Direct browser management,
fully automated

Fantomo keeps your company software secure, helps guide employee behavior, and discovers shadow IT apps in real time — without slowing down your computer systems or invading worker privacy.

Business View Take a Deeper Look

Smart Website Controls

Create clear guidelines for what websites your company uses. Block unsafe sites, redirect users to approved tools, and present guidance notices automatically.

  • Guided Traffic: Steer staff toward corporate-approved software.
  • Pre-Packaged Categories: Instantly manage entire categories of sites, like social media or generative AI.
  • Group Flexibility: Target rules and define exceptions using Google Workspace and Office 365 OUs and Groups.
  • Frequency Caps: Set how often employees see policy warnings to avoid message fatigue.

Local rule evaluation & exclusions

The client-side matching engine runs inside the sandboxed extension process context, checking all navigation events in user space. It performs checks in less than 50 milliseconds using memory-mapped Bloom filters and FNV-1a hash tables, adding zero latency to page loads.

The control plane compiles rules and propagates updates via a compressed JSON endpoint. Exclusions can target specific directory groups or Organizational Units, meaning you can restrict access for the organization while allowing access for select development teams.

  • Network Stack Filtering: declarativeNetRequest rules evaluate prior to JS execution.
  • Scoped Exceptions: Define exclusions by GWS OUs and M365 security groups.
  • Frequency Management: Limit warning display rates locally to avoid user fatigue.
  • Local Hashing: Check domain violations without exposing raw URLs to the cloud.
MATCH: *.openai.com ACTION: WARN & LOG PRIORITY: 100 (Default)

Automated Background Installation

Install the software across all company computers instantly without bothering your employees. The installation happens silently in the background, and cannot be deactivated or removed by staff.

  • Zero Staff Effort: No login prompts, setup wizards, or employee actions required.
  • Permanent Security: Runs natively in the browser so it cannot be toggled off or bypassed.
  • Centralized Control: Works with standard device management systems used by your IT administrator.
  • Instant Sync: Automatically registers new browsers in your dashboard.

MDM provisioning & deployment

Deploy the client seamlessly across your endpoints by using standard enterprise policy templates. The browser reads force-install directives on start, pulling the package from web stores and disabling manual user toggle switches on the extensions management page.

Provisioning variables are injected directly into the browser's managed storage registry via plist configuration profiles on macOS or registry keys on Windows. This initializes the client silently, syncing the active browser profile with the management console.

  • Silent Handshake: Automatic organization enrollment via managed schemas.
  • MDM Templates: Compatible with Intune, Jamf Pro, Kandji, Mosyle, and GPO.
  • Tamper Protection: Force-install policies block user-level deactivation.
  • No Agent Overhead: Runs as a native browser process without system services.
{ "ExtensionSettings": { "[email protected]": { "installation_mode": "force_installed", "update_url": "https://clients2.google.com/service/update2/crx", "managed_schema": { "tenant_id": "tnt_839f201d2a3", "api_endpoint": "https://api.fantomo.io" } } } }

Prevent Data Exposure

Ensure sensitive organization files, customer credentials, and intellectual property don't get uploaded to unauthorized websites or public AI tools.

  • On-Device Scans: Scanning happens locally on the employee's computer, so raw data never leaves their device.
  • Automatic Detection: Identifies when sensitive items like credit cards or account keys are typed.
  • Clear Warnings: Alerts employees when they attempt to share sensitive corporate materials.
  • Justified Exceptions: Allows staff to proceed if they submit a valid business reason (e.g. for customer support).

User-space data loss prevention

The content script executes client-side scanning inside the tab sandbox. It registers input, paste, and drag-and-drop listeners to evaluate text elements before payloads leave the browser, ensuring sensitive parameters do not reach third-party API endpoints.

The script runs pre-compiled regex matching strings locally against text input fields. Violation alerts render inside isolated Shadow DOM nodes to bypass target page CSS styles, and any user-submitted bypass comments are uploaded as signed JSON payloads.

  • Local Evaluation: Inspect input fields, textareas, and file drops on-device.
  • Pattern Libraries: Match SSNs, credit cards, database links, and API keys.
  • Bypass Log Auditing: Collect and encrypt user-entered business justifications.
  • UI Separation: Shadow DOM isolation prevents parent site interference.
DLP ALERT: Blocked Upload Detected: AWS API Key Pattern: AKIA[0-9A-Z]{16}

Shadow IT Discovery

Discover which software applications are trending inside your company. Spot security outliers or sudden adoptions of new tools so you can consolidate software costs.

  • Software Trend Spotting: Find out if multiple staff members are signing up for the same new website.
  • Secure Accounts: Protect against browser hijacks or compromised login credentials.
  • Simple Oversight: View alerts and trending tools in a single company dashboard.
  • Staff Privacy: Focuses strictly on software adoption metrics without logging personal employee searches.

SaaS signup & activity telemetry

The client monitors account registration pages by scanning DOM elements for login forms, signup fields, and identity provider handshakes. This captures new tool usage without decrypting network traffic or utilizing static server gateways.

Telemetry data is aggregated locally to compute usage metrics. The client strips full URL paths, search strings, and personal identifiers, sending only the destination domain and anonymized metrics to protect employee privacy.

  • DOM Input Scans: Identify new SaaS accounts via submit form structures.
  • Metadata Scrubbing: Remove query variables, query fragments, and paths.
  • Anomaly Detection: Calculate z-scores to flag sudden adoptions.
  • Directory Scoping: Filter SaaS usage metrics by synchronized OUs and Groups.
Anomaly +340%

Tenant Security Compliance

Audit and remediate tenant security profiles for M365 and Google Workspace. Review status checklists, receive configuration drift alerts, and automate setup.

  • Temporary Consent Model: Uses temporary elevated credentials that automatically self-destruct in 15 minutes.
  • Frictionless Manual Steps: Grouped by Control Panel dashboard location so administrators can execute steps sequentially.
  • Config Drift Monitoring: Scans tenants daily to detect unauthorized changes, notifying admins of configuration drift.
  • Detailed Recovery Audits: Run multi-point validation scans on emergency recovery accounts, auditing user privileges, on-premises sync states, Conditional Access exemptions, and login activity.
  • Licensing-Aware Compliance: Automatically identifies licensing constraints for premium controls (SSPR, Defender) and marks them as unsupported to prevent false posture failures.
  • ITSM Integrations: Automatically generates high-priority tickets in connected PSA systems like ConnectWise and Autotask.

API-driven cloud posture auditing

The platform performs daily compliance checks of your cloud tenants by querying the Google Admin Directory and Microsoft Graph APIs. It reviews critical configurations, flags unauthorized modifications, and issues configuration drift alerts.

Remediation scripts execute using temporary, short-lived OAuth tokens that expire after 15 minutes. The scanner automatically filters checks based on active licensing tiers, avoiding false alerts on premium controls that are not supported.

  • Security Drift Scans: Daily checks for legacy auth blocks, MFA, and app consent.
  • Emergency Access Checks: Validate emergency break-glass account exemptions and privileges.
  • Temporary Credentials: Auto-remediate configurations using self-destructing tokens.
  • ITSM ticket sync: Open alerts in ConnectWise or Autotask PSA platforms automatically.
SECURE TOKEN: ACTIVE

One live pane of glass

Every alert, detection, risky app, and pending approval across the platform lands in a single auto-refreshing view. Admins keep it open all day and work one prioritized queue instead of hopping between a dozen reports.

Needs-your-attention feed

Security alerts, high-risk SaaS, new Shadow IT, and access requests merge into one severity-sorted, click-through queue.

Always live

The Command Center refreshes itself every 45 seconds — no reloads — and pauses politely when the tab is in the background.

Organized into Workspaces

A short sidebar of tabbed Workspaces — Threats & Alerts, SaaS Governance, Activity Logs — plus a grouped Settings area replaces a long, flat menu.

Drill in, one click

Every item links straight to the underlying report, so triage takes seconds without losing the big picture.

Detection and response, in the tab

The extension already watches logins, tokens, pastes, downloads, and OAuth. Now it turns that into a threat feed you can act on, and sends it wherever your team works.

One detections feed

Phishing, ghost logins, credential reuse, and AiTM session risk land in a single triage view with status and severity.

Identity posture

See which accounts skip SSO or run without MFA, per app, drawn from real login events.

Extension inventory

Every extension on every device, rated by permissions, install source, and a known-bad list.

Response & SIEM

Fire playbooks on a detection, block a domain in one click, and stream events to Splunk, Sentinel, or CrowdStrike Falcon Next-Gen SIEM.

Granular feature comparisons

Technical breakdown of policies, enforcement methods, and reporting options.

Feature & Capability Core Plan Required Add-on / Tier
Browser Rule Engine
Steer employees toward approved websites and SaaS tools. Block unauthorized pages and show guided policy messages.
Included Standard
Silent Deployment (Force-Push)
Centralized background installation via Microsoft Intune, Jamf Pro, or GPO. Runs as a locked browser policy so staff cannot remove or toggle it off.
Included Standard
SaaS Signup Detection
Automatically logs when staff members create accounts or sign in to unauthorized tools.
Shadow IT & SaaS Management ($99/mo)
Slack Alerts & Webhooks
Send immediate alerts to Slack channels or external security systems when risky events or signups occur.
Shadow IT & SaaS Management ($99/mo)
Data Loss Prevention (DLP)
Prevent data leaks by blocking employees from typing sensitive patterns (like credit card numbers or API keys) into generative AI or external sites.
Policy Auditor / DLP ($29/mo)
Detailed Session Audit & Retention
Logs compliance histories and software usage with customizable audit retention logs (30 days to 4 years).
Full Browsing & Analytics ($119/mo)
Tenant Security Compliance
Audit M365 and GWS configurations, trigger automated remediation using 15-minute temporary credentials, and receive alerts on configuration drift.
Tenant Security Compliance ($49/mo)
Network Performance Diagnostics
Monitors page load latency and response times to diagnose remote employee connection and website performance issues.
Remote Network Telemetry ($59/mo)