Maltego
Maltego is a visualization tool used by security professionals, penetration testers, researchers, and forensic investigators to support a wide variety of cyber investigation activities. Maltego enables graphical link analysis which is used for real-time data mining. Maltego also provides for the display of this data on a node-based graph. This graphic display provides enhanced visualization of these connections between the data which is then more easily identified.
There are several Maltego solutions that include cybersecurity investigations, cyber crime investigations in support of law enforcement activity, and reducing fraud and insider threats.
Cyber Security Investigations
Maltego supports faster and more precise security operations center (SOC) team investigations.
- Maltego supports the integration of data sources and presents them to you within a single user interface (UI). This includes data sources such as ServiceNow, ELK, Splunk, and others. Maltego enables the use of Open Source Intelligence (OSINT) much more easily. Threat intelligence feeds from Recorded Future, Flashpoint, and Crowdstrike, and others, are also easily integrated. This enables you to contextualize alerts for a much more efficient and capable escalation process.
- Maltego speeds the analysis of data. Security researchers are more quickly able to identify relevant data from Security Information and Event Management (SIEM) platforms and then determine if it is potentially a real threat, or a false positive. You can also enhance and improve SIEM detection policies and rules with new Tactics, Techniques, and Procedures (TTPs), Incidents of Compromise (IOCs) and other data through Maltego analysis. This provides more efficient evaluations and provides the SOC with more time to spend on remediation of identified threats.
- Investigations may also be automated through the use of Maltego Machines. Maltego Machines are macros in the Maltego Desktop Client. Maltego Machines can run multiple Transforms on a data set. The Maltego macros are written using the special Maltego Scripting Language. This scripting language is a custom scripting language which allows users to create their own Machines macros. Machines can run Transforms in parallel and sequentially.
- Maltego enables your team to conduct a highly efficient and effective investigation of the evidence left behind by threat actors that have been present in your networks and systems. Root cause analysis, the remediation of Advanced Persistent Threats (APTs), unknown vulnerabilities and security gaps within networks can all be found more quickly using Matego’s visual analysis. Maltego provides strong support for Penetration Testing (Pentest) teams and helps them contextualize and understand the significance of otherwise disparate cybersecurity data.
- Maltego also supports team collaboration. This is an important feature – this enables teams to use live graph sharing to share insight and enhance collaboration. Shared data may include a threat overview and investigation reports. Collaboration may be integrated with existing workflows. New insights from investigation work can flow into the SIEM, ticketing systems, and other related forensic tools.
- Maltego connects to data sources that may include, but are not limited to:
- Recorded Future
- Domaintools
- Crowdstrike
- VirusTotal
- RiskIQ
- Farsight Security
- Splunk
- ServiceNow
- Cisco Threat Grid
- Cybersixgill
- Intel471
- OpenCTI
- Orbis
- Pipl
- Scamadviser
- STIX
- AlienVault OTX
- GreyNoise Enterprise
- Kaspersky
- NIST NVD
- LoginsoftOSING
- And many more.
Law Enforcement
Maltego accelerates the speed and accuracy of the most complex cybercrime investigations.
- Maltego enables the integration of data sources such as a case management system, forensic tools, and other data sources that adds efficiency and speed to evidence processing. Teams can identify and utilize many types of OSINT data without exposing their own IP data. This includes safe access to dark web, social media data from a single source.
- Case investigation is enhanced with easy access to dark web and social media data. Investigation teams can quickly and more easily visualize relevant data to find patterns and connections. Automation with Maltego Machines can speed up repetitive tasks.
- Case building is also enhanced as teams can more easily collaborate and share discovered insights via the live graph sharing capabilities of Maltego. Digital evidence reports can be extracted which are highly useful to prosecution teams. Insights learned can also flow back into case management systems which will enhance future investigation activity.
- Digital footprints of criminals are there – Maltego helps you ensure the results of an investigation and support the prosecution’s efforts. Maltego helps you visualize the patterns which emerge and then switch between critical nodes to identify persons of interest. Maltego’s automatically generated reports reduce time and effort spent on reporting.
Trust and Safety
Maltego increases the speed and accuracy of highly complicated trust and safety investigations.
- Maltego helps you access all of your data through one UI. CRM, user behavior analytics, ticketing system data, and more are integrated within one place. Data access to multiple internal databases is enhanced and can be effectively managed in support of compliance requirements and policies. Collaboration of digital evidence is enhanced. Insights determined may flow into your CRM in support of future investigations.
- Maltego helps your team reduce resolution time, analysis time and the time spent in determination of attribution. Your team can solve a larger volume of investigations in a shorter period of time. Most important, you can determine the source and activity surrounding the abuse of valuable customer data or user generated content in violation of your policies.
- Maltego enables you to use past investigation results to understand and analyze the development of future abusive behavior and the trends leading to it. Maltego enables you to improve detection rules so that malicious insiders have less opportunity to operate within your networks unnoticed. All of this is important feedback which can flow into other internal systems and then used in the future.
Maltego Desktop Client
The Maltego Desktop Client is the visual interface which provides the UI to the users. The desktop client is a Java application that runs on multiple platforms to include Windows, Mac, and Linux. Users can create graphs using an intuitive and user friendly point-and-click frontend. There are currently several editions of Maltego. Per the Maltego website, these are “generally differentiated by the number of Entities that a Transform can return, the number of Entities that can be on a single graph and their availability for commercial use.” Casefile is often used by analysts to support offline investigations where they do not have access to the standard Transforms which Maltego provides.
Want to learn more? Check out our FREE Bugcrowd University to sharpen your hacking skills.
Organizations the world over need your help! Join our researcher community to connect with hundreds of organization programs focused on finding their security vulnerabilities. Our vast directory includes programs for all skill levels, across many industries and from around the world.
Get started with Bugcrowd
Hackers aren’t waiting, so why should you? See how Bugcrowd can quickly improve your security posture.