CISA releases Thorium: Open-source malware & forensic analysis tool
▼ Summary
– CISA released Thorium, an open-source cybersecurity platform for malware and forensic analysis, available to government, public, and private sectors.
– Thorium, developed with Sandia National Labs, automates cyberattack investigations, handling 1,700 jobs per second and 10 million files per hour per group.
– The platform integrates commercial, open-source, and custom tools to streamline workflows for software analysis, forensics, and incident response.
– Thorium features include tool sharing, Docker integration, search filters, group-based permissions, and scalability via Kubernetes and ScyllaDB.
– CISA also recently released the Eviction Strategies Tool and previously made Malware Next-Gen and security scans available to enhance cybersecurity defenses.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has unveiled Thorium, a powerful open-source platform designed to streamline malware analysis and forensic investigations for security professionals across multiple sectors. Developed in collaboration with Sandia National Laboratories, this scalable cybersecurity solution automates critical tasks involved in cyberattack investigations, handling massive workloads with impressive efficiency.
Thorium stands out for its ability to process over 1,700 jobs per second and analyze more than 10 million files hourly per permission group, making it a game-changer for cybersecurity teams. According to CISA, the platform enhances threat detection by integrating commercial, open-source, and custom tools into a unified workflow. This enables analysts to tackle complex malware threats while supporting key functions like software analysis, digital forensics, and incident response.
Key features of Thorium include seamless tool integration, allowing users to import and export resources effortlessly across defense teams
Security teams can access Thorium’s installation guide and source code via CISA’s official GitHub repository. Jermaine Roebuck, CISA’s Associate Director for Threat Hunting, emphasized the platform’s potential to strengthen cybersecurity efforts, stating that it enables analysts to efficiently assess vulnerabilities in both malicious and benign software.
This release follows CISA’s recent launch of the Eviction Strategies Tool, which assists incident responders in containing and removing adversaries from compromised systems. Last year, the agency also opened its Malware Next-Gen system to the public, allowing submissions of suspicious files for analysis. Additionally, CISA has been offering free security scans for critical infrastructure since 2021, reinforcing its commitment to safeguarding vital systems from cyber threats.
By making Thorium publicly available, CISA aims to empower security professionals with advanced, automated tools to combat evolving cyber risks more effectively.
(Source: Bleeping Computer)
