Pricing that doesn't punish you for growing.

All 11 defense modules are included in every tier, on every server. You only pay for SLA, priority support and professional services.

Community
₽0/forever
Self-hosted, permissive license. Homelabs, hobby, non-commercial.
  • All 11 defense modules
  • Unlimited agents
  • Global threat-intel feed
  • Signed releases + YARA rules
  • Community support (GitHub/Telegram)
  • No SLA
Deploy now →
Pro
₽500/server/mo
SLA 99.9%, guaranteed response times, priority updates.
  • Everything in Community
  • SLA 99.9% control-plane
  • 4 h response for critical tickets
  • Priority feature requests
  • E-mail + phone support
  • Staging-channel early access
Start trial →
Enterprise
Custom
Large fleets, regulated industries, custom integrations.
  • Everything in Pro
  • On-site deployment assistance
  • Custom YARA rules + Sigma
  • Compliance packages (PCI-DSS, 152-FZ)
  • Dedicated security engineer
  • SOC/SIEM integration (Syslog, CEF)
Contact sales →

Built for the teams that break things — and need to stop others from breaking theirs.

Eleven defense layers, one binary, zero YAML. These are the four scenarios we obsess over.

🏢

Web hosting & VPS operators

Protect thousands of tenant sites against webshells, miners, brute-force and defaced pages. One agent per node; central panel for multi-tenancy.

See modules →
🛒

E-commerce & SaaS

Stop card-skimmers, Magento exploits, Laravel CVEs, API abuse. WAF + behavioral baseline. PCI-DSS-ready audit logs.

WAF details →
🏛️

Regulated & state

152-ФЗ, 44-ФЗ, 223-ФЗ compatibility. Russian Software Registry application submitted. Air-gapped install for classified fleets.

Compliance →
🧪

DevOps / platform teams

CI/CD safe. systemd-hardened agents. Metrics to Prometheus, logs to Syslog/CEF/SIEM. Runbooks for every event kind.

API →

By pain-point

🔥

Anti-ransomware

PHOENIX: honey-files, entropy spike detection, SIGSTOP + network quarantine. Safe by default.

PHOENIX →
🎭

Active deception

MIRAGE: decoy users, canary SSH keys, bait files, fake port listeners. Touch = 100% attack.

MIRAGE →
🧠

Behavioral anomalies

SENTINEL: self-learning per-process baseline. Catches zero-days without signatures, without ML models.

SENTINEL →

11 independent defense modules.

Every module can be turned on/off and switched between off / monitor / enforce / learning modes independently — from the panel or via ENV.

🔥

PHOENIX UNIQUE

Anti-ransomware, multi-layer. Honey-files + entropy + kill-STOP. 30+ backup tools whitelisted out of the box.
🎭

MIRAGE UNIQUE

4-layer active deception: decoy users, bait SSH keys, canary files, fake Redis/MySQL port listeners.
🧠

SENTINEL UNIQUE

Behavioral baseline per-process. 24h learning → zero-signature anomaly detection, without ML.
🔐

SSH Anti-Brute

Tail auth.log, ban >10 failed logins / 5 min, exponential re-ban on recidivism.
🍯

Honeypot ports

Listen on 2222/8088/etc. Any connection = permanent ban. Zero false positives.
🛡️

EDR-lite

/proc scanner every 60s: xmrig, kinsing, tsunami, cobaltstrike. Deleted-exec fileless detection.
📁

File Integrity Monitor

SHA-256 baseline of /etc/*, /usr/bin, /usr/sbin. Catches rootkit hooks.
🌐

Outbound C2 Detector

Detect phone-home to C2, mining pools, IRC botnets, Tor. Per-process attribution.
🎯

YARA Scanner

Signed Ed25519 rule-packs. Webshells, miners, backdoors. Extensible with community rules.
🔥

WAF Edge-Proxy

OWASP CRS-lite. 130+ rules: SQLi, XSS, LFI/RCE, SSRF, Log4Shell, Spring4Shell, Ivanti, Citrix.
🔒

Zero-Trust SSH

SSH closed by default. On-demand grants per IP + TTL. Never locks out your current session.
🌍

Threat Intel Cache

Live blacklist from all SaiCore-defended servers. IP banned elsewhere = already blocked on yours.

Built by offensive-security engineers.
For the defenders who have to clean up after us.

ООО «САЙКО» is a Russian cybersecurity company incorporated in the Republic of Tatarstan. We ship SaiCore and a handful of other security tools.

Founded

April 2025. One year from first commit to public beta.

Legal

ООО «САЙКО» · ОГРН 1251600018933 · ИНН 1683027173

HQ

420099, Республика Татарстан, с. Семиозёрка, ул. Зиганшина, 39

Roadmap

2025-Q2

Company founded

ООО «САЙКО» registered. First commits to the SaiCore agent in Go.

2025-Q4

Private beta

Linux agent + control-plane MVP. First 20 design partners onboarded.

2026-Q1

Flagship modules

PHOENIX, MIRAGE, SENTINEL released. 11 modules total.

2026-Q2

Public v0.1.0 + Russian Software Registry

Open signup, public pricing, submission to the Russian Software Registry.

2026-Q3 (planned)

Postgres + HA mode + Windows/macOS GA

Active/standby control-plane, fully-supported Windows and macOS agents.

2026-Q4 (planned)

eBPF kernel probes

Kernel-level syscall policy enforcement for PHOENIX and SENTINEL.

Talk to us.

The fastest way to reach a human is Telegram. For contracts, procurement paperwork and bug bounty — e-mail.

💬 Chat

Telegram: @saicore_support

Response: minutes during Moscow working hours.

📧 Sales

sales@saicore.ru

Procurement, Enterprise licensing, integrations.

🛟 Support

support@saicore.ru

SLA-backed. 4 h on critical tickets for Pro/Enterprise.

🔐 Security disclosure

security@saicore.ru

PoC welcome. First reply within 24 h. See disclosure policy.

📞 Phone

+7 (939) 744-20-58

пн–пт 10:00–19:00 МСК

🏢 Office

420099, Республика Татарстан,
с. Семиозёрка, ул. Зиганшина, 39

📝

Blog is on the way.

We're cooking deep-dive posts on PHOENIX internals, MIRAGE deception war-stories, and SENTINEL anomaly research. For now — follow @saicore_support on Telegram for updates.

← All modules
module

Module