A cybersecurity platform developed by Sandia National Laboratories is now available to the public. The platform, called Thorium, was created through a partnership between Sandia and the Cybersecurity and Infrastructure Security Agency. Since 2017, their joint Threat-Focused Reverse Engineering project has worked on software analysis tools to address complex cyber threats targeting government systems and critical infrastructure.
Thorium serves as a central system for integrating various malware analysis tools, both new and legacy. It supports automation and data processing, allowing analysts to assess and prioritize threats efficiently using commercial, custom, and open-source resources.
The release of Thorium builds on Sandia’s history in cybersecurity research. In 2007, the laboratory launched the FARM database, which now stores nearly 300 million malware samples. Projections indicate that this number could surpass one billion within the next decade. The FARM database relies on Thorium for rapid analysis of these samples.
“Thorium is the latest iteration in a series of platforms and tools Sandia has developed to automate malware analysis,” said Michael Carson, lead developer. “The team has learned a lot over that time, and Thorium is the end result.”
Carson described Thorium as “almost infinitely scalable” and designed for “massive automation and customization.”
By releasing Thorium as open-source software, Sandia aims to help organizations adopt a common foundation for malware analysis. The platform uses Google’s Kubernetes container management system to automate scaling and deployment of applications. This industry-standard approach allows security teams to develop, package, and share tools more easily across the community.
“Enabling easy sharing and integration of malware analysis capabilities is the primary driver for open sourcing the Thorium platform,” said Kevin Hulin, capability manager. “By offering a baseline platform for free, we hope tool developers begin adopting it as a standard for how tools are deployed. That way, researchers can spend more time developing tools and less time solving system integration problems.”
Sandia is also using machine learning techniques with Thorium to process large volumes of data collected through its toolset in order to speed up analysis.
