Netflow Data & Threat SignaturesThe Albert network monitoring service generates an organization’s Netflow data, which is monitored network traffic captured in session files. Albert compares the captured Netflow data against thousands of known threat signatures and Albert will send a threat alert when there is a match back to CIS’ 24x7 Security Operations Center (SOC) for further analysis.
Threat signatures are gathered from a variety of open-source and commercial Cyber Defense sources that include advanced persistent threat (APT) indicators. CIS’ Computer Emergency Response Team (CERT) develops custom threat signatures tailored to specific threats for our state, local, tribal, and territorial (SLTT) organization members. Threat signatures are updated twice daily to ensure organizations receive the latest security monitoring.
When a threat is detectedWhen a potential threat is identified, Albert generates an alert which is sent to CIS’ 24x7 SOC. A SOC analyst reviews the alert for malicious activity or data infiltration and notifies the affected organization if there are any concerns. Here’s how it works:
Event notifications from the SOC include:
- System(s) affected
- Identified issue
- Mitigation recommendations
- Traffic reports associated with the event
Round-the-clock assistance, updates, and moreThe SOC has a 24x7 hotline for answering questions or querying Netflow data. Organizations using Albert also receive a monthly report for each Albert sensor, which includes details about actionable alerts and a review of the volume of traffic monitored.
CIS manages every Albert sensor, including updates to the operating system, engine, Netflow tools, and signature sets.
The Albert network monitoring solution is available to U.S. State, Local, Tribal, and Territorial (SLTT) entities, including public universities, utilities, school districts, and emergency response services.
Learn more about Albert