Why CIS Solutions Join CIS Resources
CIS WorkBench Sign-in CIS WorkBench Sign In CIS Hardened Images CIS Hardened Images Support CIS Support


Who We Are

CIS is an independent, nonprofit organization with a mission to create confidence in the connected world

About Us Leadership Principles Testimonials


secure your organization
Secure Your Organization

secure specific platforms
Secure Specific Platforms

cis securesuite CIS SecureSuite® Learn More      Apply Now  
u s state local tribal and territorial governments
U.S. State, Local, Tribal & Territorial Governments

View All Products & Services  

Join CIS

Get Involved

Join CIS as a member, partner, or volunteer - or explore our career opportunities

CIS SecureSuite® Membership Multi-State ISAC (MS-ISAC®) Elections Infrastructure ISAC (EI-ISAC®) CIS CyberMarket® Vendors CIS Communities Careers




filter by topic
Filter by Topic

View All Resources  
CIS Logo Show Search Expand Menu

Albert: A Smart Solution for Network Monitoring

The world of network monitoring can seem a bit intimidating at first. There are a variety of solutions on the market offering to detect, alert, and mitigate your IT infrastructure against cyber threats. Albert is a passive IDS offered by CIS as an effective low-cost network monitoring service for which malicious activity is detected based on threat signatures.

Albert leverages Suricata's high-performance, signature-based, IDS (Intrusion Detection System) engine to accurately identify and report malicious activity.

Threat signatures

Albert compares inspected network traffic against tens of thousands of threat signatures, and then sends alerts back to CIS’ 24x7 Security Operations Center (SOC) for analysis when there is a match.

Albert’s signatures include commercial, open-source, and signatures related to Advanced Persistent Threat (APT) actors. Albert also monitors raw network packets and converts that data into a NetFlow format for efficient storage and analysis.

CIS develops custom threat signatures specific to U.S. State, Local, Tribal, and Territorial (SLLT) governments based on advanced threat analysis, our CERT forensic cases, as well as member submitted and third-party threat data. Signatures are updated and distributed to every Albert sensor daily to ensure organizations receive the latest security monitoring.

When a threat is detected

When a potential threat is identified, Albert generates an alert which is sent to CIS’ 24x7 SOC. A SOC analyst reviews and validates the alert for malicious activity and notifies the affected organization. Here’s how it works:



Event notifications from the SOC include:

  • System(s) affected
  • Identified issue
  • Mitigation recommendations
  • Traffic associated with the event

24x7 SOC for assistance, updates, and more

The SOC has a 24x7 hotline for answering questions or querying Netflow data. Organizations using Albert also receive a monthly report, which includes details about actionable alerts, ticket information, a review of the volume of traffic monitored and more.

CIS manages every Albert sensor, including updates to the operating system, engine, Netflow tools, and signature sets.

The Albert network monitoring solution is available to U.S. State, Local, Tribal, and Territorial (SLTT) entities, including public universities, utilities, school districts, and emergency response services.