The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has made a significant contribution to the global cybersecurity community with the public release of Thorium. This new, open-source platform is designed to assist malware and forensic analysts across government, public, and private sectors in automating and streamlining cyberattack investigations.
Developed in partnership with Sandia National Laboratories, Thorium is a scalable cybersecurity suite that can handle massive workloads, capable of scheduling over 1,700 jobs per second and ingesting over 10 million files per hour per permission group.
“Thorium enhances cybersecurity teams’ capabilities by automating analysis workflows through seamless integration of commercial, open-source, and custom tools,” CISA stated in its announcement. “It supports various mission functions, including software analysis, digital forensics, and incident response, allowing analysts to efficiently assess complex malware threats.”
Security teams can leverage Thorium to automate and speed up a wide range of file analysis workflows. Key features include:
- Easy Tool Integration: Integrate command-line tools as Docker images, including open-source, commercial, and custom software.
- Scalability: Built with Kubernetes and ScyllaDB, the platform can scale to meet the most demanding workloads.
- Sharing and Collaboration: Easily import and export tools to facilitate knowledge sharing across cyber defense teams.
- Granular Permissions: Control access to submissions, tools, and results with strict group-based permissions.
- Efficient Filtering: Filter results using tags and full-text search to quickly find what you need.
Defenders can find installation instructions and get their own copy of Thorium from CISA’s official GitHub repository.
“By publicly sharing this platform, we empower the broader cybersecurity community to orchestrate the use of advanced tools for malware and forensic analysis,” added CISA Associate Director for Threat Hunting Jermaine Roebuck.
A Note for the European Community
While Thorium is an impressive and welcome contribution from our American counterparts, its release highlights the growing need for more European-based open-source cybersecurity solutions. The EU’s Cyber Resilience Act is a step in the right direction, but to foster true digital sovereignty and resilience, Europe needs its own thriving ecosystem of open-source projects. We hope to see more offerings on the subject from European cybersecurity communities as we continue to dive into this important subject.
On a related note, CISA also recently released the Eviction Strategies Tool, which helps security teams contain and evict adversaries from compromised networks. This follows the public release of its “Malware Next-Gen” analysis system last year. One year earlier, CISA started offering free security scans for critical infrastructure facilities to help protect them from hacker attacks.
