Is Albert effective?
- Doug McLean
Albert sensors, in combination with a layered “defense in depth” approach to cybersecurity, have proven to be highly effective in protecting against cyber threats, including known ransomware. While no IDS can detect 100% of malicious traffic, this powerful capability detects virtually all known threats that have documented IDS signatures.
As a signature-based IDS, Albert is as effective as the signatures with which it is configured. CIS subscribes to the latest commercially-available signature sets, subsequently deploying those signature sets to Albert. CIS works diligently to also research and develop custom signatures to deploy to Albert that are specifically tuned to the threats that may impact U.S. SLTT government and election community organizations.
Another factor leading to Albert’s effectiveness is the speed at which the 24x7x365 CIS Security Operations Center (SOC) reviews and notifies monitored organizations of threats the Albert sensor detects. The CIS SOC notifies the monitored organization with an industry-leading average of less than five minutes when the Albert sensor alerts on potential malicious or anomalous activity. This response speed enables cybersecurity defenders to quickly take action to defend their networks and contain threats to reduce the impact of a successful attack.
Albert sensors and associated SOC support are approximately one third the cost of alternative commercial products and monitoring services, and the average alert response time of under five minutes is much quicker than alternative services.