Albert Network Monitoring and Management
24x7x365 managed and monitored IDS built to detect SLTT-specific threats.
Speak with the CIS team to learn how to get started with Albert.
Albert Network Monitoring and Management is an industry-leading Intrusion Detection System (IDS) designed specifically for U.S. State, Local, Tribal, and Territorial (SLTT) government organizations.
Learn how Albert is advancing state and local cybersecurity.
How Albert Helps You...
Monitors for malicious traffic
Many SLTT organizations have limited staff, resources, and expertise. With Albert, the expert security analysts in CIS's SOC monitor for malicious traffic so that you don't have to.
Serves as a second line of defense
For SLTT organizations that have the resources to monitor their own network traffic, Albert can serve as a powerful failsafe. Albert is a second line of defense, protecting your network with CIS experts' deep knowledge and experience tackling SLTT-specific threats.
Offers 24x7x365 management and support
When your team is off, CIS's team is on. With expert security analysts working round-the-clock, CIS can offer you the peace of mind that comes from knowing your network is in good hands every second of the day. If an incident does occur, CIS analyzes the event and only sends notifications on actionable threats, saving your team time and resources.
Saves you money with free incident response
Albert saves you money compared to other IDS solutions by providing free incident response support through the MS-ISAC's Cyber Incident Response Team (CIRT). CIRT uses all available information, from the Albert alert to evidence collected remotely, to aid each member organization in identifying, containing, and removing threats.
Serves as an extension of your security team
CIS handles monitoring and management of the Albert sensor 24x7x365. This service includes maintaining the operating system, IDS engine, NetFlow tools, and signature sets. We will work with your organization to make signature modifications upon request. We can also collaborate with you to write custom signatures to detect specific types of malicious activity on your network. All Albert customers get access to expert-developed products produced by the CIS Cyber Threat Intelligence (CTI) team. The CIS CTI team helps SLTT organizations prepare and defend against cyber threats by developing and delivering valuable information on emerging cyber threats, in-depth threat intelligence reports, and technical information regarding vulnerabilities in software and hardware.
The CIS Security Operations Center (SOC)
The Key to Growing Your SLTT’s Cyber Maturity
Albert NetFlow Extract Tool (ANET)
ANET is a self-service reporting feature available in the CIS Portal that lets Albert members run their own queries on Albert data with no need to contact the CIS SOC or wait for a response.
With ANET, members can quickly search for common IP and DNS-based activity, saving time and effort. It is designed to support the most frequent types of queries, giving users faster access to the information they need.
What Is NetFlow?
A NetFlow record is a summary of a data exchange between two systems. Each record includes:
- Source IP
- Destination IP
- Source port
- Destination port
- TCP Flags
- Number of bytes of traffic sent and received
- Timestamp information (start, end, and duration of connection)
Unlike traditional network monitoring tools that only alert on threats going forward, Albert uses NetFlow logs to look back in time. This means CIS analysts can investigate past network activity for signs of malicious behavior — especially useful when new threats are reported by partners or identified in your environment.
