In the film "The Dark Knight," the character of Batman (played by Christian Bale) uses an advanced surveillance system called the "Bat-Sonar." This technology enables him to turn every cell phone in Gotham City into a high-frequency microphone, creating a real-time audio surveillance network. Batman activates this system to locate the Joker and gather vital information to prevent his destructive plans.
Batman's Bat-Sonar provides real-time information that allows him to respond swiftly to emerging threats.
Batman's use of the Bat-Sonar exemplifies the importance of gathering and analyzing data. When logging is enabled across enterprise assets, organizations gain real-time visibility into their digital environment. This enables them to monitor activities, detect anomalies, and respond promptly to security incidents or operational issues. In an enterprise context, enabling logging ensures that data is collected consistently. This data can then be analyzed to identify patterns, security breaches, or compliance violations. It empowers organizations to make informed decisions and take appropriate actions based on the insights gained from the logs.
CIS Safeguard 8.2, "Collect Audit Logs," emphasizes the critical practice of gathering audit logs across all enterprise assets, an essential component of regulatory compliance and security management. Collecting audit logs is vital for organizations to monitor, detect, and respond to potential security threats, as well as to maintain a record of activity for forensic analysis. This practice is not only a cornerstone of security strategies, but also a regulatory requirement in many industries. It ensures that organizations have the necessary evidence to demonstrate compliance with various legal, contractual, and regulatory requirements. By maintaining a comprehensive and accurate collection of audit logs, companies can better understand their security posture, improve incident response, and meet the stringent demands of regulatory bodies regarding data protection and privacy.
Organizations should conduct audits on the following:
- Systems: This includes all entry points within the network.
- Devices: Ensure logging for devices like web servers, authentication servers, switches, routers, and workstations.
- Applications: Cover all critical software, particularly firewalls and other security tools.
Here’s a link to the Audit Log Management Policy Template provided free of charge from the fine folks at the Center for Internet Security: https://www.cisecurity.org/insights/white-papers/audit-log-management-policy-template-for-cis-control-8
Here are some details on this specific Control/Safeguard. If you want more detail, DM me.
CIS Control 8 – Audit Log Management
Collect, alert, review, and retain audit logs of events that could help detect, understand, or recover from an attack.
Implementation Group 1
CIS Safeguard 8.2 - Collect Audit Logs
Collect audit logs. Ensure that logging, per the enterprise’s audit log management process, has been enabled across enterprise assets.