Extension Monitor

Track browser extension installations / threats in real-time

Browser extensions are leaking private data about your organization. Many request an excessive amount of data from users and resell it. Extension Monitor helps IT and Security teams track browser extension installations and threats in real-time.
Discussion
Would you recommend this product?
3 Reviews5.0/5
Great product. Security is a common concern and I think the audience here at PH will relate to this product better than most. I do think your CTA of "Fix this now" is not strong and "Request demo" seems like the main CTA? Either way, both inevitably lead to the same thing which is an anchor to the pricing columns and another CTA "Start now". I would suggest having a single CTA at the top such as "Install Extension Monitor". As that is the action I want to take after reading what it is and what it does. Secondly, I think not offering a quick way to trial it in a self serve way will impact your conversion rate severely..
@colinwinhall Thanks for the feedback!
@colinwinhall I took your advice and simplified it down to a single CTA I'll have to think about how to offer a trial. Maybe let people download and install the agent on one machine for free. Viewing data for more would require an upgrade. I tried to avoid technical complexity in the launch, but will consider it when optimizing.
Thanks @benln for hunting! I built Extension Monitor to solve what I think is one of the biggest unsolved threat vectors in an organization, user-installed browser extensions. Read more about the threat in the launch post: https://extensionmonitor.com/blo...
People have asked about how to score threats for browser extensions. Here's some background... Scoring is a complex problem and there's some literature on the subject. We can break down scoring / threat intelligence into a few buckets: - Known bad actors: some extensions are known bad actors. They've exposed data and even made the news for it. Let's make sure those are absolutely not running in your environment. - Heuristic classification: a number of heuristics can be used to score the threat of an extension, for example, the permissions it requests, its content security policy, etc... - Automated code review: even if an extension developer is not themselves intentionally malicious, the extension may be using outdated or vulnerable libraries that can be exploited by others. - Manual review: there are over 200k extensions so an extensive manual review of each is not practical. Still, for the most popular extensions, a manual review can effectively score the extension based on factors that are difficult to automate. For example, review of the privacy policy, investigation of the owner entity and its business practices, etc... - Corroboration / triangulation: a category of threat detection that Extension Monitor will be able to provide at scale is that of cross-referencing installations with purchased data to single out likely sources. These may also apply to a single extension across versions / time.
I have total faith in anything William Wnekowicz is involved with!