How Maltego used Vanta to pass their ISO 27001 audit 5 weeks early

The company

Maltego empowers organizations with an all-in-one cyber investigation platform 

Maltego is the world’s most widely used investigation platform for complex cyber investigations serving organizations across the private and public sectors. Since 2008, Maltego has supported millions of investigations globally and is predominantly used by cyber threat intelligence teams and law enforcement agencies

With Maltego, investigative teams can conduct both preliminary OSINT investigations for digital profiling and complex link analysis for large datasets. The platform also includes tools to collect, monitor, and preserve social media intelligence in real time for prosecution and public safety.

Headquartered in Munich, Maltego collaborates with customers such as the FBI, INTERPOL, and leading technology and service companies. The platform delivers a seamless journey from data collection to actionable insights, ensuring analytical excellence for every investigator.

‍

The challenge

Meeting customer demand for proving trust 

Maltego’s clients are by nature risk-aware, and they look for partners that meet their stringent security standards. As the company grew, they noticed a marked uptick in requests for proof of security compliance. 

“Security questionnaires took so much time from my life,” says Dirk Wagner, Head of Security at Maltego. “People wanted to dig deep into our policies and their questions could be tricky. For example, their scope wasn’t always clear because we deliver a lot of different things for different customers.” 

Ben April, CTO at Maltego, knew that the right security framework could make demonstrating compliance much less labour intensive. 

“We have many customers in Europe, where ISO 27001 is held in high regard, and it’s the one we were asked about the most. It provides a comprehensive approach to security, and it would allow us to give customers what they needed without pursuing every single framework out there.”

“Security questions come in hourly. It’s incredibly important for us to build trust with our customers, and we realised that would be a lot easier with a recognised security certification.” 

- Ben April, CTO, Maltego

‍

The solution

A trust management platform that ticks all the right boxes

The task of figuring out the best way to get ISO 27001 compliant fell to Patrick Gebhard, Head of Business Intelligence and Customer Insights at Maltego. He considered three routes: using an outside consultancy, doing it manually with templates, or getting a trust management platform. 

“We wanted to get it done within six months; if we tried to do it manually, Dirk and I would look a lot more tired than we do now! Ultimately, we wanted to maintain control, so software seemed like our best option.”

Patrick had long been aware of Vanta, having initially heard about it on a podcast. He researched it and some of its competitors, but Vanta’s user-friendly design and comprehensive feature list won the day.  

“Vanta offered us a way to get audit-ready quickly. We liked its continuous monitoring and automated testing, and it was easy to use. Our existing tool stack could integrate with it as well, which was a big consideration for us.”

“Without a trust management platform like Vanta, we would need at least one extra person working full-time towards getting our ISO 27001 certification.”

- Patrick Gebhard, Head of Business Intelligence and Customer Insights, Maltego

‍

The impact

Easier audits and reassured customers 

Each Maltego department has a person who is responsible for security. With Vanta in place, their work has become a lot more streamlined and straightforward.

“It’s vital that we keep on top of compliance and risk, and that was always difficult to do,” says Dirk. “Vanta helps a lot. It also gives us a real-time overview of our security posture and alerts us to any issues, so nothing slips through the cracks.”

With Vanta, Maltego could automate much of the work needed to prepare for their ISO 27001 audit, and they also chose to work with a Vanta-vetted auditor. This streamlined process allowed them to get their certification five weeks earlier than planned. 

“The auditors were service oriented—quick reply times, minimal meetings. They worked asynchronously as well, which was convenient for us,” explains Patrick.

According to Ben, Vanta has made the whole company more security aware. It shows everyone why security protocols have to be both followed and followed up on.  

“It's helped us get to the point where security is embedded in our daily work. We don’t just look at Vanta when it's audit time—it’s up to date, so we’re not panicking the week before.” 

Since getting their ISO 27001 certification, Maltego has found customers’ security questionnaires easier to deal with. 

“They know we have the basics covered because we have ISO 27001, and we can answer questions covered by the framework very quickly,” says Ben. “We’ve found that really helpful, and it gives us time and space to deal with more high-level enquiries.” 

Maltego has since expanded their use of Vanta to include Trust Center, Access Reviews, and advanced Risk Management capabilities.. These additions will allow them to further improve their security posture and demonstrate its strength to clients. 

“As we scale we are constantly evaluating the next step such as CMMC or SOC 2. With Vanta, we can see what percent of them we already have covered, and then just add them to our package. It means we can move quickly in response to our customers’ needs.”

- Ben April, CTO, Maltego

‍