Legal Services Information Sharing and Analysis Organization (LS-ISAO)

LS-ISAO is a member-driven community that shares threat and vulnerability information among member firms for their mutual defense. To prevent and respond to cybersecurity incidents, it also partners with leading sources of threat intelligence including other sharing communities, governments, and private security vendors. In daily practice, firms work together with in-house ISAO analysts to enrich and share actionable security information to secure firm systems, IP and client data. LS-ISAO and its partners exchange an average of 4,500 reports per year, on topics ranging from phishing campaigns and ransomware threats, to BEC attacks and APT activity. Its automated sharing platforms have access to million of Indicators of Compromise that are parsed into tens-of-thousands of industry-specific threat indicators every month.

Sharing communities are now recognized as one of the best defenses against cyber threats and attacks, and law firms are no longer alone in today’s hostile environment. Firms ‘trust-sourcing’ threat indicators for ISAO analysts to research, scrub and anonymize, yields actionable intelligence for dissemination to other members in real and near-real time. 

The community launched in August 2015 as a nonprofit designed and overseen by its members. Today, firms have joined the community from the United States, Canada, the United Kingdom, and Australia, with membership open to firms in New Zealand as well. 

For more information or to apply for membership, please contact:

Benefits of Joining LS-ISAO


Bronze Tier
<$75M in annual revenue
Silver Tier
$75M - $300M
Gold Tier
$301M - $700M
Platinum Tier
LS-ISAO Community Portal
1 User Login
3 User Logins
 4 User Logins
5 User Logins
The LS-ISAO portal provides a platform for sharing cyber and physical threat intelligence, in real-time. Intelligence that members share and receive includes actionable threat information, vulnerabilities, and advisories from community members, cross-sector partners, affiliated vendors, and government partners.
Access to Indicators of Compromise (IOCs) and Related Intelligence Products checkmark-0002.png checkmark-0002.png checkmark-0002.png  checkmark-0002.png  Sources include: trusted government partners, affiliated vendors, LS-ISAO community members, cross-sector partners, other ISACs/ISAOs, and open source analysis and research.
Daily Headlines checkmark-0002.png checkmark-0002.png  checkmark-0002.png checkmark-0002.png  Daily digest of open source news on cyber threats and vulnerabilities, for increased awareness.
Ability to Submit Cyber or Physical Threat Information: Anonymously or with Attribution checkmark-0002.png checkmark-0002.png  checkmark-0002.png  checkmark-0002.png Submissions can be made via phone, email or the portal. Submissions are analyzed, and shared as Cyber Incident (CYI), Cyber Threat (CYT), Collective Intelligence (COI) and/or Request for Information (RFI) regarding threats or industry specific information.
LS-ISAO Specific Alerts checkmark-0002.png checkmark-0002.png checkmark-0002.png   checkmark-0002.png Intelligence products specifically derived through special agreements with Trusted Partners to provide sensitive reporting on alerts relevant to the legal community. Sources include: government partners, international partners, and other intelligence producing organizations.
LS-ISAO Specific Vulnerability Reports and Analysis checkmark-0002.png checkmark-0002.png  checkmark-0002.png checkmark-0002.png  Community vulnerability reports on threats and possible exploits to critical systems identified as important by community members.
Cross-Sector Sharing with other affiliated ISACs/ISAOs checkmark-0002.png checkmark-0002.png checkmark-0002.png   checkmark-0002.png Cyber and physical threat alerts and notifications from cross-industry partners, through established lines of communication that abide by approved procedures and community agreements.
Critical Information Notification System (CINS) checkmark-0002.png  checkmark-0002.png  checkmark-0002.png checkmark-0002.png  The LS-ISAO Critical Information Notifications System contacts members during incidents which could have significant impact on the legal community. Includes notifications via text, phone, and email.
Participation in LS-ISAO Community Listserv checkmark-0002.png  checkmark-0002.png checkmark-0002.png   checkmark-0002.png Participation in the LS-ISAO listserv allows users to share and collaborate, with attribution.
Communications Support  checkmark-0002.png checkmark-0002.png  checkmark-0002.png checkmark-0002.png  Intended to support  LS-ISAO community in responding to any media inquiries or in support of a community wide message for public dissemination.
Affiliate Vendor Whitepapers  checkmark-0002.png  checkmark-0002.png  checkmark-0002.png  checkmark-0002.png Whitepapers focused on specific issues concerning the legal community exclusively for LS-ISAO Members.  
Vendor Discount Program Access  checkmark-0002.png checkmark-0002.png  checkmark-0002.png  checkmark-0002.png Members are offered a discount for the services or products provided by the vendors that partner with GRF and LS-ISAO.
Vendor Provided Training  checkmark-0002.png  checkmark-0002.png  checkmark-0002.png checkmark-0002.png  Educational training provided by vendors that partner with GRF and LS-ISAO.
LS-ISAO Monthly Report  checkmark-0002.png checkmark-0002.png checkmark-0002.png   checkmark-0002.png Members receive a monthly AMBER report which covers current cyber and physical events in an easily consumable format.
LS-ISAO Monthly Member Call  checkmark-0002.png checkmark-0002.png checkmark-0002.png   checkmark-0002.png Member join monthly calls to share and receive intelligence from the LS-ISAO analyst and other members and occasionally trusted partners. 
LS-ISAO Community-Only Document Library (Bronze members have restricted access to training documents)   checkmark-0002.png checkmark-0002.png  checkmark-0002.png  Within the portal, members can access a repository which includes best practices, security reports, surveys, meeting minutes, community guidelines, agreements, and more.
Access to LS-ISAO Member Directory   checkmark-0002.png  checkmark-0002.png checkmark-0002.png  Members can access the LS-ISAO Member Directory to reach out to hundreds of peers for assistance or to exchange threat information and mitigation techniques.
Access to LS-ISAO Knowledge Base   checkmark-0002.png  checkmark-0002.png  checkmark-0002.png The Knowledge Base contains open source threat and intelligence information, vendor security advisories, threat analysis tools, podcasts, social media accounts and much more. The purpose of these pages is to increase cyber and situational awareness. 
Cross-Sector Weekly IOC Report   checkmark-0002.png  checkmark-0002.png  checkmark-0002.png A report circulated in spreadsheet format for easy-upload to a SIEM appliance.
LS-ISAO Community-Only Chat Function   checkmark-0002.png checkmark-0002.png checkmark-0002.png The portal chat allows private discussion with other community members or groups on best practices, challenges or issues of concern.
Access to LS-ISAO Portal Mobile App   checkmark-0002.png checkmark-0002.png checkmark-0002.png The LS-ISAO Portal App allows users access to the portal from their mobile devices.
Ability to Survey the Entire LS-ISAO Community   checkmark-0002.png checkmark-0002.png checkmark-0002.png Ability to submit surveys to other community members on a wide range of topics in order to support your company's security programs.
Ability to Send/Receive Requests For Information (RFIs) within the LS-ISAO Community and Trusted Partners   checkmark-0002.png checkmark-0002.png checkmark-0002.png RFIs allow members to leverage help and advice from a broader community, including other industry sectors which face similar threats to their businesses. RFIs allow access to a wider range of information to support protection and mitigation.
Complimentary Passes to Educational Webinars   checkmark-0002.png checkmark-0002.png checkmark-0002.png Educational webinars on topics of interest to the LS-ISAO community.
Participation in LS-ISAO Member Committees    checkmark-0002.png checkmark-0002.png checkmark-0002.png Member Committees and Working Groups are member driven efforts to improve the community's security posture and enhance capabilities by coordinating response and proposing policies and best practices.
Complimentary Passes to Member Meetings/Workshops   checkmark-0002.png checkmark-0002.png checkmark-0002.png Small to medium size group of members come together for educational sessions and member discussions often classified as TLP RED.
Access to the LS-ISAO Community Threat Intelligence Platform (TIP)    checkmark-0002.png checkmark-0002.png checkmark-0002.png The Threat Automation Platform (TIP) is a tool to improve prevention and mitigation of cyber-attacks. Access to the LS-ISAO TIP enables effective sharing of raw and processed data in automated ways between different products, people and organizations.
LS-ISAO Portal Member  Protection     checkmark-0002.png checkmark-0002.png Member Protection is an incident response feature for Gold and Platinum members. This feature allows members to inform the Analyst team about any suspicious cybersecurity activity with just the touch of a button in the communtiy portal or mobile app.
Number of complimentary passes to LS-ISAO Annual Gathering
Annual summits bring together large groups of members for educational sessions, networking, and member discussions. 

 *Firms may opt to join a higher tier but cannot downgrade.