fr
Français
Infographic showing a map of Canada in aqua with a red circular network symbol superimposed over it and a central padlock, representing shared security operations

CanSSOC Shared Security Operations Centre (Pilot)

Acting as a force multiplier, the Canadian Shared Security Operations Centre (CanSSOC) enriches and elevates institutional defenses across Canada’s post-secondary sector. This CANARIE initiative creates national threat visibility and alerting, streamlines incident response, and helps strengthen collective cyber resilience across the sector.

CANARIE’s CanSSOC team works in concert with regional partners in the National Research and Education Network (NREN) and institutions to help strengthen digital defenses across Canada’s post-secondary sector.

The goal of CanSSOC is to enable near real-time capture and sharing of cybersecurity alerts across the ecosystem, enrich them with expert analysis and threat intelligence, and coordinate timely responses to emerging threats.

What CanSSOC is:

  • A coordinated, national cybersecurity service that enables sector-wide visibility and supports orchestrated response to cyber threats
  • 24×7 actionable threat alerting and blocking for institutions (planned)
  • Enrichment and contextualization of alerts using national-level threat intelligence
  • An automated mechanism to help block real threats quickly
  • Advanced analysis and engineering capabilities, including threat hunting (planned), malware analysis, and forensic tools

What CanSSOC is not:

  • A replacement for local responsibility for security operations
  • A centralized SOC that replaces institutional or regional operations
  • A raw log aggregator or data warehouse
  • SIEM, MDR, or XDR

Funding

Funding for CANARIE’s cybersecurity programs, including CanSSOC, is provided by the Federal Government through Innovation, Science, and Economic Development (ISED).

How to Participate

The CanSSOC Pilot has concluded, and a proposal has been submitted to ISED to enable participation through the CANARIE Cybersecurity Initiatives Program.

Diagram illustrating the CanSSOC cybersecurity coordination model across institutions and networks

Through Regional NREN Partner SOCs

The primary connection model is through your Regional NREN Partner SOC, which:

  • Provides managed SOC services and support
  • Manages integration with CanSSOC
  • Coordinates threat response with national teams

This approach ensures strong regional-national alignment while building on existing local investments and relationships.

Direct Connection for Qualified Institutions

Institutions with sufficient internal capacity or MSSP support may connect directly if they:

  • Complete a baseline operational readiness review
  • Have staff identified to manage and respond to alerts
  • Can receive alerts via ticketing or other process
  • Use a supported security platform (e.g., Sentinel, QRadar, Elastic)

Questions

To learn more or to discuss questions your team may have, please contact us at [email protected].

Related:

Participate in the CIP
Frequently Asked Questions