Data Integration for a New Era: Maltego
Maltego: The 20-Second Download
“The core and the heart of Maltego is the concept of being able to integrate and mine data from very dispersed data sources and make that really easy,” said Philip Mayrhofer, Maltego CEO. The company’s core offering is an open-source intelligence and graphical link analysis tool for investigative tasks. Today, Maltego is used by thousands of users including security professionals, forensic investigators, investigative journalists and researchers.
“We regard Maltego as a critical tool in the arsenal of the modern and digital investigator,” added Mayrhofer.
Maltego’s key use cases include cyber security, protecting users in social networks, know your customer (KYC) and law enforcement. The company is headquartered in Munich, Germany, and has a remote and global team.
Recalibrating for a Changed Threat Landscape
Mayrhofer discussed the evolution of the threat landscape during COVID-19. In addition to the re-emergence of fraud and phishing campaigns, particularly around the rush to acquire PPE, remote work has expanded the attack surface area. These abrupt changes created a need for recalibration for people and machines alike.
“We see that there has been a lot of disruption in systems or routines that people have been used to,” he said. “If you rely heavily on automations, on rules detecting threats or intruders that are trained on historic data, and all of a sudden you have a major categorial shift in the landscape, this actually leads to new and categorial changes in the rules themselves. Machines sometimes may not be calibrated well enough to manage the new landscape in the beginning. And that is when the human needs to come in and try to navigate this.”
Acknowledging the brisk environment for threat intelligence providers, Mayrhofer said.
“We are standing on the shoulders of giants here because we're just the integrators of those data feeds and they had to do all the work of getting those indicators, endpoints, etc. categorized and providing them to their customers.”
Customers also continue to seek solutions and support in integrating data sets and tools. “We hear of tool fatigue, implying that operatives are just overwhelmed with all the different tools and data sources that have been acquired in the past years. And that they are actually longing for integration of data and seeing how it fits together.” Maltego aims to address that need by integrating a wide array of data sources into a single interface. It can integrate open-source data, intelligence sources, search engine queries, commercial feeds of threat intelligence providers, as well as internal and proprietary data from its customers.
Mayrhofer said customers are carefully evaluating their budgets and tools post-COVID, with an eye toward their compatibility with their other current tools. “Oftentimes, tools in the technology stack don't fit together that well and it is important for each specialist to have the interfaces, both up- and downstream to allow a seamless experience… I think integration along the workflow is really important.”
What’s Next for Maltego?
As interest in cybersecurity and digital privacy has grown, so has the level of activity in Maltego’s market. “Generally I think, as the case load is increasing, the number of data sources and the amount of data is increasing. At the same time machines cannot solve it all. And especially for the exploratory searches, you need fuzzy intelligence and what the human can bring to the table. And that's obviously where we come into play. We provide the tool for humans to interact with huge amounts of data. And that's where we want to continue to operate.”
“Generally I think, as the case load is increasing, the number of data sources and the amount of data is increasing. At the same time machines cannot solve it all. We provide the tool for humans to interact with huge amounts of data.”
Mayrhofer also said Maltego has made significant investments in infrastructure over the past few years and looks forward to bringing those capabilities to the product level for its customers. “We’ll continue to focus on trying to get the best experience for our human modern digital investigators,” he said.
Questions? Connect with the Baird team at RWBcybercoverage@rwbaird.com