The sophistication of today’s information threats means a risk at one higher education institution can easily create destructive ripple effects for the entire research and education community. To protect the sector, we need an integrated national approach and a flexible delivery model to identify and address evolving threats.

CanSSOC is working with institutional and sector partners to develop services that provide Canadian higher ed institutions with threat intelligence that is more efficient, actionable, and leverages capabilities across local, provincial and national levels. Together, we are building expertise, services, and a community-driven model that raises the bar of detection and response.

Current Services

Service TypeStatusDescription
Threat AlertPilot in progress.Threat Alert provides curated alerts, detected by analysts and sent to individual institutions. It is based on intelligence from multiple sources, using contextual analysis to provide actionable alerts.
Threat AdvisoryPilot in progress. Threat Advisory is a timely news service summarizing current sector-specific active high-risk threats and anonymized observations from the CanSSOC Threat Alert Service. Advisories are sent to all members and participating partners.
Threat feedPilot in progress.The threat feed service is a platform that provides a sector-specific threat intelligence (TI) repository and platform with specialized feeds for current and educational-specific threats. As a pilot service, members will receive blocklist and allowlist IP feeds for sites to deploy directly into protection solutions, CanSSOC analysts will aggregate and curate essential TI data and members will be able to easily share their own TI back to the platform.
Vulnerability managementPilot launch date to be comfirmed.Vulnerability management enables members to better identify, understand and manage vulnerabilities detected within their own infrastructure. As a pilot service, members will receive comprehensive posture reports, enriched with detailed events analysis and correlation insights.
Continuous Monitoring CanSSOC and CUCCIO joint pilot in progress.Continuous security monitoring will provide daily automated Bitsight alerts, including notices of compromised devices, patching cadence, out-of-date software for servers, desktops and mobile, as well as other risk vectors. As the pilot service evolves, an additional layer of monitoring will be integrated, with a CanSSOC analyst auditing the Bitsight alerts to help institutions escalate or prioritize critical instances.
BenchmarkingDelivered by CUCCIO. Pilot with CanSSOC in progress.Benchmarking gathers third-party security ratings and participant survey data to benchmark the security performance of institutions in relation to their immediate peers and the overall higher education sector.
Vendor MonitoringDelivered by CUCCIO. Pilot with CanSSOC in progress.Vendor monitoring provides Bitsight company reports on vendors to assist with the purchasing and evaluation process or to monitor vendor performance throughout the year.
Advanced detection and response Currently in development.Detection and response (D&R) provides analysis of network flow data based on known TI and active high-risk threats. As a pilot service, CanSSOC analysts will monitor the stream of alerts and prioritize potential incidents in order to enable members to focus on priority threats. Depending on their capabilities, members will provide their network data and receive alerts based on analysis against TI generated by the CanSSOC network. Institutions that provide a wider range of data sources will receive more frequent alerts and more in-depth intelligence.

Join CanSSOC and team up to fight cyber security threats facing higher education institutions.


Contact us to learn more about our services or to participate in our pilot initiatives.

Stay connected

Subscribe to our mailing list to receive updates on CanSSOC news and events.

Services Lifecycle

The CanSSOC Service Lifecycle will support appropriate allocation of resources and engagement with institutions that can both use the service and provide feedback into what is necessary to take each service to the next stage.
CanSSOC service lifecycle flowchart
Top view of a group of people working on various digital devices.

Future Services

CanSSOC is collaborating with National Research and Education Network (NREN) members and institutional partners to investigate enhanced and longer-term versions of these and other capabilities. Development is underway to determine appropriate architectures and explore how future services can be delivered in a scalable way.