Sold by: Nucleus Security
Deployed on AWS
Nucleus accelerates enterprise vuln management with risk-based decisions and automated workflows.
3.8
Overview
Risk Based Vulnerability Management Nucleus is redefining the vulnerability management software category as the single source of record for all assets, vulnerabilities, and associated data. We unlock value from your existing tools and place you squarely on the path to program maturity by unifying the people, processes, and technology involved in vulnerability management. With Nucleus, you receive unmatched visibility into your program and a suite of tools with functionality that simply cant be replicated in any other way.
Remediate What Matters Most
Nucleus sits at the nexus of your vulnerability data, asset information, and embedded threat intelligence. Providing contextually relevant data at your fingertips, allowing for automated response at scale. Nucleus combines all the asset information, vulnerability data from scanning tools, and threat intelligence from Mandiant into one single platform for vulnerability teams to eliminate laborious manual data analysis and accelerate decision making and prioritization.
Highlights
- Here are the features supported by this Product Native connectors: Yes FlexConnect integrations: Yes Role-based access control: Yes Asset group access control: Yes Trends page: Yes In-platform reports: Yes Bulk data export: Yes Manual and automated ticket integrations: Yes Publicly available threat intelligence (NVD, CISA KEV) integration: Yes Mandiant threat intelligence integration: Yes Recorded Future integration (sold separately): Yes
Details
Sold by
Categories
Delivery method
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
Platform | Platform License | $100,000.00 |
Vendor refund policy
All sales are final, non-refundable, and non-returnable except with respect to Products that do not meet applicable specifications in the relevant Documentation.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Support
Vendor support
Standard Support provides access to our global support team via our support portal, access to online resources and knowledge base. Support First Response SLA (Business Hours) Unlimited Email Support Customer Portal Knowledge Base Nucademy (Nucleus online training) Premium Support is our highest level of support for Enterprise customers, providing virtual support sessions, access to an Executive Sponsor, and chat support via Slack integration.
Support First Response SLA (Business Hours) Unlimited Email Support Customer Portal Knowledge Base Nucademy (Nucleus online training) Virtual Support Sessions Enhanced Support Ticket Priority 24x7x365 Critical Support Response (P1 Only) Proactive Monitoring + Support Named Executive Sponsor Slack Communication
For more information visit
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Nucleus Security
By VulnCheck
By Qualys
Top
100
In Analytic Platforms
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Native Data Connectors
Supports native connectors for integrating vulnerability data from multiple sources and scanning tools
Threat Intelligence Integration
Integrates Mandiant threat intelligence, publicly available threat intelligence from NVD and CISA KEV, and Recorded Future intelligence for contextual vulnerability analysis
Role-Based Access Control
Implements role-based access control and asset group access control for managing user permissions and data visibility
Automated Workflow and Ticketing
Supports manual and automated ticket integrations for streamlined remediation workflows and response automation at scale
Reporting and Data Export
Provides in-platform reporting capabilities, trends analysis, and bulk data export functionality for vulnerability program visibility and analysis
Exploit Intelligence Integration
Couples exploit intelligence with vulnerability intelligence to provide insights into vulnerability prioritization and remediation strategies.
Multi-Domain Vulnerability Coverage
Includes vulnerability data across open source packages, dependencies, ICS/OT, IoMT, IoT, and mobile devices.
Integrated Vulnerability Data Aggregation
Consolidates data from NIST National Vulnerability Database (NVD) and CISA KEV catalog into a single platform.
Autonomous Intelligence System
Built on a fully autonomous system in software for vulnerability and exploit intelligence generation.
Initial Access Intelligence
Provides intelligence for detection of initial access vectors used by adversaries.
Risk-Based Vulnerability Management
Automated vulnerability assessment and prioritization based on risk scoring across cloud and on-premises infrastructure
Automated Patch Management
Automated patching capabilities for operating systems and over 100 third-party applications across cloud and on-premises environments
Multi-Vector Endpoint Detection and Response
Multi-vector EDR technology with integrated antimalware capabilities for endpoint protection
Ransomware Protection
Ransomware detection and protection mechanisms integrated within the vulnerability management framework
Consolidated Security Operations
Unified platform consolidating vulnerability assessment, remediation, and endpoint protection tools into a single solution
Standard contract
No
No
Customer reviews
Biswajit Jena
Centralized security testing has improved vulnerability remediation and compliance reporting
Reviewed on Mar 16, 2026
Review from a verified AWS customer
What is our primary use case?
My main use case for Nucleus Security is for both SAST and DAST mechanisms to test the code and dynamic code and static code together because I get a single dashboard for both, and that is really a centralizing finding that helps and also helps to remove duplicate vulnerabilities, fixing critical issues, and faster remediation. So, it's not just starting from a centralized dashboard to dev tool integration and risk, but also gives a better reporting where you can see improved compliance and metrics together.
One way the developer uses the code is that as soon as they incorporate the code, they use purely on Jira webhook, GitHub , GitLab , CI/CD model. They have their own codebase configured into their Integrated Development Environment. Then we start testing with different kinds of scanners including Fortify, Checkmarx, Veracode , and so on. In this case, you see the code vulnerabilities and also it fits the Open Web, OWASP jab and so on. Once you check these different tools, you can identify the vulnerabilities of one application in one place. In a similar way, as you run all these tools and the codebase at the same time, that is part of the application level, database level, front-end level, and back-end level. So all together, we can test from the codebase to application front. That is self-sufficient.
I could add more to my main use case for Nucleus Security , especially because there is a mobile application. The mobile application tests more on different TestNG and various behavior testing, where you can do front-end, back-end, and some code test, which will be easier to do. In the case of the Rich Client Platform, such as RCP, Eclipse RCP, and NetBean RCP kind of environments, what happens is that the code is written in different ways and across different systems, resulting in occasional link failures. I would like to know whether the on-premises tool, specifically Nucleus Security, has a mechanism for that. In another way, there is a mechanism of Eclipse RCP or NetBean RCP kind of Rich Client Platform where users can install on-premises, remotely, or locally. In this case, sometimes we feel we only manually pull the code and test it independently, and everything is done. Then, once it is installed and the installer is ready, it becomes challenging to test everything together compared to the web front and other local or remote deployments of the web application compared to the RCP.
What is most valuable?
I think the best features that Nucleus Security offers are purely the faster remediation to dev tools, which is crucial for managing, prioritizing, and fixing vulnerabilities while helping operational pipelines run these vulnerability management tools. It stands out as one of the best compared with others.
Regarding faster remediation and managing, prioritizing, and fixing vulnerabilities across the pipeline, we use multiple tools—not only is Nucleus Security one of them, but we also perform multiple testing tools, manual tests, and regression tests including various unit tests, system tests, integration tests, and so on. We employ different tools for performance loading, capacity, and API testing. However, in this case, the tool is limited. As I mentioned, there are substantial benefits to using this tool. The unique aspect is that some of the other tools do not facilitate duplicate vulnerability removal. Here , we have a de-duplication mechanism, and if some tools provide easier remediation, that is also a significant advantage compared to the other tools.
The way Nucleus Security positively impacts my organization is that the team feels very focused, and they trust the reports generated from the tools compared to others. I often recommend the tool to a few of our customers based on my experience, and when I receive any positive feedback from any tool, I also suggest Nucleus Security to the team.
What needs improvement?
I recommend more enhancements focusing on penetration testing for both SSL over HTTP and non-SSL over HTTP, specifically targeting the RCP Rich Client Platform and Equinox frameworks that allow on-premises desktop applications to be tested simultaneously. I believe those would significantly improve the tool in the future.
I choose eight as my rating primarily because of the installer app; it becomes challenging to identify the actual vulnerabilities. Once we build this installer—rather than just working on the codebase—sometimes, we face gaps considering the build parameters and conversions to the installer. Identifying those gaps is an area that could use improvement after the installer or desktop application testing, which would be beneficial. That is the only reason; otherwise, I could easily rate it a ten out of ten given its smooth operational process.
For how long have I used the solution?
I have been using Nucleus Security for the last seven to eight years.
What do I think about the stability of the solution?
Nucleus Security is indeed stable.
What do I think about the scalability of the solution?
Its scalability in application is substantial. It supports larger applications and can easily scale, accelerating both application performance and business growth since it efficiently manages multiple user bases and applications running concurrently.
How are customer service and support?
The customer support is very nice.
Which solution did I use previously and why did I switch?
In the past, we have utilized different solutions. Previous tools involved a partnership with an Ireland-based company, which we utilized over a couple of years. Although they were somewhat costly, we relied on these for various compliance checks and reports on several platforms, including both medical applications and clinical trial platforms. However, we recognized certain limitations in visibility with those tools, prompting us to train developers better and avoid duplication during reporting, ultimately leading us to switch to tools that provide enhanced visibility and reporting.
What was our ROI?
I can assert that there is a tangible return on investment (ROI). While discussing with customers, they follow the investment ROI guidelines. Quality, vulnerability management, and security hold significant value for us as a solution provider. However, we do not specifically count ROI for these tools; I justify using the tool whenever I recommend it to customers, and they tend to agree based on that justification.
What's my experience with pricing, setup cost, and licensing?
I do not believe that the cost for Nucleus Security setup is excessively high. The pricing appears reasonable; it varies based on workload but still embodies value-driven services that justify the investment.
Which other solutions did I evaluate?
Before choosing Nucleus Security, we did evaluate other options, such as Parasoft. Although we had not used it extensively—only trialed it on one or two projects—before ultimately deciding to move forward with Nucleus Security. We also explored some open-source tools and other licensed penetration testing solutions, but limited in usage, thus examining multiple options.
What other advice do I have?
I think there are many features, but due to time constraints, I feel my inputs would be valuable. We would be actively using these tools, and I would suggest that people utilize them. For instance, if you cannot compare with Parasoft Jtest and others, including SonarQube , there are indeed many tools. However, this is one tool where you can process workflows smoothly, step-by-step. You have all the dashboards in one place with easy usability and clear reporting and metrics in view also. I would recommend that developers utilize all this visibility in one setup—not just at the application level, but also by linking to your repository directly where you implement the CI/CD model, pipelines, repository APIs, and comprehensive visibility. Right now, if there is a scripting or API layer vulnerability, it could be critical in failure. Therefore, you need to manage it adequately and also comply with different frameworks. Automated compliance reporting and security metrics are significant advantages of this dashboard.
Most customers look for the abstraction layer that I provide. Whatever you do from the beginning of writing code, the abstraction and code abstraction are very important. It defines everything. You see the outcome, which is often sufficient for the customer. Code abstraction, along with detailed drill-down of all elements highlighting key areas to work on, provides better visibility.
The advice I would give to those considering using Nucleus Security is that it really depends on the type of users they are. They need to evaluate based on their industry domain. Most individuals look into whether they adhere to different compliance standards. If they follow compliance regulations such as SOC 2, SOX, PCI, ISO 27,001, they can better control risk, reporting, application behavior, and metrics. There are various compliance standards such as GDPR and CCPA as well. Tools that provide improved visibility will undoubtedly meet customer expectations and queries. I rated Nucleus Security an eight out of ten in this review.
reviewer2808414
Improved radiation safety and compliance has supported patient care but daily workflows still need refinement
Reviewed on Mar 11, 2026
Review from a verified AWS customer
What is our primary use case?
I have been using Nucleus Security for the past few years in my company, particularly in the healthcare field.
I use Nucleus Security especially for understanding radiation safety, nuclear medicine, and risk management in clinical settings. For healthcare, I use it most often to support safe handling practices including patient and staff protection, regulatory awareness, and broader health-related preparedness planning.
A specific example is reviewing work related to nuclear medicine exams. I use it to identify procedures such as PET scans or bone scans to ensure that radiation safety protocols, patient identification, documentation, and handling procedures are being followed correctly. On a day-to-day basis, I use that knowledge to support safe care, reduce risks, and help ensure compliance with healthcare standards.
What is most valuable?
The best features are strong risk prevention with clear safety protocols and incident preparedness. For us, the good regulatory support is very important.
These features help strengthen safety culture, improve protocol adherence, and reduce operational risks, especially in healthcare settings involving radiation and nuclear medicine use. They also support better staff awareness regarding clear handling procedures. Strong compliance practice is something we worry about considerably, and this really helps us a great deal. We also feel more confidence that patient teams and all actors involved are protected.
We have seen clear compliance and risk control outcomes more than other operational metrics. A specific positive result is fewer process gaps during documentation and safety checks, as well as strong consistency in following protocols for handling, traceability, and staff awareness. In practice, this means better audit readiness, a lower chance of procedure errors, and faster escalation when something appears out of standard, which is very important for us in the healthcare sector. The main improvements I have noticed are related to better compliance with safety procedures, more consistent documentation, and quick identification of potential risks.
What needs improvement?
I think it can be improved by making it more practical, integrated, and easier for teams to apply in real-world workflow from a healthcare perspective. The main improvements I can see right now are better user training with real-case scenarios rather than only theory, and clear and simple protocols for day-to-day operations. Strong integration between safety compliance and documentation systems would help significantly in practice for the healthcare field, which is a niche field. The biggest gain would come from making security processes easier to follow consistently, especially in busy environments where teams need to be aware of clarity and really need to rely on the documentation they are using.
I chose a rating of seven because it offers strong value in safety, risk reduction, and compliance, especially in healthcare. However, there is still room for improvement in usability and day-to-day integration. Protocols can be too complex in practice sometimes, and some processes can feel heavy and disconnected from our daily workflow.
For how long have I used the solution?
I have used the solution for the past few years.
What do I think about the stability of the solution?
The solution is stable.
What do I think about the scalability of the solution?
It has good potential for scalability.
How are customer service and support?
The support is very good. I have addressed a few questions, and I have no problem receiving answers in a good way.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I think we used a different solution, but I was not aware of it when we used it. I am not quite sure which it was and why it was changed.
What was our ROI?
I have been seeing some returns on investment related to time saved and fewer employee needs. However, I don't have these numbers formally tracked. It is more of a feeling I have, along with the improvements in workflows.
What's my experience with pricing, setup cost, and licensing?
I have a good experience with that, so we don't have much problem dealing with pricing, setup, and licensing.
Which other solutions did I evaluate?
I evaluated four other solutions.
What other advice do I have?
My advice would be to focus first on a practical fit, not only on technical capability. Make sure it supports your real operational workflows, compliance needs, and incident response processes. In healthcare, which is such a high-risk environment, the best approach is to choose a solution that is clear for teams to use in daily life and easy to integrate. I would recommend involving both operational and safety teams early, because adoption works much better when the system is not seen as separate from the daily work. I gave this solution a rating of seven out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud