Digital Shadows integrates with Maltego through partnership with Malformity Labs

15 June 2015

The need for organizations to focus on their risk exposure is growing daily, and their ability to establish a clear picture of their environments is key to mitigating risk. That clear picture is best made possible when security teams have access to as much relevant detail about its risk profile as possible.

This is why we’ve chosen to partner with Malformity Labs to bring our customers the added insight provided through integration with the Maltego framework.

Maltego is an extensible framework that provides users, such as security analysts, incident responders and researchers, with a variety of cost-effective ways for visualizing and mining a variety of data types from open sources, as well as the potential to query private and third-party data. Users of Maltego can discover a wealth of information about a piece of data, an asset, or a human being through the use of its transforms and entities.

While Digital Shadows already provides its customers with tailored intelligence based on more than 100 million data sources in 27 languages, we always aim to give our customers even more. This partnership with Malformity Labs allows us to additionally bring our customers 84 transforms and 14 entities that can be realized visually in the Maltego framework.

Through the use of these transforms and entities, users will be able mine and visualize data that is relevant to their organizations for the express purpose of detailed link analysis.

So, how do users begin using the Digital Shadows transforms?  

For starters, each user needs to download and install a copy of Maltego from the Paterva website. For clients that use Maltego Chlorine, the Digital Shadows transform set is available from the Transform Hub. If you are using an older version of Maltego we will provide you with the seed URL directly. Digital Shadows clients can then request API credentials that will allow them to begin using our transform set.  

Transformset




 

The root Digital Shadows entity is unique to the client’s organization, and will allow the user to retrieve recent incidents directly related to their organization using their unique API key.
 Root

 

The user can then use the comprehensive set of Digital Shadows transforms to investigate and explore entities associated with these incidents – such as actors, campaigns, events and TTPs.

DS 


Users can then pivot from these entities in order to explore the Digital Shadows data and begin to map out relationships between entities to better understand the threats that are targeting their organization. The additional context provided by this data allows clients to make more informed business decisions in order to better defend their organization and its assets from threat actors targeting them from beyond their boundary.

If users are interested in performing analysis on a specific actor, campaign, event or keyword then entities can be imported into Maltego by pivoting from the default ‘Alias’ or ‘Phrase’ entities. The full functionality of Maltego and the Digital Shadows transforms can then be used to perform analysis on a particular threat actor, incident or TTP (amongst others) in order to gain better insight into their threat landscape.
 

Actor1
Pivot
 



Uniquely, users can also take advantage of the full power of our dark web and IRC text search to analyze data from Tor, I2P, criminal sites and IRC conversations. These entities can be imported by pivoting from the ‘Alias’ or ‘Phrase’ entities in order to perform richer analysis with this extensive data set.

We are so pleased to announce this partnership with Malformity Labs and the release of our Maltego integration, and we know that these transforms and entities will better empower our collective clientele to make the most out of both solutions as they strive to ensure the security of their environments.