Albert: The Smart Networking Monitoring Solution for Utilities

network monitoring-power gridsThe world of network monitoring can seem a bit intimidating at first. There are a variety of solutions on the market offering to detect, alert, and mitigate your IT infrastructure against cyber threats. These include intrusion protection systems (IPS), intrusion detection systems (IDS), and all-in-one next-generation firewall appliances (NGFW).  Most of these network monitoring solutions are now offering next-generation threat detection methods that use machine learning to reduce false positives and detect anomaly network traffic. Albert is a passive IDS offered by CIS as a low cost and very effective network monitoring service for which threat detection is based on threat signatures.

Netflow Data & Threat Signatures

The Albert network monitoring service generates an organization’s Netflow data, which is monitored network traffic captured in session files. Albert compares the captured Netflow data against thousands of known threat signatures and Albert will send a threat alert when there is a match back to CIS’ 24x7 Security Operations Center (SOC) for further analysis.

Threat signatures are gathered from a variety of open-source and commercial Cyber Defense sources that include advanced persistent threat (APT) indicators. CIS’ Computer Emergency Response Team (CERT) develops custom threat signatures tailored to specific threats for our state, local, tribal, and territorial (SLTT) organization members. Threat signatures are updated twice daily to ensure organizations receive the latest security monitoring.

When a threat is detected

When a potential threat is identified, Albert generates an alert which is sent to CIS’ 24x7 SOC. A SOC analyst reviews the alert for malicious activity or data infiltration and notifies the affected organization if there are any concerns. Here’s how it works:


Event notifications from the SOC include:

  • System(s) affected
  • Identified issue
  • Mitigation recommendations
  • Traffic reports associated with the event

Round-the-clock assistance, updates, and more

The SOC has a 24x7 hotline for answering questions or querying Netflow data. Organizations using Albert also receive a monthly report for each Albert sensor, which includes details about actionable alerts and a review of the volume of traffic monitored.

CIS manages every Albert sensor, including updates to the operating system, engine, Netflow tools, and signature sets.

The Albert network monitoring solution is available to U.S. State, Local, Tribal, and Territorial (SLTT) entities, including public universities, utilities, school districts, and emergency response services.

Learn more about Albert

9 Security Resolutions for 2019

Ensuring continuity is essential for power and utility services. Security experts in this industry must…

Read More

How to Build a Cybersecurity Compliance Plan

Cybersecurity compliance can seem overwhelming at first. There is a multitude of standards, tools, and…

Read More

3 Steps to Infrastructure Security and Resiliency

November is Critical Infrastructure Security and Resilience Month. In this blog post, we’ll look into…

Read More
View All
Sign-up for
POWER Magazine's
Monthly e-Newsletter!
Email is required