With the rising number and sophistication of cyber-attacks faced by enterprises, modern CISO’s are ramping up internal processes and infrastructure to not only prevent incidents, but also remediate them faster to reduce the harmful impact of attacks on the organization. In larger enterprises today it is common to have a Security Operations Center (SOC) to monitor, investigate, and react to security alerts and thereby safeguard enterprise data and systems. A challenge for SOC teams is to create a bigger – and more effective - impact on the alert triage, escalation, and mitigation processes, all while fighting an increasing skills shortage where teams find themselves terribly understaffed and overworked.
With its strong analysis and visualization capabilities, Maltego can expedite and simplify complex SOC investigations, saving valuable time for analysts, incident responders, and threat hunters, by improving legitimization and false positive identification of alerts provided by security systems. This enables more efficient evaluations of incidents, as well as conducting effective investigation and analysis of anomalies and evidence left by threat actors in your networks.
In this paper, we introduce you to Maltego and give you a primer on Maltego Machines, a special Maltego feature which allows investigators to automate repetitive investigations by automating multiple steps in a single sweep.