Resource April 2, 2021

Automated Indicator Sharing (AIS)

Automated Indicator Sharing (AIS)

Threat intelligence has become an essential part of the security landscape. The best solutions, like Adlumin, use machine learning to automate data collection and processing. They integrate with your existing third-party solutions, take in unstructured data from a variety of disparate feeds, and then provide context on indicators of compromise (IoCs) and the tactics, techniques, and procedures (TTPs) of threat actors. Good threat intelligence is actionable – it provides context, is timely, and provides decision-makers with insights about the threat at hand.

Over the past year, the engineering team at Adlumin has been working to strengthen our platform’s threat intelligence capabilities, and we recently launched an exciting new integration with CISA/DHS. Adlumin is now a participating member of CISA’s Automated Indicator Sharing (AIS) program. Threat intelligence feeds from AIS are pulled throughout the day. We are constantly scanning incoming and historical event data for indicators of compromise that we parse out of the feeds.

The AIS ecosystem empowers participants to share cyber threat indicators and defensive measures, such as information about attempted adversary compromises as they are being observed, helping protect other participants of the AIS community and ultimately limit the adversary’s use of an attack method. In the future, we will enable Adlumin customers to flag the IoCs they spot on their networks. Once a flagged indicator has been reviewed and confirmed, it will be submitted to AIS, where it will be shared with the community at large. More information about the AIS program is below.

Automated Indicator Sharing (AIS), a Cybersecurity and Infrastructure Security Agency (CISA) capability, enables the real-time exchange of machine-readable cyber threat indicators and defensive measures to help protect AIS community participants and ultimately reduce the prevalence of cyberattacks. The AIS community includes private sector entities; federal departments and agencies; state, local, tribal, and territorial (SLTT) governments; information sharing and analysis centers (ISACs), and information sharing and analysis organizations (ISAOs); and foreign partners and companies.

AIS is offered as part of CISA’s mission to work with our public and private sector partners to identify and help mitigate cyber threats through information sharing and provide technical assistance, upon request, that helps prevent, detect, and respond to incidents. The AIS ecosystem empowers participants to share cyber threat indicators and defensive measures, such as information about attempted adversary compromises as they are being observed, helping protect other participants of the AIS community and ultimately limit the adversary’s use of an attack method.

Learn more about AIS at https://www.cisa.gov/ais