I'm (not) Batman ft. Bryon Singh, RailWorks Corporation

I'm (not) Batman ft. Bryon Singh, RailWorks Corporation

By Steve Gold
Posted in Security
On January 16, 2024

In the film "The Dark Knight," the character of Batman (played by Christian Bale) uses an advanced surveillance system called the "Bat-Sonar." This technology enables him to turn every cell phone in Gotham City into a high-frequency microphone, creating a real-time audio surveillance network. Batman activates this system to locate the Joker and gather vital information to prevent his destructive plans.

Batman's Bat-Sonar provides real-time information that allows him to respond swiftly to emerging threats.

Batman's use of the Bat-Sonar exemplifies the importance of gathering and analyzing data. When logging is enabled across enterprise assets, organizations gain real-time visibility into their digital environment. This enables them to monitor activities, detect anomalies, and respond promptly to security incidents or operational issues. In an enterprise context, enabling logging ensures that data is collected consistently. This data can then be analyzed to identify patterns, security breaches, or compliance violations. It empowers organizations to make informed decisions and take appropriate actions based on the insights gained from the logs.

CIS Safeguard 8.2, "Collect Audit Logs," emphasizes the critical practice of gathering audit logs across all enterprise assets, an essential component of regulatory compliance and security management. Collecting audit logs is vital for organizations to monitor, detect, and respond to potential security threats, as well as to maintain a record of activity for forensic analysis. This practice is not only a cornerstone of security strategies, but also a regulatory requirement in many industries. It ensures that organizations have the necessary evidence to demonstrate compliance with various legal, contractual, and regulatory requirements. By maintaining a comprehensive and accurate collection of audit logs, companies can better understand their security posture, improve incident response, and meet the stringent demands of regulatory bodies regarding data protection and privacy.

Organizations should conduct audits on the following:

  • Systems: This includes all entry points within the network.
  • Devices: Ensure logging for devices like web servers, authentication servers, switches, routers, and workstations.
  • Applications: Cover all critical software, particularly firewalls and other security tools.

Here’s a link to the Audit Log Management Policy Template provided free of charge from the fine folks at the Center for Internet Security: https://www.cisecurity.org/insights/white-papers/audit-log-management-policy-template-for-cis-control-8

Here are some details on this specific Control/Safeguard. If you want more detail, DM me.

CIS Control 8 – Audit Log Management

Collect, alert, review, and retain audit logs of events that could help detect, understand, or recover from an attack.

Implementation Group 1

CIS Safeguard 8.2 - Collect Audit Logs

Collect audit logs. Ensure that logging, per the enterprise’s audit log management process, has been enabled across enterprise assets.

Steve Gold

Steve Gold

Steve Gold is the Cybersecurity Practice Director at Gotham Technology Group (Gotham). He is responsible for providing the vision and thought leadership to expand Gotham’s legacy of success and build a world-class cybersecurity practice. He works closely with Gotham’s customers, industry partners, and subject matter experts to develop relevant solutions for Gotham’s clients and prospects.

Prior to joining Gotham, Steve worked with the Center for Internet Security (CIS), where he expanded the global reach, revenue, and impact of the CIS Benchmarks, CIS Controls, and CIS Hardened Images. He led the efforts to promote the CIS portfolio of low-cost and no-cost cybersecurity products and services that help private and public organizations stay secure in the connected world. He grew a team of security specialists from 12 to over 40 to assist organizations with implementing security best practices in their continual journey of cybersecurity maturity.

During his more than 20-year career, Steve led teams responsible for developing and implementing technology solutions at some of the industry’s most recognized companies such as Varonis, VMware, Dell & Wyse Technology

Steve is a frequent speaker/moderator at industry conferences and webinars, covering a wide array of information security topics. He resides and works remotely in Baltimore, MD.