Cloud based solutions, especially in the malware detection and analysis field, are well known to use and exploit the uploaded data for commercial purposes. For instance, any malware sample uploaded to the World's most popular online virus scanner can be shared with third parties including customers, antivirus vendors etc.
At Joe Security, we take data privacy extremely seriously. By default, Joe Security does not share any malware sample or any IOCs with third parties. In addition, we have implemented various technical privacy protection measures for Joe Sandbox Cloud that we will present in this blog post.
Infrastructure and Server Security
Major parts of Joe Sandbox Cloud Pro are hosted in data centers which feature DIN ISO/IEC 27001 certification. The certification proves that the data center operator will uphold strict information security standards. E.g. there is strong access control to access our servers.
We monitor all our servers for physical and virtual intrusions, do regular security patches and backups. Joe Sandbox Cloud Pro has failover capability since we run a shadow copy of the complete system. To prevent DDoS attacks our Cloud is protected by one of the largest web proxy and content delivery networks. We imply least privilege access on our servers via permissions, containers, and virtualization. Professional penetration tests are run on our server infrastructure on a regular basis.
All malware samples, as well as any analysis results such as IOCs and behavior information are private. The data is encrypted at rest and we grant full access rights to our customers to their data. This includes deletion access. Once a customer deletes an analysis, all data is securely deleted in near real time!
Configurable Data Retention Policy
To make deletion even easier, Joe Sandbox Cloud Pro features a configurable data retention policy. When you submit a malware sample for analysis you can define how long Joe Sandbox Cloud shall keep the sample and the associated data until it is deleted:
You can set a value of 1 which will result in automated data deletion after one day. The date of deletion is visible in the analysis detail overview:
Encryption of Analysis Data
Another data protection feature we recently introduced is analysis encryption. Customers can specify a password during the submission of the malware sample. This password is used to encrypt (AES-256) all data including the sample and all associated information post-analysis. The password is then erased from the Joe Sandbox Cloud server. As a result, only the customer can decrypt the data. The malware sample and analysis data stay unencrypted only during the analysis.
Encryption of analysis data provides the strongest possible data protection for an automated malware analysis solution.
Let us also have a look at the Web security of Joe Sandbox Cloud Pro. It is protected by a WAF (Web Application Firewall) and uses HTTPS / TLS 1.2 for transport encryption (SSL Labs grade A). All passwords are salted and stored hashed. The web application database encrypts sensitive fields, so direct database access does not help. Users can enable two-factor authentication as well as security alerts to monitor access. Accounts are locked if the wrong password is entered too many times (password brute force attack prevention). To test all this we let third-parties perform regular penetration tests of the web application.
Best in Class Protection
Security and privacy are key features of an automated malware analysis system. If malware samples or IOCs are leaked the bad guys instantly know that you detected their attack - killing the possibility of an active investigation.
As this blog post proves, Joe Sandbox Cloud Pro features a variety of best in class security and privacy protections. The configurable data retention policy, as well as the encryption of analysis data, are very unique and increase the privacy protection of your data.