Foundational capabilities for more intelligence defence

CanSSOC’s essential services provide a foundation of common detection and response protections for higher education institutions.

CanSSOC’s Threat Feed platform is an essential building block for many of the essential services. Funded through CANARIE’s Cybersecurity Initiatives Program (CIP), the Threat Feed was developed by McGill University as part of CanSSOC’s federated approach.

Current services

ServiceStatusDescriptionType
Threat FeedPilot in progress.Threat Feed provides a sector-specific threat intelligence repository and platform with specialized feeds for current and educational-specific threats. It is based on intelligence from multiple sources, using contextual analysis to provide actionable alerts.Essential services
Threat AlertPilot in progress.Threat Alert provides curated alerts, detected by analysts and sent to individual institutions. It is based on intelligence from multiple sources, using contextual analysis to provide actionable alerts.Essential services
Threat AdvisoryPilot in progress.Threat Advisory is a timely news service summarizing current sector-specific active high-risk threats and anonymized observations from the CanSSOC Threat Alert service. Advisories are sent to all members and participating partners.Essential services
Vulnerability ManagementPilot launch date to be confirmed.Vulnerability Assessment provides external scanning to identify vulnerabilities detected within CanSSOC members’ public facing infrastructure.Essential services
Continuous MonitoringCanSSOC and CUCCIO joint pilot in progress.Continuous Monitoring provides an automated nightly feed of Bitsight rating change alerts and prioritized security observations. Observations are derived from more than 120 feeds of over 200 billion records per day, including botnet and grayware, out-of-date server software, out- of-date desktop/mobile device software, open ports and other “risk vectors.”Essential services
BenchmarkingDelivered by CUCCIO. Pilot with CanSSOC in progress.Benchmarking gathers third-party security ratings and participant survey data to benchmark the security performance of institutions in relation to their immediate peers and the overall higher education sector.Essential services
Vendor MonitoringDelivered by CUCCIO. Pilot with CanSSOC in progress.Vendor monitoring provides Bitsight company reports on vendors to assist with the purchasing and evaluation process or to monitor vendor performance throughout the year.Essential services
Advanced Detection and Response ServiceCurrently in development.The Detection and Response (D&R) service provides analysis of network flow data based on known threat intelligence (TI) and active high-risk threats. As a pilot service, CanSSOC analysts will monitor the stream of alerts and prioritize potential incidents in order to enable members to focus on priority threats. Depending on their capabilities, members will provide their network data and receive alerts based on analysis against TI generated by the CanSSOC network. Institutions that provide a wider range of data sources will receive more frequent alerts and more in-depth intelligence.Advanced Detection and Response

Join CanSSOC and team up to fight cyber security threats facing higher education institutions.

Interested?

Contact us to learn more about our services or to participate in our pilot initiatives.

Questions?

Browse our Frequently Asked Questions (FAQs) to learn more about the Threat Feed platform.