{"id":439,"date":"2019-11-05T18:05:00","date_gmt":"2019-11-05T18:05:00","guid":{"rendered":"https:\/\/www.cycognito.com\/blog\/?p=439"},"modified":"2024-08-02T15:03:40","modified_gmt":"2024-08-02T22:03:40","slug":"debating-cybersecurity-defenses-against-rogue-servers","status":"publish","type":"post","link":"https:\/\/www.cycognito.com\/blog\/debating-cybersecurity-defenses-against-rogue-servers\/","title":{"rendered":"Debating Cybersecurity Defenses Against Rogue Servers"},"content":{"rendered":"\n

In the world of cybersecurity, all too often it feels like \u201canother day, another unprotected asset and another breach.\u201d Last month\u2019s breach of Ecuadoran data by Novaestrat1<\/sup> stands out given that the breach seems to have affected almost the entire population of the country and an arrest has already been made2<\/sup>, but more importantly, it highlights how the introduction of IaaS+SaaS has destroyed the traditional perimeter concept upon which security has been based since the first data centers were built. A colleague and I were debating how best to configure defenses to detect a Novaestrat-esque data compromise, and we thought it worth sharing our discussion and thought process.<\/p>\n\n\n\n

A Multi-Layerer Defense Strategy <\/h2>\n\n\n\n

I\u2019ve been privileged to have worked with many Fortune 500 and federal government entities whose budgets were, in a practical sense, empowered to buy whatever made a positive impact on their defensive posture, so we didn\u2019t limit defensive selection. As a generalization, I\u2019ve seen most defenses comprised of a series of capabilities like the following:<\/p>\n\n\n\n

    \n
  1. Network Intrusion Detection Systems (IDS) deployed throughout data centers and in Amazon Web Services (AWS) using AWS port mirroring for all workloads;<\/li>\n\n\n\n
  2. Host-based IDS, antivirus (AV), and endpoint detection and response (EDR) on all traditional workstations and servers, and all cloud workloads;<\/li>\n\n\n\n
  3. Data loss prevention (DLP) at the network and host layers;<\/li>\n\n\n\n
  4. Security Information and Event Management (SIEM) solutions which gather all logs from all security defenses and apply tailored correlation rules;<\/li>\n\n\n\n
  5. Vulnerability scanning solutions, set to continuously scan all known assets all the time; and<\/li>\n\n\n\n
  6. Breach and attack (BAS) solutions, integrated with security defenses and SIEMs, and configured to constantly run to detect defense deficiencies.<\/li>\n<\/ol>\n\n\n\n

    Given the solution selection, this would pose a relatively robust environment for detecting incidents. An argument can be made about adding more tactical details like firewalls, a web application firewall, etc., but we\u2019ll use this as a baseline and a lens for discussing a Novaestrat-specific breed of breach.\u00a0<\/p>\n\n\n\n

    The Novaestrat Compromise <\/h2>\n\n\n\n

    For those unfamiliar with it, the Novaestrat compromise involved an employee unintentionally exposing an (internal) Elasticsearch server in Florida to the internet, which contained millions of personally identifiable information (PII) records to the internet. Once exposed, it simply became a matter of time before someone (friendly or otherwise) would discover the host and its data.\u00a0

    Let\u2019s break the result down security defense by security defense:<\/p>\n\n\n\n

      \n
    1. Network IDS \u2013 detects nothing, as there\u2019s no active attack inbound to, or outbound from, the server. Note the emphasis on the need for an attack to trigger a defensive response, as it is a key aspect throughout the defensive analysis.<\/li>\n\n\n\n
    2. Host IDS, AV, and EDR \u2013 assuming the server is properly managed (unlikely based on at least one misconfiguration and its accidental exposure to the internet) and has all the requisite agents on it, they\u2019ll report nothing, as there are no active attacks associated with the host.<\/li>\n\n\n\n
    3. DLP \u2013 might detect something after<\/strong> someone on the internet accesses the data, and that\u2019s assuming the DLP agent or network tool is covering the unmanaged asset; in any case, it doesn\u2019t necessarily prevent the legal entanglement unless the DLP:\n
        \n
      1. detects the data exfil,<\/li>\n\n\n\n
      2. sits inline, and <\/li>\n\n\n\n
      3. has prevention\/blocking enabled, which most organizations fear to do due to disruption of the business.<\/li>\n<\/ol>\n<\/li>\n\n\n\n
      4. SIEM \u2013 might detect something after<\/strong> someone on the internet accesses the data based on logged events from one of the defenses or the host, which again doesn\u2019t save the data from compromise.<\/li>\n\n\n\n
      5. Vulnerability Scanner \u2013 detects nothing,<\/a> as this wasn\u2019t the result of a vulnerability, and likely wouldn\u2019t be scanning the host anyway because it only scans known<\/strong> assets.<\/li>\n\n\n\n
      6. BAS \u2013 interestingly, BAS does nothing here as well, as it\u2019s designed to test network defenses (see #1 and #3 just above), and it\u2019s limited to testing the host-based defenses of a single image, not the full attack surface or assets of an organization (see #2 above regardless).<\/li>\n<\/ol>\n\n\n\n

        In sum, because the Elasticsearch server didn\u2019t have a vulnerability that exposed the data, didn\u2019t have an active attack associated with it, and couldn\u2019t have been validated by a BAS solution, the only chance an organization like Novaestrat has of catching a data breach like this is after<\/strong> an adversary on the internet sees the data.<\/p>\n\n\n\n

        Traditional Defenses and Detection Methods are Certain to Fail <\/h2>\n\n\n\n

        Despite unlimited funding, traditional defenses and detection methods are still almost certain to fail.<\/p>\n\n\n\n

        The term we\u2019re using at CyCognito to describe risks like those posed by the rogue Novaestrat server is \u201cshadow risk.\u201d Shadow risk arises from the 21st century IT ecosystem that involves partners and subsidiaries who have your data, assets you own that are exposed to the internet (from workloads in the cloud to data-center servers to routers in offices), and IaaS and SaaS providers you use in the course of business. The level of technical control varies in each case, and critically, the level of visibility you have varies, creating types of risk that are new.<\/p>\n\n\n\n

        Going back in time with the knowledge that traditional tools couldn\u2019t protect against this high-profile breach, what could an organization like Novaestrat have done to combat their shadow risk problem<\/p>\n\n\n\n

        \"\"<\/figure>\n\n\n\n

        The CyCognito platform is able to identify data exposures (as shown above) so that organizations can take action before a breach occurs.<\/p>\n\n\n\n

        To find attacker-exposed assets<\/a> like the Elasticsearch server, organizations would need something that continuously scans the entire internet looking for misconfigured assets, exposed data, default configurations and credentials, and systems with vulnerabilities and other risks. That solution would then need to take that data it discovered from all areas of the modern IT ecosystem (traditional data centers, partners, subsidiaries, IaaS, SaaS, etc.), and accurately determine what belonged to their organization. This would be a new approach that matches the new reality of distributed IT ecosystems\u2014and one that CyCognito is creating for its customers today. 

        [1]<\/em>         https:\/\/www.cnbc.com\/2019\/09\/17\/ecuador-data-breach-leaks-personal-information-for-millions-of-citizens.html<\/a>
        [2] <\/em>        https:\/\/www.zdnet.com\/article\/arrest-made-in-ecuadors-massive-data-breach\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

        Configure defenses to detect a data compromise like the Novaestrat breach that occurred when an internal Elasticsearch server was exposed to the internet.<\/p>\n","protected":false},"author":26,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-439","post","type-post","status-publish","format-standard","hentry","category-perspectives"],"yoast_head":"\nDebating Cybersecurity Defenses Against Rogue Servers | CyCognito Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.cycognito.com\/blog\/debating-cybersecurity-defenses-against-rogue-servers\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Debating Cybersecurity Defenses Against Rogue Servers | CyCognito Blog\" \/>\n<meta property=\"og:description\" content=\"Configure defenses to detect a data compromise like the Novaestrat breach that occurred when an internal Elasticsearch server was exposed to the internet.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.cycognito.com\/blog\/debating-cybersecurity-defenses-against-rogue-servers\/\" \/>\n<meta property=\"og:site_name\" content=\"CyCognito Blog\" \/>\n<meta property=\"article:published_time\" content=\"2019-11-05T18:05:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-08-02T22:03:40+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/Screen-dataexposure1019.png\" \/>\n<meta name=\"author\" content=\"CyCognito Staff\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"CyCognito Staff\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/debating-cybersecurity-defenses-against-rogue-servers\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/debating-cybersecurity-defenses-against-rogue-servers\/\"},\"author\":{\"name\":\"CyCognito Staff\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/e1e418d7d4a6d3abf5de7ef65d04da91\"},\"headline\":\"Debating Cybersecurity Defenses Against Rogue Servers\",\"datePublished\":\"2019-11-05T18:05:00+00:00\",\"dateModified\":\"2024-08-02T22:03:40+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/debating-cybersecurity-defenses-against-rogue-servers\/\"},\"wordCount\":1021,\"publisher\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/debating-cybersecurity-defenses-against-rogue-servers\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/Screen-dataexposure1019.png\",\"articleSection\":[\"Perspectives\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/debating-cybersecurity-defenses-against-rogue-servers\/\",\"url\":\"https:\/\/www.cycognito.com\/blog\/debating-cybersecurity-defenses-against-rogue-servers\/\",\"name\":\"Debating Cybersecurity Defenses Against Rogue Servers | CyCognito Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/debating-cybersecurity-defenses-against-rogue-servers\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/debating-cybersecurity-defenses-against-rogue-servers\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/Screen-dataexposure1019.png\",\"datePublished\":\"2019-11-05T18:05:00+00:00\",\"dateModified\":\"2024-08-02T22:03:40+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/debating-cybersecurity-defenses-against-rogue-servers\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.cycognito.com\/blog\/debating-cybersecurity-defenses-against-rogue-servers\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/debating-cybersecurity-defenses-against-rogue-servers\/#primaryimage\",\"url\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/Screen-dataexposure1019.png\",\"contentUrl\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/Screen-dataexposure1019.png\",\"width\":474,\"height\":414},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/debating-cybersecurity-defenses-against-rogue-servers\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.cycognito.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Debating Cybersecurity Defenses Against Rogue Servers\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#website\",\"url\":\"https:\/\/www.cycognito.com\/blog\/\",\"name\":\"Cycognito Blog\",\"description\":\"Research, Product News and Latest Updates\",\"publisher\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.cycognito.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#organization\",\"name\":\"Cycognito\",\"url\":\"https:\/\/www.cycognito.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png\",\"contentUrl\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png\",\"width\":1720,\"height\":550,\"caption\":\"Cycognito\"},\"image\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/e1e418d7d4a6d3abf5de7ef65d04da91\",\"name\":\"CyCognito Staff\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/dc81941cde3349893dfc090c431e4dc0?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/dc81941cde3349893dfc090c431e4dc0?s=96&d=mm&r=g\",\"caption\":\"CyCognito Staff\"},\"description\":\"Rule Your Risk\",\"url\":\"https:\/\/www.cycognito.com\/blog\/author\/cycognito\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Debating Cybersecurity Defenses Against Rogue Servers | CyCognito Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.cycognito.com\/blog\/debating-cybersecurity-defenses-against-rogue-servers\/","og_locale":"en_US","og_type":"article","og_title":"Debating Cybersecurity Defenses Against Rogue Servers | CyCognito Blog","og_description":"Configure defenses to detect a data compromise like the Novaestrat breach that occurred when an internal Elasticsearch server was exposed to the internet.","og_url":"https:\/\/www.cycognito.com\/blog\/debating-cybersecurity-defenses-against-rogue-servers\/","og_site_name":"CyCognito Blog","article_published_time":"2019-11-05T18:05:00+00:00","article_modified_time":"2024-08-02T22:03:40+00:00","og_image":[{"url":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/Screen-dataexposure1019.png","type":"","width":"","height":""}],"author":"CyCognito Staff","twitter_card":"summary_large_image","twitter_misc":{"Written by":"CyCognito Staff","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.cycognito.com\/blog\/debating-cybersecurity-defenses-against-rogue-servers\/#article","isPartOf":{"@id":"https:\/\/www.cycognito.com\/blog\/debating-cybersecurity-defenses-against-rogue-servers\/"},"author":{"name":"CyCognito Staff","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/e1e418d7d4a6d3abf5de7ef65d04da91"},"headline":"Debating Cybersecurity Defenses Against Rogue Servers","datePublished":"2019-11-05T18:05:00+00:00","dateModified":"2024-08-02T22:03:40+00:00","mainEntityOfPage":{"@id":"https:\/\/www.cycognito.com\/blog\/debating-cybersecurity-defenses-against-rogue-servers\/"},"wordCount":1021,"publisher":{"@id":"https:\/\/www.cycognito.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.cycognito.com\/blog\/debating-cybersecurity-defenses-against-rogue-servers\/#primaryimage"},"thumbnailUrl":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/Screen-dataexposure1019.png","articleSection":["Perspectives"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.cycognito.com\/blog\/debating-cybersecurity-defenses-against-rogue-servers\/","url":"https:\/\/www.cycognito.com\/blog\/debating-cybersecurity-defenses-against-rogue-servers\/","name":"Debating Cybersecurity Defenses Against Rogue Servers | CyCognito Blog","isPartOf":{"@id":"https:\/\/www.cycognito.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.cycognito.com\/blog\/debating-cybersecurity-defenses-against-rogue-servers\/#primaryimage"},"image":{"@id":"https:\/\/www.cycognito.com\/blog\/debating-cybersecurity-defenses-against-rogue-servers\/#primaryimage"},"thumbnailUrl":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/Screen-dataexposure1019.png","datePublished":"2019-11-05T18:05:00+00:00","dateModified":"2024-08-02T22:03:40+00:00","breadcrumb":{"@id":"https:\/\/www.cycognito.com\/blog\/debating-cybersecurity-defenses-against-rogue-servers\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.cycognito.com\/blog\/debating-cybersecurity-defenses-against-rogue-servers\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cycognito.com\/blog\/debating-cybersecurity-defenses-against-rogue-servers\/#primaryimage","url":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/Screen-dataexposure1019.png","contentUrl":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/Screen-dataexposure1019.png","width":474,"height":414},{"@type":"BreadcrumbList","@id":"https:\/\/www.cycognito.com\/blog\/debating-cybersecurity-defenses-against-rogue-servers\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.cycognito.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Debating Cybersecurity Defenses Against Rogue Servers"}]},{"@type":"WebSite","@id":"https:\/\/www.cycognito.com\/blog\/#website","url":"https:\/\/www.cycognito.com\/blog\/","name":"Cycognito Blog","description":"Research, Product News and Latest Updates","publisher":{"@id":"https:\/\/www.cycognito.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.cycognito.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.cycognito.com\/blog\/#organization","name":"Cycognito","url":"https:\/\/www.cycognito.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png","contentUrl":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png","width":1720,"height":550,"caption":"Cycognito"},"image":{"@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/e1e418d7d4a6d3abf5de7ef65d04da91","name":"CyCognito Staff","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/dc81941cde3349893dfc090c431e4dc0?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/dc81941cde3349893dfc090c431e4dc0?s=96&d=mm&r=g","caption":"CyCognito Staff"},"description":"Rule Your Risk","url":"https:\/\/www.cycognito.com\/blog\/author\/cycognito\/"}]}},"_links":{"self":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts\/439","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/users\/26"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/comments?post=439"}],"version-history":[{"count":6,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts\/439\/revisions"}],"predecessor-version":[{"id":1048,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts\/439\/revisions\/1048"}],"wp:attachment":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/media?parent=439"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/categories?post=439"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/tags?post=439"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}