Albert Network Monitoring and Management

24x7x365 managed and monitored IDS built to detect SLTT-specific threats.

Speak with the CIS team to learn how to get started with Albert.

GET STARTED

Video Thumbnail
1:06
0:44

 

Albert Network Monitoring and Management is an industry-leading designed specifically for U.S. State, Local, Tribal, and Territorial (SLTT) government organizations.

Learn how Albert is advancing state and local cybersecurity.


How Albert Helps You...

Monitors for malicious traffic

Many SLTT organizations have limited staff, resources, and expertise. With Albert, the expert security analysts in CIS's SOC monitor for malicious traffic so that you don't have to.

Serves as a second line of defense

For SLTT organizations that have the resources to monitor their own network traffic, Albert can serve as a powerful failsafe. Albert is a second line of defense, protecting your network with CIS experts' deep knowledge and experience tackling SLTT-specific threats.

Offers 24x7x365 management and support

When your team is off, CIS's team is on. With expert security analysts working round-the-clock, CIS can offer you the peace of mind that comes from knowing your network is in good hands every second of the day. If an incident does occur, CIS analyzes the event and only sends notifications on actionable threats, saving your team time and resources.

Saves you money with free incident response

Albert saves you money compared to other IDS solutions by providing free incident response support through the MS-ISAC's Cyber Incident Response Team (CIRT). The CIRT will use the Albert alert along with the history of each member organization to aid their analysis.

Serves as an extension of your security team

The CIS SOC handles monitoring and management of the Albert sensor 24x7x365. This service includes maintaining the operating system, IDS engine, NetFlow tools, and signature sets. We will work with your organization to make signature modifications upon request. We can also collaborate with you to write custom signatures to detect specific types of malicious activity on your network. All Albert customers get access to products produced by the Cyber Threat Intelligence (CTI) team. The CTI delivers information on specific cyber incidents or threats, in-depth threat intelligence reports, and technical information regarding vulnerabilities in software and hardware. This helps SLTT organizations prepare and defend against cyber threats.

NetFlow

A NetFlow record is a summary of a data exchange between two systems. It’s based on seven distinct characteristics:

  1. Source IP
  2. Destination IP
  3. Source port
  4. Destination port
  5. TCP Flags
  6. Number of bytes of traffic sent and received
  7. Timestamp information (start, end, and duration of connection)

Traditional network security monitoring services alert on malicious activity going forward from the time a signature is deployed. However, Albert leverages NetFlow logs to review data retroactively, which improves the ability to search for malicious activity. This allows CIS's security analysts to search previous network activity for specific threats reported by partners while investigating concerns identified in the network environment.


What customers are saying

Prior to Albert, I had no mechanism for fully analyzing my incoming and (just as importantly) outgoing electronic traffic...I now have a reliable, affordable, and trusted source that inspects ALL of my traffic in both directions.
Wesley Wilcox
Marion County, Florida Elections
Overview
Video Thumbnail
1:06
0:44

 

Albert Network Monitoring and Management is an industry-leading designed specifically for U.S. State, Local, Tribal, and Territorial (SLTT) government organizations.

Learn how Albert is advancing state and local cybersecurity.


How Albert Helps You...

Monitors for malicious traffic

Many SLTT organizations have limited staff, resources, and expertise. With Albert, the expert security analysts in CIS's SOC monitor for malicious traffic so that you don't have to.

Serves as a second line of defense

For SLTT organizations that have the resources to monitor their own network traffic, Albert can serve as a powerful failsafe. Albert is a second line of defense, protecting your network with CIS experts' deep knowledge and experience tackling SLTT-specific threats.

Offers 24x7x365 management and support

When your team is off, CIS's team is on. With expert security analysts working round-the-clock, CIS can offer you the peace of mind that comes from knowing your network is in good hands every second of the day. If an incident does occur, CIS analyzes the event and only sends notifications on actionable threats, saving your team time and resources.

Saves you money with free incident response

Albert saves you money compared to other IDS solutions by providing free incident response support through the MS-ISAC's Cyber Incident Response Team (CIRT). The CIRT will use the Albert alert along with the history of each member organization to aid their analysis.

Serves as an extension of your security team

The CIS SOC handles monitoring and management of the Albert sensor 24x7x365. This service includes maintaining the operating system, IDS engine, NetFlow tools, and signature sets. We will work with your organization to make signature modifications upon request. We can also collaborate with you to write custom signatures to detect specific types of malicious activity on your network. All Albert customers get access to products produced by the Cyber Threat Intelligence (CTI) team. The CTI delivers information on specific cyber incidents or threats, in-depth threat intelligence reports, and technical information regarding vulnerabilities in software and hardware. This helps SLTT organizations prepare and defend against cyber threats.

NetFlow

A NetFlow record is a summary of a data exchange between two systems. It’s based on seven distinct characteristics:

  1. Source IP
  2. Destination IP
  3. Source port
  4. Destination port
  5. TCP Flags
  6. Number of bytes of traffic sent and received
  7. Timestamp information (start, end, and duration of connection)

Traditional network security monitoring services alert on malicious activity going forward from the time a signature is deployed. However, Albert leverages NetFlow logs to review data retroactively, which improves the ability to search for malicious activity. This allows CIS's security analysts to search previous network activity for specific threats reported by partners while investigating concerns identified in the network environment.


What customers are saying

Prior to Albert, I had no mechanism for fully analyzing my incoming and (just as importantly) outgoing electronic traffic...I now have a reliable, affordable, and trusted source that inspects ALL of my traffic in both directions.
Wesley Wilcox
Marion County, Florida Elections
Features

Albert leverages a high-performance IDS engine for the identification and reporting of malicious events. It also monitors raw network packets and converts data into a NetFlow format for efficient storage and analysis of historical data.


Unique Signature Sets

Albert utilizes a unique signature set specifically developed for SLTTs to ensure sensors rapidly recognize and alert on potentially malicious traffic occurring on the network.

CIS utilizes three main sources of signatures:

  • Commercial signatures that are optimal for detecting standard malware and crimeware
  • State-sponsored indicators
  • Research from attack patterns identified by our SOC and CIRT in response to attacks targeting SLTTs and open-source reporting

Alerts Analysis & Escalation

No logs or data reside on the sensor. All data collected is compressed, encrypted, and sent to the CIS SOC every few minutes for analysis. After analyzing and verifying the alerts as actionable, the SOC will send an event notification to your organization within an average of six minutes and in accordance with pre-established escalation procedures. Notifications include which IP addresses are affected, the identified issues, mitigation recommendations, and an attachment containing all traffic associated with the event. Your organization may also utilize the CIS API service to receive event notifications and associated logs. Our 24x7x365 SOC and the MS-ISAC's Cyber Incident Response Team (CIRT) are always available to answer questions and provide assistance as needed.


The basic life cycle of an Albert event

Albert Lifecycle


Reporting

A comprehensive monthly activity report is made available to you. It summarizes the malicious activity identified by each sensor deployed in your organization’s environment. These reports provide details for all actionable alerts for the previous month, statistics on data such as total alerts generated vs. actionable alerts, as well as a review of the total volume of monitored traffic.


CIS Services logo

Improve your cybersecurity posture with Albert.

GET STARTED


View available procurement vehicles

Learn More


Questions about Albert?

View Our FAQ