Better than what we can do on our own, always in partnership

The sophistication of today’s information threats means a risk at one higher education institution can easily create a destructive ripple effect impacting the entire research and education community. To protect the sector, we need an integrated national approach and a flexible delivery model to identify and address evolving threats.

CanSSOC is working with institutional and sector partners to develop services that provide Canadian higher education institutions with threat intelligence that is more efficient and actionable, and leverages capabilities across local, provincial and national levels. Together, we are building expertise, services and a community-driven model that raises the bar of detection and response.

CanSSOC services specialize in detection and response.

Current services

Threat FeedPilot in progress.Threat Feed provides a sector-specific threat intelligence repository and platform with specialized feeds for current and educational-specific threats. It is based on intelligence from multiple sources, using contextual analysis to provide actionable alerts.Essential services
Threat AlertPilot in progress.Threat Alert provides curated alerts, detected by analysts and sent to individual institutions. It is based on intelligence from multiple sources, using contextual analysis to provide actionable alerts.Essential services
Threat AdvisoryPilot in progress.Threat Advisory is a timely news service summarizing current sector-specific active high-risk threats and anonymized observations from the CanSSOC Threat Alert service. Advisories are sent to all members and participating partners.Essential services
Vulnerability ManagementPilot launch date to be confirmed.Vulnerability Assessment provides external scanning to identify vulnerabilities detected within CanSSOC members’ public facing infrastructure.Essential services
Continuous MonitoringCanSSOC and CUCCIO joint pilot in progress.Continuous Monitoring provides an automated nightly feed of Bitsight rating change alerts and prioritized security observations. Observations are derived from more than 120 feeds of over 200 billion records per day, including botnet and grayware, out-of-date server software, out- of-date desktop/mobile device software, open ports and other “risk vectors.”Essential services
BenchmarkingDelivered by CUCCIO. Pilot with CanSSOC in progress.Benchmarking gathers third-party security ratings and participant survey data to benchmark the security performance of institutions in relation to their immediate peers and the overall higher education sector.Essential services
Vendor MonitoringDelivered by CUCCIO. Pilot with CanSSOC in progress.Vendor monitoring provides Bitsight company reports on vendors to assist with the purchasing and evaluation process or to monitor vendor performance throughout the year.Essential services
Advanced Detection and Response ServiceCurrently in development.The Detection and Response (D&R) service provides analysis of network flow data based on known threat intelligence (TI) and active high-risk threats. As a pilot service, CanSSOC analysts will monitor the stream of alerts and prioritize potential incidents in order to enable members to focus on priority threats. Depending on their capabilities, members will provide their network data and receive alerts based on analysis against TI generated by the CanSSOC network. Institutions that provide a wider range of data sources will receive more frequent alerts and more in-depth intelligence.Advanced Detection and Response

Partnering to deliver intelligent defence

You can’t just bring tools to the table, you also need to bring people and processes.

CanSSOC’s Threat Feed platform is funded through CANARIE’s Cybersecurity Initiatives Program (CIP) and lays the groundwork for common tools, knowledge and awareness across institutions, regardless of their maturity or capability in detection and response.

By partnering to detect and respond to cyber attacks, the sector as a whole is better protected through more intelligent defence.

Picture of a combination lock sitting on a laptop keyboard.

Building a connected and more cyber secure sector

CanSSOC works closely with National Research & Education Network (NREN) partners and other trusted community partners to integrate services, maximize resources, and simplify how institutions can consume the cyber security services they need.

We are eager to evolve the services and approaches with input from the sector. CanSSOC welcomes feedback from universities, colleges, polytechniques and partners to help ensure the services, deployments, and support models are fit-for-purpose and community-focused. Visit our Community Feedback page.

Join CanSSOC and team up to fight cyber security threats facing higher education institutions.


Contact us to learn more about our services or to participate in our pilot initiatives.

Stay connected

Subscribe to our mailing list to receive updates on CanSSOC news and events.

Services lifecycle

The CanSSOC Service Lifecycle will support appropriate allocation of resources and engagement with institutions that can both use the service and provide feedback into what is necessary to take each service to the next stage.
CanSSOC service lifecycle flowchart