it? Maybe not.<\/p>\n\n\n\n<\/li>\n<li dir=\"ltr\">\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-fbfd94d8ad818936ce804306c13e476c\"><strong>You detected a DDoS attack against your cloud-native retail application and the system wasn\u2019t available for 5 minutes:<\/strong> Is that material? Maybe not. How about 3 days? Likely material due to the financial impact.<\/p>\n\n\n\n<\/li>\n<\/ul>\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-10c7908d4d4f8b222cb656825e52349a\">Who owns the math or calculation of materiality? It\u2019s all subjective and that\u2019s why we will need our security community to help define these issues. Even more stakeholders and shareholders will expect to be notified, including the SEC.<br><\/p>\n\n\n\n<h2 class=\"wp-block-heading has-eigengrau-color has-text-color has-link-color wp-elements-5debe54f46d853d49e6877c1d8d5a63f\" id=\"gotta_be_a_better_way\">Gotta be a better way<\/h2>\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-8e773219ae865fa059954f8dd7197c49\">Your organization needs to collect all of your security log data quickly, efficiently, and in a central area to ensure you have accurate information coming in. You also need to have all of those security detection and response capabilities mentioned above in place with a trained staff and an operable plan. And the company needs to be prepared to quickly and clearly communicate across a broad swath of non-technical stakeholders (e.g., finance, legal, board of directors, etc.) to help weigh in on the materiality question.<\/p>\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-f0095619704c96f13d09825e56ffb2e9\">According to George Gerchow, CSO and SVP of IT at Sumo Logic, \u201cConsumers are losing confidence that public companies are reporting when a breach actually occurs. The new SEC regulations are a great step forward to protect customers and the investment community.\u201d <\/p>\n\n\n\n<blockquote>\n<p>One of the biggest hurdles companies will need to deal with is figuring out if something is a true incident or not. What is the tipping point to say this is an actual breach, and when does it meet the mark for when we report it? This doesn\u2019t just fall on the CSO anymore, this affects the entire working group and bottom line. Especially now with the cloud, it will be harder to discover that tipping point. Companies must implement new solutions to help remain compliant.<\/p>\n<\/blockquote>\n\n\n\n<h2 class=\"wp-block-heading has-eigengrau-color has-text-color has-link-color wp-elements-de1c1b2b8842d93d77dee2268a05fb9b\" id=\"when_simpler_is_faster\">When simpler is faster<\/h2>\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-7ae56294ddb488e36a5d7bac2b3c251a\">When it comes to cybersecurity, it all comes down to the logs. It\u2019s the first place to go if a company suspects a cyber incident. <a href=\"https:\/\/www.sumologic.com\/guides\/log-analytics\/\">Read our guide<\/a> to log analytics to learn how it helps&nbsp;improve app performance and security.&nbsp;With your existing security tooling in place all feeding their logs to Sumo Logic\u2019s cloud-native SaaS platform, you can quickly determine the scope and severity of an incident using our <a href=\"https:\/\/www.sumologic.com\/solutions\/cloud-siem\/\">Cloud SIEM<\/a> and advanced analytics. <\/p>\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-a40f2b4a90fa6237d44f92979bec6dec\">In particular, our <a href=\"https:\/\/sumo-logic.wistia.com\/medias\/h8qctolngx\" target=\"_blank\" rel=\"noreferrer noopener\">Entity Relationship Graph<\/a> helps security analysts understand the scope of the detected threat. With built-in dashboards\/reporting and automated notifications, your entire organization can quickly get the information they need to begin to determine the materiality of your cybersecurity incident.<\/p>\n\n\n\n<p class=\"has-delft-blue-color has-text-color has-link-color wp-elements-0aaea7b0f9c6168844b3167a05884eff\"><a href=\"https:\/\/www.sumologic.com\/solutions\/audit-compliance\/\">Learn more<\/a> about Sumo Logic\u2019s capabilities so that you don\u2019t need to worry about the latest SEC rules or any other regulations that may expand or change.<br><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div><\/section>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":115,"featured_media":25791,"template":"","meta":{"_acf_changed":false,"show_custom_date":false,"custom_date":"","featured":false,"featured_image":0,"learn_more_label":"","image_alt_text":"","learn_more_type":"","show_popup":false,"learn_more_link_file":0,"event_date":false,"event_start_date":"","event_end_date":"","place_holder_image_url":"","post_reading_time":"7","notification_enabled":false,"notification_text":"","notification_logo":"","notification_expiration_time":0,"is_enable_transparent_header":false,"selected_taxonomy_terms":{"blog-category":[138,127],"blog-tag":[]},"selected_primary_terms":[],"learn_more_link":[],"featured_page_list":[],"notification_enabled_post_list":[],"_gspb_post_css":"","_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"4668,71369,71176","_relevanssi_noindex_reason":"","inline_featured_image":false,"footnotes":""},"blog-category":[138,127],"blog-tag":[],"class_list":["post-4641","blog","type-blog","status-publish","has-post-thumbnail","hentry","blog-category-compliance","blog-category-secops-security"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/blog\/4641","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/blog"}],"about":[{"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/types\/blog"}],"author":[{"embeddable":true,"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/users\/115"}],"version-history":[{"count":4,"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/blog\/4641\/revisions"}],"predecessor-version":[{"id":26861,"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/blog\/4641\/revisions\/26861"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/media\/25791"}],"wp:attachment":[{"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/media?parent=4641"}],"wp:term":[{"taxonomy":"blog-category","embeddable":true,"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/blog-category?post=4641"},{"taxonomy":"blog-tag","embeddable":true,"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/blog-tag?post=4641"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}