Agile Sandbox for large-scale Malware Analysis
Analysis reports with key information about potential threats enable cyber-security professionals to deploy, implement and develop appropriate defense and protections.
Joe Sandbox Light is a software package that enables scalable and efficient large-scale analysis. Joe Sandbox Light can process up to 23k samples per day / server.
Compared to Joe Sandbox Desktop, Joe Sandbox Light offers twice as much analysis throughput while focusing on the most essential malware behavior.
Joe Sandbox Light Explained
Joe Sandbox Light's architecture is modular. It consists of one central controller unit and multiple servers running Joe Sandbox Light instances equipped with several VMs. The VMs are run either run either by VirtualBox or VMWare. A submission script sends files and URLs via submission interface to the central controller, which then chooses a Joe Sandbox Light instance based on a workload-balancing algorithm. Once analyzed, the analysis results including the detail behavior report are fetched and stored on the central controller. Joe Sandbox Light has been optimized for high-speed analysis and scalability, so the analysis throughput can be extended easily by adding new Joe Sandbox Light instances.
Joe Sandbox Light's dynamic and static analysis engine monitors any activities during the binary program execution. Click to read more about Joe Security's unique Hybrid Code Analysis (HCA) technology.
Explore Joe Sandbox Light
Have a look at the behavior analysis reports generated by Joe Sandbox Light or contact Joe Security to schedule a technical presentation.
Optimized for High Throughput and Scalability
Joe Sandbox Light is optimized for large-scale analysis and can handle up to 25,000 samples per day on a single Joe Sandbox Light instance. By scaling up the instances, Joe Sandbox Light enables your lab to analyze extensive numbers of samples.
Comprehensive Reports
Joe Sandbox Light generates very detailed analysis reports about system, network, browser and tampering/code manipulation behavior. The report includes evaluations and additional data about strings, domains and file structures. Matching generic signatures highlight suspicious and malicious key behavior. Classification and threat scores help to detect sophisticated cyber-attacks quickly. A context based search enables to quickly navigate.
All Files on all Platforms
Joe Sandbox Light enables analysis of all executable files (including malicious documents) on Windows 7, Windows W7 x64, Windows 10 and Windows 10 x64.
1451+ Generic and Open Behavior Signatures
Joe Sandbox Light uses a growing set of over 1451+ generic Behavior Signatures to detect and classify malicious behavior activities such as Exploiting and Shellcode (for malicious documents), Persistence, Boot Survival, Spreading, Data Spying and Leakage and C&C Communication. Behavior Signatures are extendable and customizable and optionally are shared within a community.
Extensive supplementary Analysis Data
In addition to analysis reports in HTML, XML and JSON formats, Joe Sandbox Light captures and generates supplementary data. This includes created files, unpacked PE files, memory dumps, PCAP of the captured network traffic (incl. decrypted HTTPS), screenshots, shellcode and strings.
High Detection Precision
Joe Sandbox Light is tuned to detect malicious samples with high precision. Extensive tests have shown an average false positive rate < 2% and false negative rate < 6% for PE files. Besides the detection status (clean, suspicious or malicious) Joe Sandbox Light generates a detailed confidence score - outlining how certain the system is about the detection.
Automated User Behavior
Through predefined and configurable Cookbooks - special scripts submitted as second input - Joe Sandbox Light allows for performing advanced use cases on the analysis machine. Cookbook scripts describe an analysis procedure and allow any possible user behavior to be automated. Browsing a URL with IE, Firefox or Chrome, logging into an email account, or running a file with special arguments are just a few examples of the existing Cookbooks included. To click through any installer Joe Sandbox Light offers an advanced OCR based click engine.
Build for OEM Integration
Joe Sandbox Light allows for seamless integration into existing security products. A .NET SDK, serving interfaces for automated file submissions and processors for handling generated analysis data is included. For bulk file submissions, Joe Sandbox Light provides a queuing system with load-balancing and prioritization mechanisms. OEM customer have full control over the solution, its generated data and configuration.
Flexibility and Customization
Joe Sandbox Light is built as a modular and scalable system with many settings for advanced tuning. With its open SDK, behavior signatures and cookbooks, it enables performing advanced use cases to serve organizations' specific needs. Joe Sandbox Light supports multiple analysis machines with different applications/versions installed.
Additional Support, Maintenance and Consulting
Joe Security provides excellent services, such as system installations, training, maintenance, customization and expert knowledge as an supplemental package to Joe Sandbox Light.
Learn more about Joe Sandbox Light
Contact Joe Security to schedule a technical presentation, receive a trial account or view a live demo at Joe Security.
What is the difference between Joe Sandbox Desktop and Joe Sandbox Light?
Joe Sandbox Light is optimized to analyze large amount of malware in short time. Therefore you can process more samples on the same hardware with Joe Sandbox Light compared to Joe Sandbox Desktop.
What files does Joe Sandbox Light analyze?
Joe Sandbox Light analyzes any files, including EXE, DLL, PIF, CMD, BAT, COM, SCR, CPL, PDF, DOC(X)(M), XLS(X)(M)(B), PPT(X)(M), HWP (Hangul Korean), JTD (Ichitaro Japan), RFT, XPI, CRX (Chrome Plugin), EML (Email), MSG (Email), CHM, JS, VBS, VBE, LNK, JAR (Java), PS1 (Powershell), ZIP, 7Z, RAR, ZLIB, ASP(X). Joe Sandbox Light includes a file type recognition engine which detects over 5000 different files.
What report and forensic data does Joe Sandbox Light generate?
Behavior reports in HTML, PDF, XML and JSON, dropped or downloaded files, memory dumps, strings, PCAP, screenshot, unpacked PE files and openIOC.
Which analysis technology does Joe Sandbox Light use?
Joe Sandbox Light uses a wide range of analysis technologies including dynamic, static as well as hybrid. Due to the use of several analysis techniques Joe Sandbox Light discovers more behavior than other solutions.
What are behavior signature?
Behavior signatures are tiny scripts to rate data Joe Sandbox Light captures from the malware. Joe Sandbox Light extracts system, network, memory, code and browser data. Joe Sandbox Light includes a steady raising number of signatures.
Which virtualization products run with Joe Sandbox Light?
Joe Sandbox Light supports all virtualization products, including VirtualBox and VMware ESX.
Does Joe Sandbox Light analyze malware on native machines?
Yes, Joe Sandbox Light enalbes to analyze malware on native machines. Therefore you can use directly a PC or laptop from your company as an analysis target.
Which Windows systems are supported?
Windows 7, Windows 7 x64, Windows 8, Windows 10 and Windows 10 x64 with a system language spoken in Europe (German, French, English etc).
What hardware and operating systems do I need to install Joe Sandbox Light?
Joe Sandbox Light runs on standard hardware with Linux as operating system (e.g. Ubuntu Server). For installation a single server is required.
Is Joe Sandbox X a 100% standalone application?
Yes, Joe Sandbox Light can be run without any connection to the Internet or our Cloud.
What types of license do you offer?
We offer perpetual licenses with a site, country or world-wide scope. Services such as support and upgrades are availabe as an annual renewing license.