CSE Releases a Detection and Analysis Tool to Protect Canadian from Malware

From: Communications Security Establishment Canada

News Release

Ottawa, October 19, 2017 – One of the Government of Canada’s top priorities is protecting the safety and security of Canadians, including from cyber threats. As part of Cyber Security Awareness Month, Canada’s Communications Security Establishment (CSE), has released Assemblyline, one of its own cyber defence tools, as open source software.

Assemblyline is a platform for analyzing malicious files that was developed by CSE’s Cyber Defence team. The platform is used to detect, analyse and triage malicious electronic files, and is designed to assist cyber defence practitioners to analyze large volumes of files on a customized basis. Users can deploy their own analytics, such as antivirus products or custom-built software, into Assemblyline to reduce the number of non-malicious files that require inspection, in order to allow security analysts to focus their time and attention on the most harmful files.

Canada’s success in cyber security is dependent on government, academia and industry working together. The release of Assemblyline is an opportunity for the cyber security community to take what CSE has developed and improve upon it to benefit all Canadians.

Quotes

“I am delighted to see the CSE take this unprecedented step in sharing the results of their unique expertise, to help Canada and Canadians improve their cyber security. For the first time, Canadians have direct access to one of the tools developed by the experts at CSE”

-     Defence Minister Harjit S. Sajjan

“As the Government of Canada’s centre of excellence in cyber security, we are responsible for defending and protecting computer networks and electronic information of greatest importance to the Government of Canada. The release of Assemblyline benefits the country and CSE’s work to protect Canadian systems, and allows the cybersecurity community to build and evolve this valuable open source software.  Assemblyline is one of the tools CSE relies on every day.”

-     Greta Bossenmaier, Chief CSE

“Cyber security is our specialty, but it’s everyone’s business. By releasing Assemblyline, we’re sharing some of our in-house cyber security tools with Canadians and Canadian businesses.  Assemblyline is one of the key tools that has freed up CSE cyber security analysts’ time to focus on innovative ways to thwart increasingly-sophisticated malicious cyber activity targeting the Government of Canada.  We hope that others are able to see the same benefits and will contribute to a more cyber safe and resilient Canada.”

-     Scott Jones, Assistant Deputy Minister, IT Security

Quick Facts

  • Assemblyline is designed to work like a conveyor belt – files arrive in the system and are triaged in sequence;

  • Assemblyline generates information about each file and assigns a unique identifier that travels with the file as it flows through the system;

  • The analytical tools selected by the user in Assemblyline analyze the files, looking for indications of maliciousness and, if needed, extracting files for further analysis;

  • The system can generate alerts that can be used by either analysts or automated defensive systems;

  • Malicious indicators generated are then fed back into the system and distributed to all other defensive systems on the user’s network.

Associated Links

Contacts

For more information (media only) please contact:

CSE Media Relations

Media@cse-cst.gc.ca

613-991-7248

Page details

Date modified: