fr
Français
Illustration of a light blue map of Canada with a central padlock symbol, surrounded by red circuit lines connecting cybersecurity icon of a bar chart representing analytics and Cybersecurity Benchmarking Services.

Alert Synchronization, Triage, & Action (CanSSOC Federated SOC Pilot)

Near real-time capture and sharing of cybersecurity alerts across Canada’s research & education sector – enriched with expert analysis and threat intelligence 

Detect once, protect everywhere.

Acting as a force multiplier, the Canadian Shared Security Operations Centre (CanSSOC) enriches and elevates institutional defenses across Canada’s post-secondary sector. This CANARIE initiative creates national threat visibility and alerting, streamlines incident response, and helps strengthen collective cyber resilience across the sector.

CANARIE’s CanSSOC team works in concert with regional partners in the National Research and Education Network (NREN) and institutions to help strengthen digital defenses across Canada’s post-secondary sector.

What CanSSOC is:

  • A coordinated, national cybersecurity service that enables sector-wide visibility and supports orchestrated response to cyber threats
  • 24×7 actionable threat alerting and blocking for institutions (planned)
  • Enrichment and contextualization of alerts using national-level threat intelligence
  • An automated mechanism to help block real threats quickly
  • Advanced analysis and engineering capabilities, including threat hunting (planned), malware analysis, and forensic tools

What CanSSOC is not:

  • A replacement for local responsibility for security operations
  • A centralized SOC that replaces institutional or regional operations
  • A raw log aggregator or data warehouse
  • SIEM, MDR, or XDR

Connecting to CanSSOC

The primary connection model for institutions to connect to CanSSOC is through regional NREN Partner SOCs, which:

  • Provide managed SOC services and support
  • Manage integration with CanSSOC
  • Coordinate threat response with national teams

This approach ensures strong regional-national alignment while building on existing local investments and relationships.

However, institutions with sufficient internal capacity or managed security service provider (MSSP) support may connect directly to CanSSOC if they:

  • Complete a baseline operational readiness review;
  • Have staff identified to manage and respond to alerts;
  • Can receive alerts via ticketing or other process; and
  • Use a supported security platform (e.g., Sentinel, QRadar, Elastic).

How to Participate

The CanSSOC Pilot has concluded, and a proposal has been submitted to Innovation, Science, and Economic Development (ISED) to enable participation through the CANARIE Cybersecurity Initiatives Program.

With additional federal funding, participants will also be able to benefit from the scaled orchestration and alerting services of CanSSOC in two supported ways, depending on their current capabilities and partnerships.

Diagram illustrating the CanSSOC cybersecurity coordination model across institutions and networks

Questions

To learn more or to discuss questions your team may have, please contact us at [email protected].

Related:

Cybersecurity Initiatives Program (CIP)
Participate in the CIP
Frequently Asked Questions