The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with Sandia National Laboratories, has announced the release of Thorium – a FREE, automated, scalable platform for malware and forensic analysis. Thorium integrates commercial, custom, and open-source tools, allowing cybersecurity teams to rapidly assess malware threats and consolidate forensic data into a unified system.
As advanced persistent threats grow in volume and sophistication, timely and accurate malware analysis is critical. Analysts across government, public, and private sectors often struggle to keep up, juggling numerous specialized tools with limited time and resources.
Thorium addresses these challenges by enabling defenders to incorporate their preferred tools into a single, customizable platform. It supports automated analysis workflows at scale, making it easier to process large volumes of malware, adapt to emerging threats, and manage toolsets efficiently. Thorium is built to handle over 10 million file ingestions per hour per permission group and can schedule more than 1,700 jobs per second, all while delivering fast, searchable results.
Cybersecurity teams can use Thorium to:
Prerequisites and Instructions
Thorium requires a deployed Kubernetes cluster, block store, and object store. Familiarity with Docker containers and compute cluster management is also necessary for successful deployment.
