Explore Joe Security Cloud Basic Accounts Contact Us
top title background image

Joe Security's Blog

Joe Lab - the Cloud-based Malware Analysis Lab

Published on: 03.03.2020

Today we have fantastic news for you! We release Joe Lab - a brand new service from Joe Security! 

In a nutshell, Joe Lab is a Cloud-based malware analysis lab. A malware analysis lab is a key infrastructure for CERTs, CIRTS, SOCs and malware analysts to securely analyze malware and exploits, or test Yara rules. A malware analysis lab usually consists of several bare metal laptops or PCs which are fully separated from the corporate network. The lab machines are connected to an anonymized Internet line or use Internet simulation. Further, lab machines can be easily wiped and restored to a baseline. 

Setting up a malware analysis lab is a lot of effort and includes several big challenges:

  • Network segregation from the corporate network, so that malware cannot spread or cause harm.
  • Secure transfer of malware and analysis results from and to the lab. Usually, corporate endpoints are not allowed to store or access malware files. 
  • Reset lab machines to a known good state or baseline - to wipe any malware infection and start a new case.
  • Anonymized Internet access for the lab, so that malware authors cannot track you.
  • Fake Internet simulation to test very sensitive malware.
  • Secure access to the Lab via remote desktop or other RDP protocol, so that malware is not able to infect your endpoint.
  • Maintain bare metal lab machines - virtual machines are easily detected by malware.

Joe Lab solves all those challenges and sets the effort of setting up a lab infrastructure to zero. Here are some of the features of Joe Lab:

Fully Cloud-Based

Joe Lab is completely located in the Cloud. The infrastructure is not located in your network. You, therefore, have very strong network segregation. Joe Lab is directly integrated into Joe Sandbox Cloud Pro and you find it in the top navigation bar:

Depending on your subscription level you get access to one or several lab machines:

Secure File System Access

At any time you can access the full file system of the lab machines via the browser. You can upload or download malware and analysis results:

Any file transfer happens over HTTPS.

Reset to Clean State

Joe Lab includes a feature to reset the lab machine to a clean state (known good state). The disk wiping is done completely automated. Within minutes, you get access again to a clean machine:

Anonymized Internet Access

With Joe Lab, all lab machines have access to an anonymized Internet line. You can choose the exit point/country from several options:

This feature is very beneficial if you analyze country-aware malware samples. You also have the option to completely disable Internet access or use Internet Simulation.

Secure Access

If you want to access the lab machine you can do so directly from the browser by clicking the Remote Desktop button:

You get full access to the lab machine and can start analyzing malware samples. Copy and paste functionality is available via the clipboard manager:

Bare Metal Lab Machines

All lab machines are bare metal - physical laptops or PCs. No virtual machine is used:

Therefore, bad luck for malware that detects virtual machines!

Joe Lab - One of its kind

To the best of our knowledge, Joe Lab is the industry's first and only Cloud-based malware analysis lab. With Joe Lab, CERTs, CIRTS, SOCs and malware analysts no longer have the burden to setup a malware analysis lab. Further Joe Lab combines the best features of a malware analysis lab, including an anonymized Internet line, fake Internet, and resettable bare metal lab machines. 

Would you like to try Joe Lab? Then don't wait and contact us for a trial!