Albert Sensors
About the Albert Sensor
Albert provides network security alerts for both traditional and advanced network threats, helping organizations identify malicious activity. This Intrusion Detection System (IDS) uses open-source software combined with the expertise of the *CIS’s Security Operations Center (SOC) to provide enhanced monitoring capabilities and notifications of malicious activity. For more information, visit cisecurity.org/services/albert-network-monitoring/.
Albert Sensor – Quick Facts
Albert is not a firewall. It looks specifically for connections to known malicious sites in order to alert counties and enable them to respond. It is 100% passive and cannot affect the network in any way.
Albert cannot change data, nor does it monitor or record the contents of the data. Albert simply watches “where the traffic is going,” but it does not watch the traffic itself. It does nothing with “normal” traffic once it is determined to be non-malicious.
More importantly, Albert does not monitor voting and tabulation systems, which are not connected to the internet. However, malicious data can still cause problems with an office’s operations; Albert simply helps detect and prevent that threat.
Ransomware Cost Avoidance
In 2018 and 2019, Albert helped detect and stop 305 ransomware attacks (avg cost/incident $71-77k, or over $22M in total)
| Ransomware Cost Avoidance | |||
|---|---|---|---|
| Period | MS-ISAC Defeated Ransomware Infections* | Average Cost of Ransomware Infection** | Total Ransomware Cost Avoidance |
| 2018 (Jan-Dec) | 189 | $71,378 | $13,490,442 |
| 2019 (Jan-Dec) | 116 | $77,407 | $8,979,212 |
| Totals | 305 | $22,469,654 | |
| *Number of confirmed ransomware infections that were detected by MS-ISAC Albert network monitoring that were partially or completely defeated through detection, rapid escalation, and effective response efforts. **Includes costs of ransom(s) and downtime, does not include costs for infrastructure upgrades or professional services. | |||
The average time to respond to a detected incident was 5.5 minutes.
*About CIS
CIS®, or the Center for Internet Security, is home to the Multi-State Information Sharing and Analysis Center® (MS-ISAC®), the trusted resource for cyber threat prevention, protection, response, and recovery for U.S. state, local, tribal, and territorial government entities, and the Elections Infrastructure Information Sharing and Analysis Center® (EI-ISAC®), which supports the rapidly changing cybersecurity needs of U.S. elections offices.
CIS created and maintains the “CIS Critical Security Controls” and “CIS Benchmarks,” globally recognized best practices for securing IT systems and data.
For more information, visit cisecurity.org/about-us/