Vulnerability and Asset Risk Scoring in Nucleus
Nucleus is an aggregation and automation platform for managing vulnerabilities, enabling security teams to conduct vulnerability management and application security activities at scale. One of the core capabilities in Nucleus is the ability to prioritize vulnerabilities and assets by risk, irrespective of the source of the data or the assets that the data pertains to. Nucleus ensures that all vulnerabilities are evaluated in the same place and with the same methodology across all vulnerability discovery systems.
In Nucleus, you control how vulnerabilities are prioritized along a standardized scale comprised of all risk factors, so you always know what you need to fix first and have the flexibility to alter criteria and make decisions on the fly or across different organizations with different prioritization needs. The best part is that you control the weight of the risk attributes based on your organizational and business context as opposed to being forced into an opaque, one-size-fits-all framework determined by others that may not be specific to your unique situation.
The Nucleus methodology for risk prioritization is to rate vulnerabilities independently, each asset independently, and then combine the two ratings (along with weightings of importance) whenever the vulnerabilities are associated with an asset. This allows for flexibility to customize how the risk and vulnerabilities are prioritized, while ensuring that every vulnerability is prioritized in the same manner. This combines the sound methodology of the CVSS system, while implementing the data collection and automation necessary to rate vulnerabilities correctly at scale.
The Nucleus Approach to Risk Scoring
Calculate a vulnerability risk score.
Set weightings to customize risk score.
Calculate asset risk score based on weightings.
Calculate vulnerability – asset combo risk score.
Calculate summary scores / metrics across groups.
The Nucleus Risk Scoring Difference
While other platforms give you potentially unreliable risk scores using black box algorithms with methodologies that are indecipherable, Nucleus gives you more control of how vulnerabilities and assets are scored for risk. With Nucleus, you get transparent, unopinionated risk scoring built on scan and threat intel, and essential business context that you provide. Prescribing to you how to do the job of prioritization is not part of the Nucleus philosophy. We give you the tools to make you better and more efficient at prioritization and across all stages of the VM process.