Listing Thumbnail

    Nucleus Enterprise Vulnerability Management Platform

     Info
    Deployed on AWS
    Nucleus accelerates enterprise vuln management with risk-based decisions and automated workflows.
    4

    Overview

    Risk Based Vulnerability Management Nucleus is redefining the vulnerability management software category as the single source of record for all assets, vulnerabilities, and associated data. We unlock value from your existing tools and place you squarely on the path to program maturity by unifying the people, processes, and technology involved in vulnerability management. With Nucleus, you receive unmatched visibility into your program and a suite of tools with functionality that simply cant be replicated in any other way.

    Remediate What Matters Most

    Nucleus sits at the nexus of your vulnerability data, asset information, and embedded threat intelligence. Providing contextually relevant data at your fingertips, allowing for automated response at scale. Nucleus combines all the asset information, vulnerability data from scanning tools, and threat intelligence from Mandiant into one single platform for vulnerability teams to eliminate laborious manual data analysis and accelerate decision making and prioritization.

    Highlights

    • Here are the features supported by this Product Native connectors: Yes FlexConnect integrations: Yes Role-based access control: Yes Asset group access control: Yes Trends page: Yes In-platform reports: Yes Bulk data export: Yes Manual and automated ticket integrations: Yes Publicly available threat intelligence (NVD, CISA KEV) integration: Yes Mandiant threat intelligence integration: Yes Recorded Future integration (sold separately): Yes

    Details

    Delivery method

    Deployed on AWS
    New

    Introducing multi-product solutions

    You can now purchase comprehensive solutions tailored to use cases and industries.

    Multi-product solutions

    Features and programs

    Financing for AWS Marketplace purchases

    AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
    Financing for AWS Marketplace purchases

    Pricing

    Nucleus Enterprise Vulnerability Management Platform

     Info
    Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
    Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator  to estimate your infrastructure costs.

    12-month contract (1)

     Info
    Dimension
    Description
    Cost/12 months
    Platform
    Platform License
    $100,000.00

    Vendor refund policy

    All sales are final, non-refundable, and non-returnable except with respect to Products that do not meet applicable specifications in the relevant Documentation.

    How can we make this page better?

    Tell us how we can improve this page, or report an issue with this product.
    Tell us how we can improve this page, or report an issue with this product.

    Legal

    Vendor terms and conditions

    Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .

    Content disclaimer

    Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.

    Usage information

     Info

    Delivery details

    Software as a Service (SaaS)

    SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.

    Support

    Vendor support

    Standard Support provides access to our global support team via our support portal, access to online resources and knowledge base. Support First Response SLA (Business Hours) Unlimited Email Support Customer Portal Knowledge Base Nucademy (Nucleus online training) Premium Support is our highest level of support for Enterprise customers, providing virtual support sessions, access to an Executive Sponsor, and chat support via Slack integration.

    Support First Response SLA (Business Hours) Unlimited Email Support Customer Portal Knowledge Base Nucademy (Nucleus online training) Virtual Support Sessions Enhanced Support Ticket Priority 24x7x365 Critical Support Response (P1 Only) Proactive Monitoring + Support Named Executive Sponsor Slack Communication

    For more information visit

    AWS infrastructure support

    AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.

    Product comparison

     Info
    Updated weekly

    Accolades

     Info
    Top
    100
    In Analytic Platforms

    Customer reviews

     Info
    Sentiment is AI generated from actual customer reviews on AWS and G2
    Reviews
    Functionality
    Ease of use
    Customer service
    Cost effectiveness
    2 reviews
    Insufficient data
    Insufficient data
    Insufficient data
    Insufficient data
    1 reviews
    Insufficient data
    Insufficient data
    Insufficient data
    Insufficient data
    Positive reviews
    Mixed reviews
    Negative reviews

    Overview

     Info
    AI generated from product descriptions
    Native Data Connectors
    Supports native connectors for integrating vulnerability data from multiple sources and scanning tools
    Threat Intelligence Integration
    Integrates Mandiant threat intelligence, publicly available threat intelligence from NVD and CISA KEV, and Recorded Future intelligence for contextual vulnerability analysis
    Role-Based Access Control
    Implements role-based access control and asset group access control for managing user permissions and data visibility
    Automated Workflow and Ticketing
    Supports manual and automated ticket integrations for streamlined remediation workflows and response automation at scale
    Reporting and Data Export
    Provides in-platform reporting capabilities, trends analysis, and bulk data export functionality for vulnerability program visibility and analysis
    Exploit Intelligence Integration
    Couples exploit intelligence with vulnerability intelligence to provide insights into vulnerability prioritization and remediation strategies.
    Multi-Domain Vulnerability Coverage
    Includes vulnerability data across open source packages, dependencies, ICS/OT, IoMT, IoT, and mobile devices.
    Integrated Vulnerability Data Aggregation
    Consolidates data from NIST National Vulnerability Database (NVD) and CISA KEV catalog into a single platform.
    Autonomous Intelligence System
    Built on a fully autonomous system in software for vulnerability and exploit intelligence generation.
    Initial Access Intelligence
    Provides intelligence for detection of initial access vectors used by adversaries.
    Risk-Based Vulnerability Management
    Automated vulnerability assessment and prioritization based on risk scoring across cloud and on-premises infrastructure
    Automated Patch Management
    Automated patching capabilities for operating systems and over 100 third-party applications across cloud and on-premises environments
    Multi-Vector Endpoint Detection and Response
    Multi-vector EDR technology with integrated antimalware capabilities for endpoint protection
    Ransomware Protection
    Ransomware detection and protection mechanisms integrated within the vulnerability management framework
    Consolidated Security Operations
    Unified platform consolidating vulnerability assessment, remediation, and endpoint protection tools into a single solution

    Contract

     Info
    Standard contract
    No
    No

    Customer reviews

    Ratings and reviews

     Info
    4
    2 ratings
    5 star
    4 star
    3 star
    2 star
    1 star
    0%
    100%
    0%
    0%
    0%
    2 AWS reviews
    Venkata Kaza

    Unified vulnerability workflows have transformed how our teams prioritize and resolve critical risks

    Reviewed on Jul 06, 2026
    Review from a verified AWS customer

    What is our primary use case?

    In the initial phase when we first brought Nucleus Security  into our environment, instead of immediately pushing it into full production, I spent some time exploring the interface, connecting a few test data sources, and seeing how the platform aggregates vulnerabilities in real time. Specifically, I was testing how well it ingested scan data from different tools we use and seeing how the automation rules reacted to those findings. It was basically a hands-on trial period to see how the platform prioritizes the risks and handles asset grouping before we fully integrated it into our daily monitoring and incident response workflows.

    I was specifically focusing on setting up automation rules for vulnerability ticketing and risk scoring. In our line of work, we get flooded with scan data from multiple scanners. I wanted to see how intelligently the platform could aggregate those duplicates into a single actionable record. I spent some time setting up the criteria to automatically route high priority vulnerabilities to the right technical teams and tracking how well the tool managed the lifecycle of an incident from discovery to remediation.

    In our organization, Nucleus Security  is deployed using a hybrid cloud approach. Nucleus Security itself operates as a secure SaaS platform, which makes it incredibly easy to manage without us having to worry about hosting the infrastructure or managing server updates ourselves. However, because our organization manages a complex infrastructure including internal data centers, private cloud environments, and public cloud services, the platform is integrated across all of them. We use their secure connectors and APIs to safely pull vulnerability data from our infrastructure and centralize everything into their cloud interface. This gives us the best of both worlds: a low-maintenance SaaS tool that still has full visibility into our entire hybrid estate.

    We use AWS  the most within Nucleus Security. A massive chunk of our core cloud infrastructure and workloads live there, so it is naturally our primary data source. We heavily rely on Nucleus Security to ingest and centralize everything coming out of our native AWS  security tools, such as Amazon GuardDuty, Inspector , and AWS Security Hub , alongside our standard network and application scanners. The platform is especially useful here because it handles cloud-native vulnerabilities really well, particularly when it comes to tracking ephemeral or short-lived assets and automatically organizing them based on our existing AWS resource tags.

    We purchased Nucleus Security directly through the AWS Marketplace . It made the entire procurement and billing process much smoother since we could consolidate the subscription cost right into our existing enterprise AWS billing agreement.

    What is most valuable?

    For me, the absolute best feature of Nucleus Security is its ability to aggregate and deduplicate data from all our different scanning tools into a single pane of glass. Instead of having our teams dig through separate massive reports from network scanners, cloud tools, and application tests, Nucleus Security normalizes all that data into one place and saves us an incredible amount of manual effort. Another massive standout is the automation engine, which allows us to set up custom triage rules that instantly route high severity vulnerabilities to the right teams or automatically assign due dates based on SLA policies, taking a huge operational burden off our shoulders.

    The out-of-the-box API connectors and integrations make it incredibly easy to hook into existing tools without requiring massive custom development. It works smoothly with whatever scanning tools or ticketing platforms we already have in place, which made the initial rollout much less painful.

    The biggest positive impact of Nucleus Security has been a massive reduction in our time to remediation. Before using the platform, our technical team spent too many hours trying to sort through conflicting scan data and figure out who was responsible for patching what. By centralizing everything, Nucleus Security has completely eliminated that friction and dramatically cut down on alert fatigue across our infrastructure and support teams because the platform prioritizes risk based on real-world threat intelligence. We are no longer wasting time chasing minor internal issues as if they were major fires. We can instantly pinpoint what is actually critical, assign it to the right teams automatically, and track it through to completion. Nucleus Security has fundamentally changed how we manage our vulnerability lifecycle and made our entire incident response process much more proactive, organized, and reliable.

    What needs improvement?

    While the platform is incredibly powerful, the initial configuration curve of Nucleus Security can be a bit steep. When first setting up complex, multi-layered automation rules and asset groupings, the interface can feel a little overwhelming. Having more intuitive step-by-step visualized wizards or guided templates for building complex triage workflows would make the onboarding process much smoother for new team members.

    Dashboard customization and reporting would definitely be on my wish list. While the default dashboards are great for a general overview, it can take a bit of manual tweaking when building highly tailored workspace views for different engineering groups. Having a more flexible drag-and-drop widget system where individual teams can prioritize exactly what metrics they see first on their layout would be a huge quality of life update. On the reporting side, the data it generates is solid, but I would like to see more granular control over formatting within the platform itself. Sometimes leadership wants data tailored in very specific ways, and currently, we occasionally have to export the data and clean it up externally to meet those exact visual preferences.

    For how long have I used the solution?

    I have been using Nucleus Security for over four years.

    What do I think about the stability of the solution?

    Nucleus Security is definitely stable. I would recommend it to anyone in this role to get this task done easily. We rarely, if ever, encounter downtime or performance degradation, even when the platform is running massive automation rules and background synchronization tasks during peak operational hours. It feels incredibly enterprise-grade and dependable.

    What do I think about the scalability of the solution?

    Nucleus Security performs at a high rate for scalability. The platform has done a great job of handling both stability and scalability excellently. On the scalability part, it grows seamlessly as we have onboarded new cloud workloads.

    How are customer service and support?

    I would describe Nucleus Security's customer support as absolutely fantastic. I would rate the customer support of Nucleus Security at a ten on a scale of one to ten.

    Which solution did I use previously and why did I switch?

    This is the first vulnerability management solution that I have tried out, and it worked well for us. I did not get to evaluate other options as this was suggested by our client to see how it would work for us, and it definitely made our day easier and our task easier as well.

    How was the initial setup?

    I would advise starting with Nucleus Security from scratch and then making use of all the tools in place so that it would give a better understanding of things. My biggest piece of advice would be to map out your existing vulnerability management and incident response workflows before starting to build out your rules in the platform.

    What was our ROI?

    We have seen an absolutely clear return on investment in Nucleus Security, and it primarily shows up in massive time savings and vastly improved resource utilization. Rather than reducing our headcount or needing fewer employees, it has been about reclaiming engineering hours. Before implementing the platform, our core technical teams were spending roughly fifteen to twenty hours a week just manually aggregating spreadsheets, trying to deduplicate scanning data, and routing tickets to the right infrastructure owners.

    Which deployment model are you using for this solution?

    Hybrid Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Amazon Web Services (AWS)
    reviewer2850051

    Unified vulnerability data has transformed risk prioritization and optimized remediation effort

    Reviewed on Jun 09, 2026
    Review from a verified AWS customer

    What is our primary use case?

    My main use case for Nucleus Security  is unifying the vulnerability management landscape, providing a single source of truth for vulnerabilities.

    What is most valuable?

    The best features that Nucleus Security  offers in my experience are the unified integrations with all of the different vulnerability management platforms. It is helping quite a lot to unify all of that. It also offers good prioritization based on the EPSS or the CVSS score, as well as different other factors including Mandiant threat intelligence and similar aspects. It helps bring it all into one big picture instead of different silos of vulnerabilities.

    The integrations make my job easier because I can connect my other tools, which is the most important part of this tool to bring in all the vulnerabilities from the different other tools. The prioritization changed it from chasing vulnerabilities or pushing colleagues to patch vulnerabilities to providing colleagues with their vulnerabilities and requesting remediation and patching.

    Nucleus Security positively impacts my organization by bringing awareness to vulnerability management since we can actually determine how many vulnerabilities we have and how critical the risk is, or we can quantify the risk overall for the company.

    What needs improvement?

    Nucleus Security needs a better view into exposure management, as exposure management and attack path management are missing. It also needs better and easier self-service integrations, as the integration might take longer than desired.

    I do not really use the integration with the ticketing systems. It is reliable, but it is not that easy. I think they will improve it in the future to make it easier to integrate new tools.

    For how long have I used the solution?

    I have been using Nucleus Security for around two years.

    What do I think about the stability of the solution?

    Nucleus Security is stable most of the time, but not always; the performance varies.

    What do I think about the scalability of the solution?

    As long as I purchase enough licenses, Nucleus Security can scale as much as I want.

    How are customer service and support?

    Customer support has met our expectations. While faster response times would enhance the experience, the support provided has been reliable and effective.

    Which solution did I use previously and why did I switch?

    I did not previously use a different solution; the topic of unified vulnerability management is rather new, so I did not have any solution before that.

    How was the initial setup?

    The pricing, setup costs, and licensing are reasonable; while it isn’t a budget option, it offers fair value for the price.

    What was our ROI?

    I have seen a return on investment. With security, it is always hard to quantify, and we did not really save money, but we used time more effectively and changed our way of working. I would say time saved is the primary benefit.

    Which other solutions did I evaluate?

    Before choosing Nucleus Security, I evaluated other options and looked into all the other solutions, but at that point in time, Nucleus Security was the main company offering something like this, making it clear that Nucleus Security would be the company to go with.

    What other advice do I have?

    I assess Nucleus Security's feature of providing unified exposure visibility across all tools I use as great because I can use all of the data and get all the vulnerabilities in one central place. It has a lot of capabilities, and this is the strongest feature of Nucleus Security. Providing this unified exposure visibility is doing a good job. The integrations could be easier, but the rest is working rather well. I have to work a lot with asset rule lists, so I have to do a lot of automation or processing of the data in Nucleus Security, but at the end of the day, as soon as I set up those rules, I am good to go.

    Risk-based prioritization is crucial for addressing vulnerabilities in my organization because I cannot fix all the vulnerabilities; I have to know what I need to handle, how big the risk is, and what the highest risk is that I need to tackle. That is exactly what Nucleus Security is offering.

    I did not use the risk reduction measurement feature in Nucleus Security, as risk reduction measurement is not something I am familiar with, but I have used the metrics and trends from Nucleus Security to assess how we are developing, especially regarding the remediation performance.

    My advice for others looking into using Nucleus Security is to think about your processes as well. You need to consider where you want to go and think a lot about how you want to use and work with vulnerabilities in the future. I have given this review a rating of eight out of ten.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    View all reviews