Limited Time Offer: Save up to 20% on a new CIS SecureSuite Membership | Learn more
Why CIS Solutions Join CIS Resources
CIS WorkBench Sign-in CIS WorkBench Sign In CIS Hardened Images CIS Hardened Images Support CIS Support


Who We Are

CIS is an independent, nonprofit organization with a mission to create confidence in the connected world

About Us Leadership Principles Testimonials


secure your organization
Secure Your Organization

secure specific platforms
Secure Specific Platforms

cis securesuite CIS SecureSuite® Learn More      Apply Now  
u s state local tribal and territorial governments
U.S. State, Local, Tribal & Territorial Governments

View All Products & Services  

Join CIS

Get Involved

Join CIS as a member, partner, or volunteer - or explore our career opportunities

CIS SecureSuite® Membership Multi-State ISAC (MS-ISAC®) Elections Infrastructure ISAC (EI-ISAC®) CIS CyberMarket® Vendors CIS Communities Careers




filter by topic
Filter by Topic

View All Resources  
CIS Logo Show Search Expand Menu

4 Reasons SLTTs use Network Monitoring Systems

Ransomware attacks targeting U.S. State, Local, Tribal, and Territorial government entities (SLTTs) have been on the rise since 2018. It is essential for these organizations to have a comprehensive cyber defense program in place. From creating incident response plans and offering cybersecurity training, to implementing a network security monitoring service for identifying malicious activity - each piece plays an important part in a true defense in depth strategy to protect the information and data of citizens.

Network monitoring solutions are a crucial way to protect SLTTs against attacks from cyber criminals. Albert is a unique and cost-effective Intrusion Detection System (IDS) that is only offered to SLTTs through the Center for Internet Security (CIS).

This network monitoring and management solution provides automated alerts on both traditional and advanced network threats by CIS's Security Operations Center (SOC). Many SLTTs throughout the country have embraced Albert. Read on to learn about the four major reasons why Albert network monitoring is their preferred solution.

1. Quickly identify malicious activity

Albert uses a unique and targeted SLTT focused signature set to help ensure sensors rapidly identify and alert on potentially malicious traffic on a network. Organizations affected by ransomware go from event detection to notification within six minutes of malicious activity. This brief interval allows organizations to quickly investigate potential compromises, remediate, minimizing impact from cyber threats.

2. A cost-effective solution

Albert can run on commodity hardware. This, along with the expertise of the CIS SOC, provides a full-service, cost-effective solution for SLTTs.

3. Identifying trends

By monitoring a large number of SLTT networks, trends can be observed and incorporated into other CIS services and products that benefit the entire SLTT community. SLLT organizations utilize Albert’s comprehensive monthly activity report summarizing the activity identified by their sensor.

4. Monitoring, management, and support

Around-the-clock support is essential for SLTT organizations. They require a team of specialists who can manage systems and communicate with them quickly and effectively. All Albert network monitoring, as well as full management of the sensor, is handled by the CIS SOC.

When a potential threat is identified, Albert generates an alert which is sent to the SOC. A CIS analyst reviews and validates the alert for malicious activity and notifies the affected organization. By utilizing NetFlow logs, the SOC can retroactively search for newly identified malicious activity and notify the impacted entity for investigation and remediation.


The Albert network monitoring and management solution is available to U.S. State, Local, Tribal, and Territorial (SLTT) entities, including public education institutions, critical infrastructure, and emergency response services.