Albert Network Monitoring and Management
24x7x365 managed and monitored IDS built to detect SLTT-specific threats.
Speak with the CIS team to learn how to get started with Albert.
Albert Network Monitoring and Management is an industry-leading Intrusion Detection System (IDS) designed specifically for U.S. State, Local, Tribal, and Territorial (SLTT) government organizations.
Learn how Albert is advancing state and local cybersecurity.
How Albert Helps You...
Monitors for malicious traffic
Many SLTT organizations have limited staff, resources, and expertise. With Albert, the expert security analysts in CIS's SOC monitor for malicious traffic so that you don't have to.
Serves as a second line of defense
For SLTT organizations that have the resources to monitor their own network traffic, Albert can serve as a powerful failsafe. Albert is a second line of defense, protecting your network with CIS experts' deep knowledge and experience tackling SLTT-specific threats.
Offers 24x7x365 management and support
When your team is off, CIS's team is on. With expert security analysts working round-the-clock, CIS can offer you the peace of mind that comes from knowing your network is in good hands every second of the day. If an incident does occur, CIS analyzes the event and only sends notifications on actionable threats, saving your team time and resources.
Saves you money with free incident response
Albert saves you money compared to other IDS solutions by providing free incident response support through the MS-ISAC's Cyber Incident Response Team (CIRT). CIRT uses all available information, from the Albert alert to evidence collected remotely, to aid each member organization in identifying, containing, and removing threats.
Serves as an extension of your security team
CIS handles monitoring and management of the Albert sensor 24x7x365. This service includes maintaining the operating system, IDS engine, NetFlow tools, and signature sets. We will work with your organization to make signature modifications upon request. We can also collaborate with you to write custom signatures to detect specific types of malicious activity on your network. All Albert customers get access to expert-developed products produced by the CIS Cyber Threat Intelligence (CTI) team. The CIS CTI team helps SLTT organizations prepare and defend against cyber threats by developing and delivering valuable information on emerging cyber threats, in-depth threat intelligence reports, and technical information regarding vulnerabilities in software and hardware.
The CIS Security Operations Center (SOC)
The Key to Growing Your SLTT’s Cyber Maturity
NetFlow
A NetFlow record is a summary of a data exchange between two systems. It’s based on seven distinct characteristics:
- Source IP
- Destination IP
- Source port
- Destination port
- TCP Flags
- Number of bytes of traffic sent and received
- Timestamp information (start, end, and duration of connection)
Traditional network security monitoring services alert on malicious activity going forward from the time a signature is deployed. However, Albert leverages NetFlow logs to review data retroactively, which improves the ability to search for malicious activity. This allows CIS's security analysts to search previous network activity for specific threats reported by partners while investigating concerns identified in the network environment.
Pricing is based on average internet connection utilization. A one-time initiation fee per sensor applies.
What customers are saying
Albert Network Monitoring and Management is an industry-leading Intrusion Detection System (IDS) designed specifically for U.S. State, Local, Tribal, and Territorial (SLTT) government organizations.
Learn how Albert is advancing state and local cybersecurity.
How Albert Helps You...
Monitors for malicious traffic
Many SLTT organizations have limited staff, resources, and expertise. With Albert, the expert security analysts in CIS's SOC monitor for malicious traffic so that you don't have to.
Serves as a second line of defense
For SLTT organizations that have the resources to monitor their own network traffic, Albert can serve as a powerful failsafe. Albert is a second line of defense, protecting your network with CIS experts' deep knowledge and experience tackling SLTT-specific threats.
Offers 24x7x365 management and support
When your team is off, CIS's team is on. With expert security analysts working round-the-clock, CIS can offer you the peace of mind that comes from knowing your network is in good hands every second of the day. If an incident does occur, CIS analyzes the event and only sends notifications on actionable threats, saving your team time and resources.
Saves you money with free incident response
Albert saves you money compared to other IDS solutions by providing free incident response support through the MS-ISAC's Cyber Incident Response Team (CIRT). CIRT uses all available information, from the Albert alert to evidence collected remotely, to aid each member organization in identifying, containing, and removing threats.
Serves as an extension of your security team
CIS handles monitoring and management of the Albert sensor 24x7x365. This service includes maintaining the operating system, IDS engine, NetFlow tools, and signature sets. We will work with your organization to make signature modifications upon request. We can also collaborate with you to write custom signatures to detect specific types of malicious activity on your network. All Albert customers get access to expert-developed products produced by the CIS Cyber Threat Intelligence (CTI) team. The CIS CTI team helps SLTT organizations prepare and defend against cyber threats by developing and delivering valuable information on emerging cyber threats, in-depth threat intelligence reports, and technical information regarding vulnerabilities in software and hardware.
The CIS Security Operations Center (SOC)
The Key to Growing Your SLTT’s Cyber Maturity
NetFlow
A NetFlow record is a summary of a data exchange between two systems. It’s based on seven distinct characteristics:
- Source IP
- Destination IP
- Source port
- Destination port
- TCP Flags
- Number of bytes of traffic sent and received
- Timestamp information (start, end, and duration of connection)
Traditional network security monitoring services alert on malicious activity going forward from the time a signature is deployed. However, Albert leverages NetFlow logs to review data retroactively, which improves the ability to search for malicious activity. This allows CIS's security analysts to search previous network activity for specific threats reported by partners while investigating concerns identified in the network environment.
Pricing is based on average internet connection utilization. A one-time initiation fee per sensor applies.
What customers are saying
Albert leverages a high-performance IDS engine for the identification and reporting of malicious events. It also monitors raw network packets and converts data into a NetFlow format for efficient storage and analysis of historical data.
Unique Signature Sets
Albert utilizes a unique signature set specifically developed for SLTTs to ensure sensors rapidly recognize and alert on potentially malicious traffic occurring on the network.
CIS utilizes three main sources of signatures:
- Commercial signatures that are optimal for detecting standard malware and crimeware
- State-sponsored indicators
- Research from attack patterns identified by our SOC and CIRT in response to attacks targeting SLTTs and open-source reporting
Alerts Analysis & Escalation
No logs or data reside on the sensor. All data collected is compressed, encrypted, and sent to the CIS SOC every few minutes for analysis. After analyzing and verifying the alerts as actionable, the SOC will send an event notification to your organization within an average of six minutes and in accordance with pre-established escalation procedures. Notifications include which IP addresses are affected, the identified issues, mitigation recommendations, and an attachment containing all traffic associated with the event. Your organization may also utilize the CIS API service to receive event notifications and associated logs. Our 24x7x365 SOC and the MS-ISAC's Cyber Incident Response Team (CIRT) are always available to answer questions and provide assistance as needed.
The basic life cycle of an Albert event
Reporting
A comprehensive monthly activity report is made available to you. It summarizes the malicious activity identified by each sensor deployed in your organization’s environment. These reports provide details for all actionable alerts for the previous month, statistics on data such as total alerts generated vs. actionable alerts, as well as a review of the total volume of monitored traffic.