The following services were developed as part of CanSSOC’s proof-of-concept (POC) and will be offered as pilot services in CanSSOC’s first year of operation.
|Continuous security monitoring||In progress. New institutions can sign up in December of each year.||Continuous security monitoring will provide daily automated Bitsight alerts, including notices of compromised devices, patching cadence, out-of-date software for servers, desktops and mobile, as well as other risk vectors. As the pilot service evolves, an additional layer of monitoring will be integrated, with a CanSSOC analyst auditing the Bitsight alerts to help institutions escalate or prioritize critical instances.|
|Threat feed||Targeted pilot service will launch for select institutions in June 2020.||The threat feed service is a platform that provides a sector-specific threat intelligence (TI) repository and platform with specialized feeds for current and educational-specific threats. As a pilot service, members will receive blacklist and whitelist IP feeds for sites to deploy directly into protection solutions, CanSSOC analysts will aggregate and curate essential TI data and members will be able to easily share their own TI back to the platform.|
|Executive news brief||Targeted pilot service will launch for select institutions in September 2020.||Executive news briefs provide targeted, impactful communications that decision-makers can use to increase incident response times and overall efficiency. As a pilot service, the briefs will provide information related to high visibility incidents and vulnerabilities, event(s) and potential impact(s) summaries and offer key recommendations for effective mitigation and remediation.|
|Vulnerability management||Targeted pilot service will launch for select institutions in December 2020.||Vulnerability management enables members to better identify, understand and manage vulnerabilities detected within their own infrastructure. As a pilot service, members will receive comprehensive posture reports, enriched with detailed events analysis and correlation insights.|
|Detection and response||Targeted pilot service will launch for select institutions in December 2020.||Detection and response (D&R) provides analysis of network flow data based on known TI and active high-risk threats. As a pilot service, CanSSOC analysts will monitor the stream of alerts and prioritize potential incidents in order to enable members to focus on priority threats. Depending on their capabilities, members will provide their network data and receive alerts based on analysis against TI generated by the CanSSOC network. Institutions that provide a wider range of data sources will receive more frequent alerts and more in-depth intelligence.|
Alongside these pilot services, CanSSOC will continue to investigate opportunities for enhanced and longer-term versions of these and other capabilities. Development is underway to determine appropriate architectures and explore how future services can be delivered to members in a scalable way.