Clicky

Explore Joe Security Cloud Basic Accounts Subscribe to our Newsletters Contact Us
top title background image

Joe Sandbox Light

Agile Sandbox for large-scale Malware Analysis

Joe Sandbox Light Joe Sandbox Light executes files and URLs in a controlled environment and monitors the behavior of applications and the operating system for suspicious activities. All activities are compiled into comprehensive and extensive analysis reports.

Analysis reports with key information about potential threats enable cyber-security professionals to deploy, implement and develop appropriate defense and protections.

Joe Sandbox Light is a software package that enables scalable and efficient large-scale analysis. Joe Sandbox Light can process up to 23k samples per day / server.

Compared to Joe Sandbox Desktop, Joe Sandbox Light offers twice as much analysis throughput while focusing on the most essential malware behavior.

Joe Sandbox Light Explained

Joe Sandbox Light Explained

Joe Sandbox Light's architecture is modular. It consists of one central controller unit and multiple servers running Joe Sandbox Light instances equipped with several VMs. The VMs are run either run either by VirtualBox or VMWare. A submission script sends files and URLs via submission interface to the central controller, which then chooses a Joe Sandbox Light instance based on a workload-balancing algorithm. Once analyzed, the analysis results including the detail behavior report are fetched and stored on the central controller. Joe Sandbox Light has been optimized for high-speed analysis and scalability, so the analysis throughput can be extended easily by adding new Joe Sandbox Light instances.

Joe Sandbox Light's dynamic and static analysis engine monitors any activities during the binary program execution. Click to read more about Joe Security's unique Hybrid Code Analysis (HCA) technology.


Explore Joe Sandbox Light

Have a look at the behavior analysis reports generated by Joe Sandbox Light or contact Joe Security to schedule a technical presentation.

Optimized for High Throughput and Scalability

Joe Sandbox Light is optimized for large-scale analysis and can handle up to 25,000 samples per day on a single Joe Sandbox Light instance. By scaling up the instances, Joe Sandbox Light enables your lab to analyze extensive numbers of samples.

Optimized for High Throughput and Scalability

Comprehensive Reports

Joe Sandbox Light generates very detailed analysis reports about system, network, browser and tampering/code manipulation behavior. The report includes evaluations and additional data about strings, domains and file structures. Matching generic signatures highlight suspicious and malicious key behavior. Classification and threat scores help to detect sophisticated cyber-attacks quickly. A context based search enables to quickly navigate.

Comprehensive Reports

All Files on all Platforms

Joe Sandbox Light enables analysis of all executable files (including malicious documents) on Windows XP, Windows 7, Windows W7 x64, Windows 10 and Windows 10 x64.

All Files on all Platforms

794+ Generic and Open Behavior Signatures

Joe Sandbox Light uses a growing set of over 794+ generic Behavior Signatures to detect and classify malicious behavior activities such as Exploiting and Shellcode (for malicious documents), Persistence, Boot Survival, Spreading, Data Spying and Leakage and C&C Communication. Behavior Signatures are extendable and customizable and optionally are shared within a community.

794+ Generic and Open Behavior Signatures

Extensive supplementary Analysis Data

In addition to analysis reports in HTML, XML and JSON formats, Joe Sandbox Light captures and generates supplementary data. This includes created files, unpacked PE files, memory dumps, PCAP of the captured network traffic, screenshots, shellcode and strings.

Extensive supplementary Analysis Data

High Detection Precision

Joe Sandbox Light is tuned to detect malicious samples with high precision. Extensive tests have shown an average false positive rate < 2% and false negative rate < 6% for PE files.

High Detection Precision

Automated User Behavior

Through predefined and configurable Cookbooks - special scripts submitted as second input - Joe Sandbox Light allows for performing advanced use cases on the analysis machine. Cookbook scripts describe an analysis procedure and allow any possible user behavior to be automated. Browsing a URL with IE, Firefox or Chrome, logging into an email account, or running a file with special arguments are just a few examples of the existing Cookbooks included.

Automated User Behavior

Seamless Integration

Joe Sandbox Light allows for seamless integration into existing threat intelligence systems. A SDK, serving interfaces for automated file submissions and processors for handling generated analysis data is included. For bulk file submissions, Joe Sandbox Light provides a queuing system with load-balancing and prioritization mechanisms. Supporting tools such as Yara and Virustotal can be enabled.

Seamless Integration

Flexibility and Customization

Joe Sandbox Light is built as a modular and scalable system with many settings for advanced tuning. With its open SDK, behavior signatures and cookbooks, it enables performing advanced use cases to serve organizations' specific needs. Joe Sandbox Light supports multiple analysis machines with different applications/versions installed.

Flexibility and Customization

Additional Support, Maintenance and Consulting

Joe Security provides excellent services, such as system installations, training, maintenance, customization and expert knowledge as an supplemental package to Joe Sandbox Light.

Additional Support, Maintenance and Consulting

Learn more about Joe Sandbox Light

Contact Joe Security to schedule a technical presentation, receive a trial account or view a live demo at Joe Security.

* MAEC and the MAEC logo are trademarks of The MITRE Corporation.

What is the difference between Joe Sandbox Desktop and Joe Sandbox Light?

Joe Sandbox Light is optimized to analyze large amount of malware in short time. Therefore you can process more samples on the same hardware with Joe Sandbox Light compared to Joe Sandbox Desktop.

What files does Joe Sandbox Light analyze?

Joe Sandbox Light analyzes any files, including EXE, DLL, PIF, CMD, BAT, COM, SCR, CPL, PDF, DOC(X)(M), XLS(X)(M), PPT(X)(M), HPW (Hangul Korean), JTD (Ichitaro Japan), RFT, XPI, CRX (Chrome Plugin), EML (Email), MSG (Email), CHM, JS, VBS, VBE, LNK, JAR (Java), PS1 (Powershell), ZIP, 7Z, RAR, ZLIB. Joe Sandbox Light includes a file type recognition engine which detects over 5000 different files.

What report and forensic data does Joe Sandbox Light generate?

Behavior reports in HTML, PDF, XML and JSON, dropped or downloaded files, memory dumps, strings, PCAP, screenshot, unpacked PE files and openIOC.

Which analysis technology does Joe Sandbox Light use?

Joe Sandbox Light uses a wide range of analysis technologies including dynamic, static as well as hybrid. Due to the use of several analysis techniques Joe Sandbox Light discovers more behavior than other solutions.

What are behavior signature?

Behavior signatures are tiny scripts to rate data Joe Sandbox Light captures from the malware. Joe Sandbox Light extracts system, network, memory, code and browser data. Joe Sandbox Light includes a steady raising number of signatures.

Which virtualization products run with Joe Sandbox Light?

Joe Sandbox Light supports all virtualization products, including VirtualBox and VMware ESX.

Does Joe Sandbox Light analyze malware on native machines?

Yes, Joe Sandbox Light enalbes to analyze malware on native machines. Therefore you can use directly a PC or laptop from your company as an analysis target.

Which Windows systems are supported?

Windows XP, Windows 7, Windows 7 x64, Windows 8, Windows 10 and Windows 10 x64 with a system language spoken in Europe (German, French, English etc).

What hardware and operating systems do I need to install Joe Sandbox Light?

Joe Sandbox Light runs on standard hardware with Linux as operating system (e.g. Ubuntu Server). For installation a single server is required.

Is Joe Sandbox X a 100% standalone application?

Yes, Joe Sandbox Light can be run without any connection to the Internet or our Cloud.

What types of license do you offer?

We offer perpetual licenses with a site, country or world-wide scope. Services such as support and upgrades are availabe as an annual renewing license.