Welcome back to another dispatch from the CTO! This is the second in our blog and webinar series on Maltego’s product roadmap. If you missed the first one, check it out here.
Next Up: Maltego ID 🔗︎
The next release of Maltego is all about identity. For once, this isn’t about the identity of investigation subjects, but a focus on user management.
We’ve known for a while that we have a gap when it comes to serving our organizations with multiple users. Our current user management model has admins manually tracking license keys for software and API keys for data access. The next Maltego Desktop Client release (Version 4.6.0) will put us on the road to addressing this and several other identity and user management related topics.
Starting with the Maltego ID for CE 🔗︎
This fall, we will deploy the new Maltego ID platform for CE users with the Maltego Desktop Client Version 4.6.0 release. As you may know, CE users already access Maltego with a username and password rather than using a license key, so CE users will experience minimal change other than the seamless backend transition to Maltego ID.
With Maltego ID in place, CE users will be able to add multi-factor authentication (MFA) to their accounts. This ensures security for your Maltego CE logins. Existing accounts will continue to function as they do today. Once upgraded to Version 4.6.0, you can trigger the migration of your CE account to Maltego ID simply by changing your password.
We are staging the 4.6.0 release carefully so it will not impact the ability of Pro or Enterprise users’ access to Maltego or any ongoing investigations. Future releases will give other users the option of migrating to Maltego ID and simplifying the management of their Maltego experience.
More capabilities to come, also for Pro and Enterprise 🔗︎
We have several exciting new capabilities in development for the Maltego platform that will layer on top of the Maltego ID to provide additional services. We are keenly aware that centralized user management, single sign-on, auditing, and accounting are all desperately needed features for our enterprise, government, and law enforcement customers. Maltego ID solves many of them directly and makes the rest possible.
I’ve already mentioned that MFA becomes an option for Maltego ID accounts at launch. We know that our users pay careful attention to security, so we will soon release the option for federated authentication (via Microsoft and Google) as we roll out Maltego ID for all Maltego users. If your organization uses either of these authentication platforms, you will be able to configure Maltego ID so that your existing accounts will just work.
Extending the federated options, we will also announce Security Assertion Markup Language (SAML) integration for customers with enterprise authentication requirements. Finally, in terms of authentication, we will offer an on-premise version of Maltego ID that will integrate with internal sources of authentication for eligible customers.
As we deploy Maltego ID to larger audiences, such as Pro and Enterprise customers, we will start migrating some of our related services to Maltego ID, such as our learning platform Spark, the Maltego community, and some new tools that aren’t announced yet. Our goal is to simplify your user experience by reducing the number of accounts and unifying the user experience between Maltego tools.
A centralized admin portal for Pro and Enterprise users 🔗︎
Additionally, with Maltego ID, Enterprise and Pro customers will be able to manage their licenses and user entitlements in a centralized admin portal. This will let you say goodbye to spreadsheets for tracking API and license keys.
Maltego ID will also enable users to load a saved configuration at login. This removes the need for users to enter data provider API keys, as they can be managed centrally. Customers using Maltego in Virtual Desktop Infrastructure (VDI) environments can look forward to a significantly improved experience.
We also have several browser-based tools already in trails which will leverage Maltego ID further. Stay tuned for updates on those tools!
Stay tuned for Version 4.6.0 and more! 🔗︎
I’m really excited about all the new capabilities that Maltego ID will unlock for our customers and user community. We’ve listened carefully to the administrative and security concerns shared by our customers. We think Maltego ID addresses these concerns and sets us up to be well positioned to rapidly support new products and capabilities in the future.
While Maltego ID is the big feature in Version 4.6.0, it’s not the only improvement. We’ll share more features coming and bugs fixed as part of Version 4.6.0 shortly.
Be careful out there.
About the Author 🔗︎
Ben April is the Chief Technology Officer at Maltego Technologies GmbH. Prior to Maltego, Ben was the CTO of Farsight Security, Inc. (acquired by DomainTools LLC). In his time at Farsight Security, Ben and his team drove advances in the fields of real-time privacy centric Internet telemetry and Passive DNS technology. Ben is on a lifelong crusade to eliminate the technical and policy barriers that impede robust data-sharing among white-hat security researchers. Ben is also a volunteer sysadmin and coder for some trusted-community security projects.