Security
Safeguarding Education Through Innovation
MERLIN delivers enterprise-grade cybersecurity solutions tailored for Manitoba’s education and public sectors — from threat detection and firewalls to DDoS protection and proactive scanning, we keep your networks safe so learning never stops.
MERLIN hosts an anti-spam / anti-virus filtering service for any school division that runs and maintains their own email server.
Highly targeted phishing campaigns are the top concern as spammers are utilizing improved techniques for evading IP reputation-based and traditional anti-virus tools. MERLIN continues to use new and novel methods to keep users from receiving unwanted or malicious email.
Security-as-a-Service utilizes our groundbreaking cybersecurity mesh architecture (CSMA) to deliver a decentralized security solution while creating a flexible and adaptive security perimeter.
CSMA advanced AI and ML are in constant communication with the key tools we use to deliver Bell Cyber K-12 Security-as-a-Service including:
- A managed SIEM – Security Information and Event Management (powered by FortiSIEM)
- Vulnerability Management – a continuous, proactive process of identifying, evaluating, treating, and reporting on security vulnerabilities in systems and software (powered by Qualys)
- Threat Intelligence Sources – ongoing threat awareness and alert updates along with security advisories (powered by Anomali)
- SOAR – Security Orchestration, Automation, Response (powered by FortiSOAR)
- Configuration Management Database (CMDB) – providing a comprehensive view of your IT assets.
*Formally known as STRATEJM-BELL
Bitwarden, the most trusted password manager, offers an easy and safe way for organizations and individuals to store and share sensitive data from any device.
Visit our Provincial Licensing & Purchasing page to learn more.
All Internet traffic through MERLIN is protected from DDoS attacks. MERLIN currently sees over 100 Distributed Denial of Service (DDoS)
attacks per month. MERLIN leverages a DDoS Mitigation Service from our Internet Service Provider which continues to be very effective. Tools for DDoS attack protection and mitigation are also implemented and built into our core networking infrastructure.
As MERLIN continues to assist customers in protecting their infrastructure, we have launched Sightline Management, our DDoS solution tool that helps mitigate DDoS attacks.
A GUI is made available to all customers where they can go to see the traffic generated from their public IPs by ports or protocols over various time periods. Additionally, users can look at their DDoS alert history, check for patterns and take proactive actions to protect their environment.
CIRA has leveraged their expertise in DNS to offer a suite of cybersecurity services to protect Manitoba educational organizations from cyberattacks. Included in the MERLIN Partner Program, these include
- Anycast DNS infrastructure
- A world-class anycast DNS infrastructure with a strong Canadian presence. It adds a resilient global DNS footprint to your website to protect from DNS DDoS attacks and provide 100% up-time.
- DNS Firewall (enterprise level protection)
- CIRA DNS Firewall adds a low-maintenance layer to your cybersecurity footprint. By monitoring and analyzing your DNS traffic, the service’s powerful threat feeds block cyber threats like malware, phishing and botnets as they arise, while its customizability allows organizations to add specific sites, they don’t want users visiting.
MERLIN also facilitates a standing offer with CIRA for XDR/MDR.
- CIRA XDR (Extended Detection and Response)
- A unified, Canadian-hosted security platform that delivers continuous visibility and protection across endpoints, cloud, networks, and workloads.
- CIRA XDR provides the following:
- A combination of advanced threat detection, automated response, and compliance-focused controls into one integrated solution.
- SIEM and SOAR that are fully cloud-based infrastructure hosted in Canada.
- Helps organizations strengthen security posture and reduce operational burden in a cost-effective alternative to large vendor ecosystems.
- Community‑driven threat intelligence enhances detection accuracy and keeps pace with emerging threats.
- CIRA MDR (Managed Direction and Response)
- Delivers 24/7 expert-driven threat monitoring, investigation, and response, providing organizations with a fully managed security operations capability without the need for in‑house analysts.
MERLIN is a partner organization of CCCS and receives priority alerts and access to the Aventail Threat Feed. This service completes public scanning of our IP space and provides reports on potential vulnerabilities.
MERLIN also accesses CCCS’ Threat Briefings where they share current and emerging cyber threat information, IoC, and mitigation strategies.
These details inform MERLIN practices and can be applied to K-12 services.
MERLIN, in collaboration with CANARIE, is a participant in the Canadian
Shared Security Operations Centre (CanSSOC) project to identify and share security threat intel with institutions across Canada. This threat intel is integrated into MERLIN security services to provide protections to our client.
Regular Monthly External network security scans help protect your organization by regularly checking your External systems for potential vulnerabilities—like outdated software, weak spots, or misconfigurations.
These scans work behind the scenes to detect issues early, so they can be fixed before they lead to serious problems like data breaches or downtime. Monthly reports are sent to organizational staff.
Based on a Palo Alto Networks firewall and currently serves 34 educational organizations. It includes all the protection of MERLIN’s vulnerability protection service and provides the following additional benefits:
- Layer 7 next-generation firewall technology which provides application visibility. Clients can identify and classify application traffic from applications such as Facebook, YouTube, Dropbox, iTunes, X (formerly known as Twitter), FaceTime, Pinterest, Instagram, BitTorrent, and Netflix.
- User identification through the firewall’s User ID functionality. This connects to a division’s user directory and provides the ability to apply application control rules to the appropriate users and groups.
- Application control by user or group which provides flexibility on how, when, and to what destinations they are allowed. Applications can be blocked, allowed, or limited based on the application’s category and the educational need.
- Visibility of internal device addresses which increases the client’s ability to track down and identify the source of malicious traffic and unwanted applications.
- Content filtering by user or group allows for multiple unique content filtering profiles within a single school or site.
- Secure VPN with MFA access to internal systems for staff.
- Advanced vulnerability, anti-virus, and spyware protection
Internal network security scans help protect your organization by regularly checking your internal systems for potential vulnerabilities—like outdated software, weak spots, or misconfigurations.
These scans work behind the scenes to detect issues early, so they can be fixed before they lead to serious problems like data breaches or downtime.
MERLIN’s Palo Alto firewall integrates a robust Intrusion Prevention System that scans all traffic for threats such as viruses, worms, spyware, and hacking attempts.
Using real-time analytics, honeypots, and threat intelligence from global partners, our IPS actively blocks, logs, and reports suspicious activity before it can impact your network.
The Weathermap / Observium tool provides school divisions with a point-in-time view usage through their network performance monitoring. This web-based monitoring system can:
- Provide real-time and historical heath and performance metrics for devices on a network
- Generate alerts based on user-defined test conditions and thresholds
- Actively test availability of services such as Firewall
Our Off-Site Immutable Data Backup service keeps your most critical files safe, secure, and tamper-proof—no matter what happens.
By storing backups in a separate physical location and locking them against changes, we ensure your data remains untouched and available when you need it most. Even in the event of a cyberattack, accidental deletion, or system failure, your backup stays clean and recoverable.
Options include:
- M365 Tenant Data Backup
- Google Workspace Data Backup
- Off-Site Backup Storage Service
- Off-Site S3 Backup Storage Service
MERLIN has implemented a number of security scanning tools to actively scan and monitor our education client’s public facing service for security vulnerabilities and potential exposure.
Provides a secure and simplified way of routing your network traffic on the internet.
Visit our Hosting page to learn more.
We stop malicious software before it reaches your users.
MERLIN’s proactive threat mitigation blocks drive-by downloads, malware infections, and phishing attempts using a multi-tiered filtering strategy built on both signature-based and behavioral detection.
MERLIN provides protection from known vulnerabilities, spyware, and viruses by utilizing a Palo Alto Networks firewall. Non-hosted firewall client traffic passes through this firewall and is:
- Scanned for client and server-based vulnerabilities – Vulnerabilities classified as critical, high, and medium severity are automatically blocked.
- Scanned for viruses – Web, FTP, IMAP, POP3, SMTP,
and SMB traffic is analyzed. Traffic containing
viruses is blocked and the connections are reset. - Examined for spyware – Spyware categorized and
classified as critical, high, and medium severity are
automatically blocked and connections are reset.
MERLIN also makes use of Palo Alto’s Advanced Wildfire service for all client traffic. This service uploads unknown executables and portable apps to its Cloud sandbox. Files are executed and all activity is monitored to determine if the file contains malware or behaves in a malicious way. Future downloads of any files identified as malicious are blocked.
Our web content filtering through Palo Alto allows partners to block or allow specific websites based on categories, URLs, or external blacklists; empowering administrators to prevent access to inappropriate or harmful online material.
This service protects users against malicious and evasive web-based threats; both known and unknown. It provides granular URL filtering, visibility into user activity, safe search enforcement, and phishing prevention.
Training
MERLIN is committed to services that strengthen client understanding of cybersecurity and support self-sufficiency at the educational institutional level.
A training platform to empower employees to prevent and report cyber attacks. Phishing simulations, courses, gamification and reporting, in one platform.
Account licensing is available for both staff and students.
Through our partners, MERLIN hosts a variety of different informational and training events on the topic of cybersecurity.
Visit our Event Calendar to see upcoming and past offerings.
MERLIN facilitates a variety of different informational and training events on the topic of cybersecurity.
Learn more by visiting our Training page.
Visit our Event Calendar to see upcoming and past offerings.
MERLIN works with Stormwind to provide access to Unlimited IT and Project Management courses, live instructor led classes, as well as self-paced recorded courses and hands on labs and practice tests.
Licensing includes FREE access to a dedicated Security Awareness Training course (estimated $225 value).
The full course catalogue offers a variety of security-related topics.
Visit our Provincial Licensing & Purchasing page to learn more.
Contact Us
For more information about Security