CIS Logo
tagline: Confidence in the Connected World

Albert: A Smart Solution for Network Monitoring

The world of network monitoring can seem a bit intimidating at first. There are a variety of solutions on the market offering to detect, alert, and mitigate your IT infrastructure against cyber threats. These include intrusion protection systems (IPS), intrusion detection systems (IDS), and all-in-one next generation firewall appliances (NGFW).  Most of these network monitoring solutions are now offering next-generation threat detection methods that use machine learning to reduce false positives and detect anomaly network traffic. Albert is a passive IDS offered by CIS as a low cost and very effective network monitoring service for which threat detection is based on threat signatures.

Netflow Data & Threat Signatures

The Albert network monitoring service generates an organization’s Netflow data, which is monitored network traffic captured in session files. Albert also compares inspected network traffic against thousands of known threat signatures, and then sends the alerts back to CIS’ 24x7 Security Operations Center (SOC) for analysis when there is a match.

Threat signatures are gathered from a variety of open-source and commercial Cyber Defense sources that include advanced persistent threat (APT) indicators. CIS’ Computer Emergency Response Team (CERT) develops custom threat signatures tailored to specific threats for our state, local, tribal, and territorial (SLTT) organization members. Threat signatures are updated twice daily to ensure organizations receive the latest security monitoring.

When a threat is detected

When a potential threat is identified, Albert generates an alert which is sent to CIS’ 24x7 SOC. A SOC analyst reviews the alert for malicious activity or data infiltration and notifies the affected organization if there are any concerns. Here’s how it works:



Event notifications from the SOC include:

  • System(s) affected
  • Identified issue
  • Mitigation recommendations
  • Traffic reports associated with the event

Round-the-clock assistance, updates, and more

The SOC has a 24x7 hotline for answering questions or querying Netflow data. Organizations using Albert also receive a monthly report for each Albert sensor, which includes details about actionable alerts and a review of the volume of traffic monitored.

CIS manages every Albert sensor, including updates to the operating system, engine, Netflow tools, and signature sets.

The Albert network monitoring solution is available to U.S. State, Local, Tribal, and Territorial (SLTT) entities, including public universities, utilities, school districts, and emergency response services.

Arrow  Learn more about Albert