fr
Français
Illustration of a light blue map of Canada with a central padlock symbol, surrounded by red circuit lines connecting cybersecurity icons such as alerts, monitoring, and analytics, representing Cybersecurity Threat Intelligence Services.

Cybersecurity Threat Intelligence Services

Gather, analyze, enrich, and share actionable intel on potential cybersecurity threats and vulnerabilities, to understand the threat landscape, anticipate potential attacks, and take proactive action.

CanSSOC was created on the principle that no single institution can tackle cybersecurity challenges alone.

Founded by six institutions – University of British Columbia, University of Alberta, University of Toronto, McMaster University, Toronto Metropolitan University, and McGill University, the CanSSOC vision lay the groundwork for common cybersecurity tools, knowledge, and awareness across institutions, regardless of their maturity or capability in detection and response.

Threat Intel in Action

More than 185 Canadian institutions benefit from CANARIE’s Threat Intelligence Services:

  • Institution 1
  • Institution 2
  • Institution 3

Have a Threat Intel story to share? Send us a note at [email protected].


In May 2022, the CanSSOC team and Threat Feed service were integrated into a new operating department of CANARIE. What started as a curated Threat Feed to automatically block emerging threats from reaching participating institutions has evolved into a powerful model of coordinated and trusted sharing of threats across Canada’s research and education sector.

CANARIE Cyber Threat Intelligence Services

Threat Feed

The Threat Feed delivers sector-specific threat intelligence to research and education organizations by:

  • Aggregating and curating threat intelligence from government entities, commercial threat intel providers, member institutions, and the open-source community into multiple threat intelligence feeds that can be deployed into an organization’s existing security appliances.
  • Providing monitoring and reporting services to help identify and mitigate potential threats originating from the dark web.
Learn more

Threat Advisories

Advisories are curated vulnerabilities and threats that impact the research and education community, provided in a summarized advisory to inform and alert organizations of high priority cybersecurity issues.

Threat Alerts

Threat Alerts deliver targeted communications to individual organizations, such as detected compromised systems or accounts from Dark Web Monitoring and other services.

Dark Web Monitoring

Monthly “CHESS”
Threat Sharing Calls

Canadian Higher Education Security Sessions (CHESS) calls bring the community together each month, in a secure, closed forum to share insights, alerts, and incidents — leveraging collective expertise to strengthen cybersecurity across the sector

Monthly “CHECKERS”
Threat Sharing Bulletins

Cybersecurity Highlights, Emerging Campaigns, Key Exploits, Reports, and Summaries (CHECKERS) is a monthly snapshot of critical threats and insights for Canada’s research and education sector, consolidating cyber threats affecting the research & education sector to support effective communication of these risks across your organization.

Community Slack
Channel

A national, closed communication channel for real-time collaboration and knowledge exchange.

Threat Feed

Benefits for research & post-secondary education organizations: 

  • Strengthens existing protections by providing actionable threat intelligence, purpose-built for the sector  
  • Easily integrates into most next-generation firewalls (Palo Alto, Fortinet FortiGate, and Cisco Firepower) and security information and event management systems (SIEMs) to automatically block malicious IP addresses, URLs, and domains. 
  • Delivers cost savings by leveraging commercially available threat intelligence and feeds. 
  • Enables easily consumable and shareable threat intelligence 

Benefits to institutional IT/Cybersecurity teams: 

  • Significant time savings from a vetted and consolidated feed that automatically blocks threats. The CanSSOC Threat Feed curates threat intelligence from several sources and is continuously updated with actionable intelligence for your IT & security teams. 
  • Timely alerts if sensitive data such as login credentials, personal information, or proprietary information has been compromised and is being sold or shared on the dark web 

Who can benefit? 

Any organization with a next-gen firewall or SIEM can use the Threat Feed to strengthen its cybersecurity posture with minimal effort from IT staff and can contribute indicators of compromise (IOCs) or identify threats for the benefit of other institutions. Organizations can also leverage the MISP solely for investigative or research purposes. 

Accessing the Threat Feed 

Depending on your needs, your organization can: 

  • Get direct access to the Malware Information Sharing Platform (MISP) to access and share threat intelligence. 
  • Integrate into your next-generation firewall to block high-risk threats.  
  • Incorporate the threat intelligence feeds into additional security appliances (SIEMs, IDS, etc.) to address internal use cases. 

Threat Intelligence Sources 

  • A growing list of commercial threat feeds, government threat intelligence sources (e.g., Aventail), and threat intelligence from partner organizations (e.g., ) 
  • In-house and Open Source Intelligence (OSINT) 
  • Engaging in a global data sharing agreement with other National Research and Education Networks (e.g., Jisc in the UK, and AARNet in Australia) and security operations centres (e.g., OmniSOC in the US) 

 

Related:

CanSSOC Shared Security Operations Centre Pilot
Participate in the CIP
Frequently Asked Questions
CIP Support