Explore Joe Security Cloud Basic Accounts Contact Us
top title background image

Joe Security's Blog

OEM'ing Joe Sandbox

Published on: 08.02.2017

Here at Joe Security, we have a long tradition of doing OEM business. OEM stands for original equipment manufacturer and is kind of misleading term. Today OEM is often used to describe that company B can integrate, bundle or resell a product of company A.

Why do companies integrating dynamic malware analysis system (sandboxes) into their products? Well a sandbox enables your product to:

  • Detect unknown malware with high detection precision
  • Determine the payload and type of malware
  • Get IOC's and additional forensic artifacts about a threat
Looking at use-cases the following industries/vendors/tools can benefit from Sandbox integrations:

Secure Gateway & Firewall vendors

Secure Gateways and Firewalls can extract samples from the wire and send them to the sandbox. If the sandbox detects a sample as malicious the firewall can block the sample, IPs, domains, the endpoint and notify the SOC. In addition, IOCs and payloads can be provided to security operation teams. Due to sandbox integration samples passing the Gateway / Firewall are being detected.

Cloud & e-Mail Security providers

Similar to Firewalls secure e-Mail and Cloud products can scan e-Mail attachments and files with the sandbox. Malicious files can be blocked so that they do not reach the end user. With a Sandbox integration infection of end-user systems can be prevented. 

Automated Incident Response Tools

Automated Incident Response Tools benefit from IOCs extracted by the sandbox. IOCs can be used to clean and remediate endpoints. Further C&Cs enable to separate and block infected devices. The Sandbox improves detection and delivers meaning full data for disinfection.

Threat Intelligence Platforms

A Sandbox nicely integrates into threat intelligence Platforms. The Sandbox generates additional IOCs and payload data which give "context" for domains, IPs, file names and hashes. Security teams using threat intelligence platform greatly benefit from additional behavior data about threats.

Next-Gen Endpoint Solutions

Next-Gen Endpoint Solutions upload suspicious files to the Cloud where they are analyzed by a Sandbox. On detection, the endpoint client solution is notified which then remediate the client, blocks processes as well as network connection. Thanks to the Sandbox more threats can be detected.

Why choosing Joe Sandbox for integration?

Here at Joe Security OEM integrations are one of our specialty. Integration with Joe Sandbox has the following benefits:

  • True cross-platform aware platform analyzing samples dynamically on Windows, Android, Mac OS X, Linux and iOS
  • Includes several top-notch technologies 
  • Deep analysis
  • Open platform running on Linux with various interfaces for integration
  • High installation flexibility 
  • High tuning flexibility
  • Flexible licensing options
  • Source Code ESCROW
  • Source Code licensing
  • Long term deals with long term run down periods
  • On-site training and installation
  • SLA
  • White label branding options
  • High confidentially due to Swiss legislation
  • Over 10 years of experience in Sandbox development
  • Competitive pricing