Albert is a unique network monitoring solution that provides automated alerts on both traditional and advanced network threats, allowing organizations to respond quickly when their data may be at risk. Albert utilizes open source software – running on commodity hardware – that results in a very cost-effective IDS monitoring solution with a unique, SLTT-focused signature set. Combined with our in-depth review conducted by expert analysts through CIS’ 24x7 Security Operations Center, Albert is a fully monitored and managed service that’s both personal and customizable.
How does Albert work?
Albert leverages Suricata's high-performance IDS (Intrusion Detection System) engine to accurately identify and report malicious activity. It monitors raw network packets and converts data into a netflow format for efficient storage and analysis.
The CIS SOC also analyzes netflow by comparing activity to statistical models developed in-house, allowing us to pinpoint deviations from healthy network activity. CIS maintains thousands of signatures, including commercial, open-source, and Advanced Persistent Threat (APT) indicators. For every 24 hours of data transmitted and received by Albert sensors, our analysts manually review anomalies for malicious activity or data exfiltration, and notify you if there are any concerns.
Signature fires > Alert generated & sent to CIS > Analysis conducted in 24x7 SOC > Event notification sent
Where does the data live?
With Albert, no logs or Netflow data reside on the sensor. All of your organization's data is compressed, encrypted, and sent to the CIS SOC for analysis.
All of your organizations logged and network security alert data is compressed, encrypted and sent to the CIS SOC. This allows analysts to review previous network activity and search for specific threats or activity related to newly-released signatures, providing a distinct advantage over traditional security network monitoring services.
Alerts, Reporting, & Management
After a SOC analyst has verified an alert as legitimate, the CIS SOC sends out an event notification which includes:
- which system(s) are affected
- the identified issue
- mitigation recommendations
- traffic associated with the event
Our 24x7 SOC is always on hand to answer questions or query netflow data. We also provide organizations a monthly activity report for each sensor deployed through Albert, providing details for actionable alerts, a review of the volume of traffic monitored.
CIS manages all sensors deployed through Albert, including updates to the operating system, engine, netflow tools, and signature sets. Signatures are updated twice daily to ensure the latest security threat monitoring is being provided.
To learn more about deploying Albert in your organization, complete this short form or contact us directly at firstname.lastname@example.org.