CISA Unveils Thorium: Open-Source Platform for High-Speed Malware Analysis
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has unveiled Thorium, an open-source platform designed for malware and forensic analysis. Released before April 2024, Thorium is a collaborative effort with Sandia National Laboratories and is built for high scalability. It can ingest over 10 million files per hour per permission group and schedule more than 1,700 jobs per second, making it an efficient tool for large-scale data management. Thorium leverages Kubernetes for orchestration and ScyllaDB for high-performance data handling, ensuring smooth operation even with complex threats. It enables cybersecurity teams to automate workflows, integrate commercial, open-source, and custom tools within a unified system, and manage data efficiently. Thorium offers full control through a RESTful API and can be accessed via web browser or command-line utility. Use cases include tool testing, malware analysis, and host forensics. Thorium's release, following CISA's previous malware analysis system Malware Next-Gen in April 2024, demonstrates the agency's commitment to enhancing cybersecurity capabilities. With its high scalability and automation features, Thorium is set to become a valuable asset for cybersecurity teams.
