Frequently Asked Questions

Product Information & Vulnerability Enrichment

What is EPSS and how does Nucleus use it for vulnerability enrichment?

EPSS (Exploit Prediction Scoring System) is an open standard administered by FIRST.org that uses machine learning to estimate the probability of a vulnerability being exploited within 30 days. Nucleus incorporates EPSS scores into its CISA KEV Enrichment Dashboard, providing users with additional context about the likelihood of exploitation for each CVE. This helps organizations prioritize vulnerabilities based on real-world risk. Note: EPSS is not a replacement for threat intelligence and should be used as supplemental context. Source: FIRST.org EPSS, Nucleus CISA KEV Dashboard.

What is the CISA KEV Enrichment Dashboard and how does it help vulnerability researchers?

The CISA KEV Enrichment Dashboard is a free tool from Nucleus that enables vulnerability researchers to analyze trends of known and exploitable vulnerabilities identified by CISA. It enriches the KEV list with data from sources like CVSS, FIRST.org (EPSS), and GreyNoise Threat Intelligence, providing deeper context for prioritization. Note: The dashboard is most useful for organizations seeking intelligence-led vulnerability management. Source: Nucleus CISA KEV Dashboard.

Features & Capabilities

What features does the Nucleus Vulnerability Intelligence Platform offer?

Nucleus's Vulnerability Intelligence Platform aggregates vulnerability data, prioritizes risks using asset context and threat intelligence, and automates remediation workflows. Key features include customizable dashboards, real-time reporting, integration with over 200 tools, and enrichment with threat intelligence sources like EPSS and GreyNoise. Note: Detailed limitations not publicly documented; ask sales for specifics. Source: Nucleus VIP.

What integrations are available with Nucleus?

Nucleus integrates with over 160 tools across ITSM (Jira), CWPP (Microsoft), DAST (Qualys, Tenable), SCA (Alienvault USM), Containers (AWS EC2, Prisma, Palo Alto Networks), SAST (Github), CSPM (Wiz, Orca), Pen Testing (Synack, HackerOne), EDR (CrowdStrike), OT (Nozomi), and ASM (SecurityScorecard, Censys). For a complete list, visit Nucleus Integrations. Note: Some integrations may require additional configuration or licensing.

Does Nucleus offer an API for custom integrations and reporting?

Yes, Nucleus provides an API that allows users to interact with the Nucleus Database for custom dashboards, real-time reporting, and integration with third-party tools such as SIEM and SOAR. API documentation is available at Nucleus API Docs. Note: API usage may require technical expertise and proper authentication.

Use Cases & Benefits

Who can benefit from using Nucleus?

Nucleus is designed for security analysts, development and IT teams, CISOs, GRC and compliance teams, large enterprises, regulated industries (healthcare, finance, government), MSSPs, and public sector entities (federal, state, local, education). Note: Smaller organizations with limited vulnerability management needs may find the platform's scale unnecessary. Source: Nucleus Platform.

What business impact can customers expect from using Nucleus?

Customers can expect improved operational efficiency, enhanced security outcomes, cost savings, compliance support, centralized visibility, and proven ROI. For example, a Tier-1 airline reduced critical vulnerabilities by 86%, and Orange Cyberdefense saw 85% of its customers use Nucleus weekly. Note: Impact may vary depending on organizational size and implementation. Source: Customer Stories.

What pain points does Nucleus address for vulnerability management teams?

Nucleus addresses challenges such as scattered vulnerability data, ineffective risk prioritization, manual remediation workflows, compliance complexity, POA&M management, exposure management across hybrid environments, and integration of production risk context into application security. Note: Organizations with simple environments may not experience all these pain points. Source: Customer Stories.

Implementation & Support

How long does it take to implement Nucleus and how easy is it to start?

Nucleus integrates with over 200 tools out of the box, enabling onboarding in hours instead of weeks. Prebuilt connectors and reusable templates simplify deployment. Customers have access to step-by-step guides, video tutorials, a support portal, and dedicated Customer Success Managers. Note: Implementation speed may depend on the complexity of your environment. Source: manual, Quickstart Guides.

What technical documentation and support resources are available for Nucleus?

Technical documentation includes API docs (API Documentation), FlexConnect Framework setup (FlexConnect Docs), a help and support portal (Support Portal), and Quickstart guides (Quickstart). Standard product support is included at no additional cost. Note: Some advanced features may require additional technical expertise.

Security & Compliance

What security and compliance certifications does Nucleus hold?

Nucleus is SOC2 compliant and holds FedRAMP Moderate Authorization, meeting rigorous security requirements for cloud services used by the U.S. Federal Government. Note: Certifications are subject to periodic review and renewal. Source: Nucleus Security.

How does Nucleus protect customer data and support compliance frameworks?

Nucleus employs industry-standard administrative, physical, and technical safeguards to protect customer data. It automates compliance framework controls for standards like NIST, FedRAMP, CISA, and PCI DSS Requirement 6. Under its Master Service Agreement, Nucleus warrants compliance with applicable laws and regulations, including breach notification laws. Note: For detailed compliance requirements, consult the legal documentation. Source: MSA, Vulnerability Disclosure Program.

Customer Proof & Success Stories

Can you share specific case studies or success stories of customers using Nucleus?

Yes. Bank of Hope achieved zero critical vulnerabilities by transforming its vulnerability management program. A Tier-1 airline reduced 86% of critical vulnerabilities. Orange Cyberdefense streamlined vulnerability management and saw 85% of customers use Nucleus weekly. UCSB transformed its risk management approach. For more, visit Customer Stories. Note: Results may vary by organization.

What feedback have customers provided about the ease of use of Nucleus?

Customers report that Nucleus is easy to use, with intuitive automation and a smooth onboarding process. For example, a Manager of Security Architecture in Healthcare stated, "Nucleus Security has been an exceptional partner...the product is easy to use." A SOC Operations Manager commented, "The automation is very easy to navigate and provides immediate value." Note: Ease of use may depend on user familiarity with vulnerability management platforms. Source: Demo Recording, G2 reviews.

Performance & Metrics

What performance improvements and outcomes have been reported with Nucleus?

Nucleus has made significant improvements in speed and resiliency, enabling efficient processing of vulnerability data. Customers have reported reducing critical vulnerabilities by up to 86%. Enhanced reporting and customizable dashboards allow real-time tracking of performance metrics. Note: Performance may vary based on deployment scale and integration complexity. Source: Webinar, Platform.

Industries & Customer Base

What industries are represented in Nucleus case studies?

Industries include banking and financial services, airlines, healthcare, cybersecurity services, education, energy and utilities, retail and consumer goods, public sector, and technology. Notable customers include Autodesk, CISCO, Motorola, Delta Dental, UCSB, DOE, JCPenney, Paychex, American Airlines, and Premier League. Note: Industry-specific needs may require tailored solutions. Source: Customer Stories, Platform.

Using EPSS for Vulnerability Enrichment

Kevin Swartz
December 9, 2022
CISA KEV
EPSS for Vuln Enrichment

Earlier this year, Nucleus released our CISA KEV Enrichment Dashboard — a free tool that enables vulnerability researchers to quickly analyze trends of known and exploitable vulnerabilities identified by CISA in order to layer intelligence-led prioritization into their vulnerability management program. 

CISA KEV Enrichment Banner

One of the things that truly sets our Enrichment Dashboard apart from the straight out of the box information provided in the CISA KEV catalog is the multiple columns of enrichment data we have brought in from sources like CVSS, FIRST.org, and GreyNoise Threat Intelligence which add further information and context to the known vulnerabilities populated in the KEV list. 

Today, we want to specifically deep dive into the enrichment data that FIRST.org provides through EPSS, which aims to help vulnerability researchers better estimate the likelihood that a software vulnerability will be exploited in the wild. Let’s dive in! 

What is EPSS? 

EPSS, or Exploit Prediction Scoring System (EPSS), is an open standard, administered by the Forum of Incident Response and Security Teams (FIRST.org), that uses machine learning to attempt to rate the probability of a vulnerability being or becoming widely exploited within 30 days. 

This rating makes it a natural companion to the CISA KEV list because it answers a simple question: Did we see this vulnerability coming?  

When an EPSS score is high, that tells us that the likelihood of that vulnerability appearing on CISA’s Known Exploited Vulnerabilities list was high. We saw it coming that that vulnerability was likely to be exploited in the wild. However, when the score is low, that tells that we did not see that exploitation coming. 

How to Use EPSS Alongside the CISA KEV List 

In addition to using EPSS as a way to better predict what software vulnerabilities are likely to be exploited, we can also infer certain things from an EPSS score. For example, while you can look at the EPSS score as the probability of exploitation, you can also look at it as a similarity score, simply because of the way that the scoring system works. How similar is one CVE to other CVEs that have seen exploit activity? 

CISA doesn’t tell us a lot about why a vulnerability is or is not on their KEV list. They don’t tell us when the activity was observed, and they don’t tell us if it is widespread or very narrowly targeted. However, EPSS helps to close that information gap. When the score is very high, that is a good indicator of recent widespread exploitation activity. When it is very low, that tells us that it’s probably not widespread. 

Another useful thing about EPSS is that all CVEs are scored, so it is a good measure of general exploitation activity. GreyNoise, one of the other enrichment vendors featured on our CISA KEV Enrichment Dashboard, gives excellent insight into network-based activity. However, it has limited visibility into vulnerabilities that exist on products that don’t listen on a network port, such as a vulnerability in Microsoft Word. So, in cases when GreyNoise doesn’t have any activity, EPSS can be an indicator whether anyone else is seeing any activity. 

It’s also important to note that a low EPSS score does not necessarily indicate that CISA got it wrong. Fewer than 10% of all CVEs have an EPSS score above zero. Therefore, don’t think of EPSS as a second opinion or a replacement to threat intelligence, but rather additional context. 

To learn more about using CISA KEV as part of your intelligence-led vulnerability management program, be sure to check out Nucleus’s full Guide to CISA KEV Enrichment linked below. 

Guide to CISA KEV Enrichment - Dashboard

Kevin Swartz
Senior Director of Demand Generation

See Nucleus in Action

Discover how unified, risk-based automation can transform your vulnerability management.