Loading . . .

Enable Bear Fence
For Your MDE

Upgrade your Microsoft Defender for Endpoint with automated threat hunting for Fancy Bear / APT28 and 48 more russian nation state actors. Our team has manually crafted 242 behavior-based Sigma rules, extended by Threat Intelligence straight from the cyber frontlines in Ukraine and across Europe, and a feed of AI generated detection queries. Start defending all your endpoints for $249 per month.
Defend against active cyber military operations at consumer cost. Cyberwar has no borders, get proof here:
certfr
Operations vs france
CERT FR
cisa
Operations vs western countries
CISA
ukncsc
Operations vs united kingdom
UK NCSC

An Active Hunt for Fancy Bear and its siblings.
Always on guard, leave APT no chance.

A plug-n-play always-on service works seamlessly with your Microsoft Defender for Endpoint, helping you to automatically spot even earliest signs of a cyber attack. See every method used by Fancy Bear, also known as APT28, Sofacy, STRONTIUM, and Sednit. Automatically match your MDE data where it lives, with 242 behavior Sigma rules, over 1 million Indicators of Compromise and ever growing AI generated latest TTP rule feed linked to ATT&CK on all russian APT groups since 2021.
Attack Flow
img
Generated with Uncoder AI based on the following Threat Report:
Rules to detect this APT
Aliases
Target

Configure Fast and Easily

To start detecting bear actors on your network, just create an account at the SOC Prime Platform, set up a Data Plane for your Microsoft Defender for Endpoint, and set a scanning schedule.
microsoft
step-circle-1
1
Sign up
to the SOC Prime Platform
lines-bottom 1
2
Set up and Run
always on scans on TTPs & IOCs
lines-bottom 2
3
Get Protected
from Bear attacks
lines-bottom 3

Collective Defense of Europe
Built on European principles

SOC Prime’s DNA is Europe. We put our client’s privacy and security first and above all else. We deliver cutting edge detection engineering, threat hunting, bleeding edge threat intelligence and AI in the way that follows these principles.
  • Zero data collection: we send rules and IOCs to you instead of taking your data
  • No data leaves the EU (every byte served exclusively by AWS Frankfurt, Germany)
  • SOC 2 Type II certified private cloud, audited yearly since 2020
  • Meta-data and user info secured with AES-256, MFA and TLS 1.2
  • GDPR compliance at every step, we will forget you in < 24 hours
  • Microsoft Intelligence Security Association (MISA) partner since 2020
  • Proudly served over 1 billion detection rules since 2015
Scan your Environment for Signs of Russian APT

Pricing and Packaging

Our subscriptions equip everyone to enable base enterprise and government defense level against APT28 / Fancy Bear at consumer price range. For critical infrastructure and economy critical environments we offer an extended plan which goes beyond TLP:CLEAR and public cyber attacks evidence, leaving no log unchecked and no TTP missed.

Solo ($249/mo)
50 rules against Bear APTs
With updates and new rules added once new attack patterns are discovered. Note that relevant log sources are required
Special Attack Detective subscription with a separate Bear Shield hunting scenario to kick-start monitoring
1 Data Plane for easy integration with Microsoft Defender for Endpoint
IOC-based queries to hunt for Bear APTs and other malicious actors
AI-generated detection rules based on the most recent threat reports (coming soon)
Hunting for all triggered rules
1 custom repository for full detection life cycle management
Enterprise
242 rules against Bear APTs
With updates and new rules added once new attack patterns are discovered. Note that relevant log sources are required
Special Attack Detective subscription with a separate Bear Shield hunting scenario to kick-start monitoring
Multiple Data Planes for easy integration with Microsoft Defender for Endpoint
IOC-based queries to hunt for Bear APTs and other malicious actors
AI-generated detection rules based on the most recent threat reports (coming soon)
Hunting for all triggered rules
1 custom repository for full detection life cycle management
Premium Support

Interested in the Enterprise-Grade Solution?

Maximize your Microsoft Defender for Endpoint with automated hunting for APT28 (Fancy Bear) and other Russian APTs—powered by 242 hand-picked behavior queries by SOC Prime Team, global threat intel, and IOCs. Benefit from additional AI-generated content, other AI features, and zero trust approach for relentless defense.

BUY NOW for $249/mo
Interested in the Enterprise-Grade Solution