Home Innovation Security CISA and Sandia Develops Thori...

CISA and Sandia Develops Thorium for Cyber Threat Analysis

Security

Business Honor - Thorium Malware Analysis Tool by CISA

Business Honor
01 August, 2025

The new platform named Thorium automates large scale cybersecurity procedures, allowing faster malware analysis, digital forensics, and response.

Thorium, a powerful new platform developed by Sandia National Laboratories and the Cybersecurity and Infrastructure Security Agency (CISA), is designed to support security teams in simplifying and speeding file analysis on a large scale. Thorium is a distributed, flexible system that uses a number of private, free to use and business tools. It allows the automation of complex analysis processes used in emergency response, digital law enforcement, and software examinations.

It’s event-based automation is one of its greatest features. This allows users to use tools in a particular sequence while creating custom events. With Docker containers, development teams can quickly incorporate their present command-line applications and control everything through an online interface, RESTful API, or command-line tool. Thorium is designed for massive operations and depends on ScyllaDB and Kubernetes. In addition to organizing more than 1,700 jobs per second and managing over 10 million files every hour per user group, it provides fast searches. Additionally, it limits file access, tools, and outcomes with collaborative permissions.

It is easy to search results by categories or keywords due to the platform's automatic gathering, organization, and storage of tool outputs. This allows cybersecurity teams to deal with forensic data, like emails and memory dumps, analyze malware, and test the features of different tools in time. Businesses having serious analysis requirements are advised to try Thorium by CISA. To start, it needs storage infrastructure, a Kubernetes environment, and some Docker understanding.

Thorium is an important development for security; tools like this lead to fully automated AI-powered security systems as digital dangers increase. These systems will protect networks faster and more effectively than before by detecting, analyzing, and reacting to attacks.