fr
Français
Infographic showing cybersecurity services represented by interconnected security icons around a central shield, using CANARIE’s cyan and teal colour palette on a light cyan background.

CanSSOC Threat Feed

Sector-specific threat intelligence that enables Canada’s research and education organizations to anticipate attacks, make proactive intelligence-led decisions, strengthen resilience, and translate insight into action — efficiently and at scale.

The Threat Feed delivers sector-specific threat intelligence to research and education organizations by:

  • Aggregating and curating threat intelligence from government entities, commercial threat intel providers, member institutions, and the open-source community into multiple threat intelligence feeds that can be deployed into an organization’s existing security appliances.  
  • Providing monitoring and reporting services to help identify and mitigate potential threats originating from the dark web.

Benefits for research & post-secondary education organizations:

  • Strengthens existing protections by providing actionable threat intelligence, purpose-built for the sector.
  • Easily integrates into most next-generation firewalls (Palo Alto, Fortinet FortiGate, and Cisco Firepower) and security information and event management systems (SIEMs) to automatically block malicious IP addresses, URLs, and domains.
  • Delivers cost savings by leveraging commercially available threat intelligence and feeds.
  • Enables easily consumable and shareable threat intelligence.

Benefits to institutional IT/Cybersecurity teams:

  • Significant time savings from a vetted and consolidated feed that automatically blocks threats. The CanSSOC Threat Feed curates threat intelligence from several sources and is continuously updated with actionable intelligence for your IT & security teams.
  • Timely alerts if sensitive data such as login credentials, personal information, or proprietary information has been compromised and is being sold or shared on the dark web

Who can benefit?

Any organization with a next-gen firewall or SIEM can use the Threat Feed to strengthen its cybersecurity posture with minimal effort from IT staff and can contribute indicators of compromise (IOCs) or identify threats for the benefit of other institutions.

Accessing the Threat Feed

Depending on your needs, your organization can:

  • Get direct access to the Malware Information Sharing Platform (MISP) to access and share threat intelligence.
  • Integrate into your next-generation firewall to block high-risk threats.
  • Incorporate the threat intelligence feeds into additional security appliances (SIEMs, IDS, etc.) to address internal use cases.

Threat Intelligence Sources

  • A growing list of commercial threat feeds, government threat intelligence sources (e.g., Aventail), and threat intelligence from partner organizations
  • In-house and Open-Source Intelligence (OSINT)
  • Global data sharing agreement with Five Eyes partners

Related:

Threat Intelligence Services
Cybersecurity Initiatives Program (CIP)
Participate in the CIP
Frequently Asked Questions
CIP Support