In June 2020, the Canadian Shared Security Operations Centre (CanSSOC) launched a threat intelligence pilot as one of the first initiatives to enable early prevention, detection, and more effective mitigation of cyber security threats to Canadian universities and colleges. CanSSOC’s Threat Feed platform consolidates multiple threat information sources into a single curated feed, making it easier for institutions to consume and act on this intelligence.
As part of this pilot, CanSSOC members receive targeted information and specialized feeds for general and educational-specific threats. CanSSOC analysts aggregate and curate essential threat intelligence data and members can share their own threat intelligence back to the CanSSOC platform.
Key benefits of the service include:
- Consolidation and distribution of various threat feeds (self-generated and external feeds)
- A unique point of integration (no-rework)
- A centralized vetting of feeds with consistent tagging and confidence interval
- A growing number of “consumable” lists that can be ingested in protection solutions within the members institution
- A growing number of “integration recipes” for protection solutions
Current data sources include:
- Canadian Center for Cyber Security (CCCS)
- Recorded Future’s commercial feed
- CanSSOC’s own threat intelligence
CanSSOC is also working with global community partners to acquire additional information on the data available through partners’ security operations centres (SOCs) and analysis.
Over the next few months, the Threat Feed platform will be refined and adjusted based on members’ feedback to increase the quality of the service. Phase one began in June with an initial cohort of pilot members onboarded for a preliminary round of consultation. Another intake of members will happen over the next two months, to continue fine tuning the service and explore recipes for deployment over a number of common devices.
Watch recorded webinar
On May 12, CanSSOC hosted a webinar outlining the pilot platform and answering questions from the community. The presentation materials from that session are available at the links below:
Visit the FAQs page for more information about the CanSSOC Threat Feed platform.