Register for our upcoming webinar on electoral integrity! The 2024 Election Playbook with Maltego: Analysis, Challenges, and Solutions on Thursday, March 21, 2024 at 16:00 CET. Grab your spot now! close

Maltego for Cyber Threat Intelligence

Schedule A Demo

Know Your Enemies Even Better within Minutes

Dig into what your enemies don’t want you to find out

Maltego helps you reduce the time needed to gain knowledge about threats potentially harmful for your organizations and clients. Within minutes, you can gather and map comprehensive threat landscapes, threat actor profiles, TTPs, and other intelligence to support various security operations. Using Maltego’s built-in function, you can even automate standard workflows and focus your workforce on deriving intelligence from the data gathered.

Intelligence and information collection at a glance

Maltego uses link analysis to build a comprehensive visual overview of your incidents. You can explore data relationships intuitively and dynamically using various layouts to establish informed, effective response plans.

With Maltego, our Threat Intel team can conduct network footprinting and visualization faster and better than before, allowing us to stay ahead.

Jaya Baloo
Avast

Easily and securely access all your data in one single interface

Maltego reduces the complexity of using multiple tools by integrating otherwise siloed data sources—SIEMs, logs, ticketing systems, internal databases, threat intelligence, OSINT, vulnerability scanners—you name it. With the Enterprise on-premise deployment plan, we ensure the security of sensitive internal data with industry standard authentication for impermeable access control.

A great strength of Maltego is the ease of gaining insights from multiple, disparate data sets. In the past couple of years, Maltego has been increasingly developed towards a relevant market place for data and I am excited to see how this will evolve in the future.

Maltego is the first tool I'd install on any researchers laptop, and the first I open any time I'm starting a new investigation. From the ability to access many different data sources through one tool, to the advanced visualisations, its an absolutely essential part of modern cybercrime research

Simply smart, powerful and efficient tool! As a seconded researcher of Trend Micro to INTERPOL and some of my co-researchers, Maltego is essential in our day to day cybercrime investigation for the purpose of chasing down the threat actors and revealing their modus operandi and infrastructure.

Maltego allows us to quickly pull data from profiles, posts, and comments into one graph, where we can conduct text searches and see connections. In just a few minutes, we can narrow initial research to a handful individuals using variations of aliases connected to suspected local traffickers. We would not have been able to do that without Maltego.

I have been an avid user and advocate of Maltego for many years, using it especially for internet infrastructure mapping. However, its automated search and graphing capabilities make it perfectly suited for creating cryptocurrency transaction maps. If you are looking for a low cost entry into address identification, I highly recommend it.

Maltego is a wonderful aggregator of interfaces to various OSINT databases. The company behind Maltego has even formed its own OSINT ecosystem. Maltego can scan a target website, but then it lets its users effortlessly apply what it calls “Transforms” from its ecosystem to connect the web information to various databases. I’ve been blogging about infosec for years, and even I’m nervous about Maltego’s capabilities. With OSINT, knowledge is truly power.

Maltego is simply limitless in the options that it provides us. We see great potential in the default options available in Maltego, from graphing capabilities to the different entities to data integrations. It allows us to extend its capabilities and customize it to our investigative needs.

Built to support multiple incident response workflows

IOC Collection for Specific Threats

Gather IOCs associated with particular threat actors using OSINT data, regex searches, as well as threat intelligence feeds.

Profiling Threat Actor Infrastructure

Map a malicious activity such as phishing to existing threat actors or campaigns and uncover a comprehensive overview of their infrastructure.

Profiling Threat Actors

Generate intelligence or analyze a threat actor’s profile using social media intelligence.

Attacks and TTPs Analysis

Generate intelligence about previous incidents or profile similar working malware with current and past behaviors of the adversaries.

Vulnerability & Attach Surface Assessment

Evaluate a new vulnerability by identifying IOCs of ongoing malicious activities and scanning public and internal assets for exposure.

Frequently asked questions

Where is the data stored, and who has access to the data?

Users can store data within Maltego for the duration of their usage session. However, it’s important to note that Maltego is primarily a data visualization and threat intelligence analysis tool. Maltego does not provide centralized data storage. Users’ investigations are locally stored on the analysts’ machine, as Maltego is a locally installed application.

Are there any security and privacy concerns when using Maltego?

The privacy and security of investigations primarily depend on how users handle data, their OPSEC practices, the data sources they use, and how they manage and secure their local machine and Maltego environment.

What are the differences between Maltego Pro and Maltego Enterprise?

Maltego Pro is designed for individuals, while Maltego Enterprise is a more comprehensive version designed for organizations and teams, offering collaboration enablement, dedicated Customer Success Managers, enterprise support SLAs, guided onboarding and deployment, custom engineering, and access to advanced customized training courses. 

To find out more about access to data sources and the number of Transforms allowance in each plan, you can download the overview here.  

More information on Maltego plans can be found here.

What deployment options are available for Maltego?

Maltego Enterprise supports both cloud and on-premise deployment options. Users can choose the deployment option based on their requirements and preferences, including on-premise, their own cloud, or Maltego’s cloud, or even work completely offline.  

These flexible deployment options are designed to allow enterprise teams to focus on investigations while Maltego takes care of setup and maintenance. Please note that these options are not available in the Maltego Pro plan.

What training is available for Maltego users?

All Maltego users have access to our comprehensive online documentation, tutorials, and handbooks. Maltego offers online on-demand learning through a platform called Spark.  

Access to on-demand courses is included in all Enterprise subscriptions. Pro customers get free access to an introductory course and can purchase other courses separately. Enterprise customers also have the option for personalized training and learning guided by Maltego subject matter experts.

What is the onboarding process like for Maltego?

Onboarding time and ease of use can vary based on the user’s familiarity with similar tools and the complexity of their investigative needs. Maltego provides resources such as tutorials, documentation, and community support to aid in onboarding. For Maltego Enterprise users, there is an in-person onboarding option and guided deployment to ensure a smooth setup process.

How does Maltego access data, and how can I use data in Maltego?

Maltego can access data from various public sources and private databases through its integration with different APIs. Users can connect to these APIs to fetch and analyze data within the Maltego platform.  

We offer different models of data access, namely click-and-run, free data, Maltego data subscriptions (or data bundles), and paid API keys, which need to be purchased separately. Find more details here.

Does Maltego have its own dataset?

Maltego itself does not have a proprietary dataset. Instead, it facilitates access to various public sources and private databases by combining different data sources within one user interface. 

Users can also import and analyze data from other sources, including internal sources, using the tool’s functionalities.

Can Maltego be integrated with SIEM, SOAR, or automation systems?

Yes, Maltego can be integrated with SIEM, SOAR, as well as various automation systems to enhance security analysis and incident response capabilities.

Is virtual deployment possible for Maltego?

Yes, Maltego can be deployed in a virtualized environment to suit different infrastructure requirements.

Does Maltego offer investigation services?

Maltego does not offer investigation services. It is a tool used by analysts and investigators for conducting their own investigations.

Is Pay-per-Transform pricing available for Maltego?

Pay-per-Transform services are not available. You can view all access options to the Transform Hub for your Maltego Plan here.

Start enhancing your investigations with Maltego Today!

Get A Demo