Albert is a unique network monitoring solution that provides automated alerts on both traditional and advanced network threats, allowing organizations to respond quickly when their data may be at risk. Albert utilizes open source software – running on commodity hardware – that results in a very cost-effective IDS monitoring solution with a unique, SLTT-focused signature set. Combined with our in-depth review conducted by expert analysts through CIS’ 24x7 Security Operations Center, Albert is a fully monitored and managed service that’s both personal and customizable.
How does Albert work?
Albert leverages Suricata's high-performance, signature-based, IDS (Intrusion Detection System) engine to accurately identify and report malicious activity. CIS maintains thousands of signatures, including commercial, open-source, and signatures related to Advanced Persistent Threat (APT) actors. Albert also monitors raw network packets and converts that data into a NetFlow format for efficient storage and analysis.
Signature fires > Alert generated & sent to CIS > Analysis conducted in 24x7 SOC > Event notification sent
Where does the data live?
With Albert, no cybersecurity event or NetFlow data reside on the sensor. Cybersecurity events identified by Albert, as well as all NetFlow data generated, is compressed, encrypted, and sent to the CIS SOC for analysis. After the data is received, an analysis is performed on the cybersecurity events generated by the Albert sensors. Additionally, historic network data is retroactively searched for specific threats or activity related to newly identified indicators of compromise, providing a distinct advantage over traditional network security monitoring services.
Alerts, Reporting, & Management
After a SOC analyst has verified an alert as legitimate, the CIS SOC sends out an event notification which includes:
- which system(s) are affected
- the identified issue
- mitigation recommendations
- traffic associated with the event
Our 24x7 SOC is always on hand to answer questions or query NetFlow data. We also provide organizations with a monthly activity report detailing the activity for each sensor deployed through Albert, providing details for actionable alerts, a review of the volume of traffic monitored.
CIS manages all sensors deployed through Albert, including updates to the operating system, IDS engine, NetFlow tools, and signature sets. Signatures are updated twice daily to ensure the latest security threat monitoring is being provided.
To learn more about deploying Albert in your organization, complete this short form or contact us directly at firstname.lastname@example.org.