The world of network monitoring can seem a bit intimidating at first. There are a variety of solutions on the market offering to detect, alert, and mitigate your IT infrastructure against cyber threats. These include intrusion protection systems (IPS), intrusion detection systems (IDS), and all-in-one next-generation firewall appliances (NGFW). Most of these network monitoring solutions are now offering next-generation threat detection methods that use machine learning to reduce false positives and detect anomaly network traffic. Albert is a passive IDS offered by CIS as a low cost and very effective network monitoring service for which threat detection is based on threat signatures.
Netflow Data & Threat Signatures
The Albert network monitoring service generates an organization’s Netflow data, which is monitored network traffic captured in session files. Albert compares the captured Netflow data against thousands of known threat signatures and Albert will send a threat alert when there is a match back to CIS’ 24×7 Security Operations Center (SOC) for further analysis.
Threat signatures are gathered from a variety of open-source and commercial Cyber Defense sources that include advanced persistent threat (APT) indicators. CIS’ Computer Emergency Response Team (CERT) develops custom threat signatures tailored to specific threats for our state, local, tribal, and territorial (SLTT) organization members. Threat signatures are updated twice daily to ensure organizations receive the latest security monitoring.
When a threat is detected
When a potential threat is identified, Albert generates an alert which is sent to CIS’ 24×7 SOC. A SOC analyst reviews the alert for malicious activity or data infiltration and notifies the affected organization if there are any concerns. Here’s how it works:
Event notifications from the SOC include:
- System(s) affected
- Identified issue
- Mitigation recommendations
- Traffic reports associated with the event
Round-the-clock assistance, updates, and more
The SOC has a 24×7 hotline for answering questions or querying Netflow data. Organizations using Albert also receive a monthly report for each Albert sensor, which includes details about actionable alerts and a review of the volume of traffic monitored.
CIS manages every Albert sensor, including updates to the operating system, engine, Netflow tools, and signature sets.
The Albert network monitoring solution is available to U.S. State, Local, Tribal, and Territorial (SLTT) entities, including public universities, utilities, school districts, and emergency response services.