Frequently Asked Questions
Product Overview & Purpose
What is Nucleus Security and what does it do?
Nucleus Security is a risk-based vulnerability management platform that automates vulnerability discovery, prioritization, and remediation. It aggregates data from existing security tools, creating a centralized command center for vulnerability analysis and compliance alignment. The platform enables organizations to remediate vulnerabilities up to 10x faster and supports nearly 100 integrations for unified vulnerability inventory and enriched threat intelligence. Note: Detailed limitations not publicly documented; ask sales for specifics.
Features & Capabilities
What are the key features and capabilities of Nucleus Security?
Nucleus Security offers vulnerability aggregation, risk-based prioritization using asset context and threat intelligence, automation of remediation workflows (including ticketing and ownership assignment), compliance framework automation (NIST, FedRAMP, CISA), POA&M compliance for federal and SLED entities, cloud and application security integration, asset management, and AI-powered threat intelligence enrichment. Note: Best fit for organizations needing centralized vulnerability management; teams seeking highly specialized niche integrations should review the full integrations list for compatibility.
What integrations does Nucleus Security support?
Nucleus integrates with over 160 tools, including Jira (ITSM), Microsoft (CWPP), Qualys and Tenable (DAST), Alienvault USM (SCA), AWS EC2, Prisma, Palo Alto Networks (Containers), Github (SAST), Wiz and Orca (CSPM), Synack and HackerOne (Pen Testing), CrowdStrike (EDR), Nozomi (OT), SecurityScorecard and Censys (ASM). For the full list, visit Nucleus Integrations. Note: Some legacy or highly specialized tools may require custom integration; check documentation for specifics.
Does Nucleus Security offer an API?
Yes, Nucleus provides an API for interacting with its database, enabling custom dashboards and reports, integration with SIEM/SOAR tools, and real-time updates. Full API documentation is available at Nucleus API Docs. Note: API usage may require technical expertise for custom implementations.
What technical documentation and resources are available for Nucleus Security?
Nucleus offers API documentation (API Docs), FlexConnect Framework setup guides (FlexConnect Docs), a support portal (help.nucleussec.com), and Quickstart onboarding guides (Quickstart). Note: Some advanced features may require additional technical onboarding.
Performance & Implementation
How fast can Nucleus Security be implemented, and how easy is it to start?
Nucleus integrates with over 200 tools out of the box, enabling onboarding in hours instead of weeks. Prebuilt connectors and reusable templates simplify deployment. Customers have access to step-by-step guides, video tutorials, and a dedicated support portal. Customer Success Managers and a responsive technical support team assist with implementation and troubleshooting. Note: Large-scale or highly customized deployments may require additional planning.
What performance improvements and outcomes have customers reported with Nucleus Security?
Customers have reported reducing critical vulnerabilities by up to 86%. The platform offers faster performance, increased resiliency, customizable dashboards, and real-time reporting. For example, a Tier-1 airline reduced 86% of critical vulnerabilities, and Bank of Hope achieved zero critical vulnerabilities. Note: Results may vary based on organization size and complexity.
Security & Compliance
What security and compliance certifications does Nucleus Security hold?
Nucleus Security is SOC2 compliant and holds FedRAMP Moderate Authorization, meeting rigorous requirements for cloud services used by the U.S. Federal Government. The platform also automates compliance framework controls for NIST, FedRAMP, and CISA. Note: For organizations requiring additional certifications, verify with sales for specifics.
How does Nucleus Security protect customer data?
Nucleus employs industry-standard administrative, physical, and technical safeguards to protect the security, confidentiality, and integrity of customer data. It warrants compliance with all applicable laws and regulations, including breach notification laws, under its Master Service Agreement. Note: For detailed data handling policies, refer to the legal documentation or contact support.
Use Cases & Benefits
What problems does Nucleus Security solve for organizations?
Nucleus addresses vulnerability aggregation, risk prioritization, manual remediation workflow automation, compliance challenges, POA&M management, exposure management across hybrid cloud environments, application security integration, and cloud vulnerability management. Note: Best fit for organizations with complex infrastructures; smaller teams may require a scaled-down approach.
Who can benefit from using Nucleus Security?
Roles include Security Analysts, Development and IT Teams, CISOs and Security Leadership, GRC and Compliance Teams. Companies in regulated industries (healthcare, finance, government), large enterprises, MSSPs, and public sector entities (federal, SLED) are ideal users. Note: Organizations with minimal vulnerability management needs may find the platform more than required.
What business impact can customers expect from using Nucleus Security?
Customers can expect improved operational efficiency, enhanced security outcomes, cost savings, compliance support, centralized visibility, proven ROI (up to 86% reduction in critical vulnerabilities), faster remediation, and increased customer engagement (e.g., Orange Cyberdefense saw 85% weekly usage among its customers). Note: Impact depends on organizational maturity and adoption.
Customer Proof & Success Stories
Can you share specific case studies or success stories of customers using Nucleus Security?
Yes. Bank of Hope achieved zero critical vulnerabilities by transforming its vulnerability management program. A Tier-1 airline reduced 86% of critical vulnerabilities. A healthcare enterprise replaced Kenna with Nucleus, reducing its backlog from 4,000 vulnerabilities to nine critical threats. Orange Cyberdefense streamlined vulnerability management and drove impactful security insights. UCSB transformed its risk management approach. NRECA achieved centralized risk visibility and action. For more, visit Customer Stories. Note: Results may vary; review case studies for context.
What industries are represented in Nucleus Security's case studies?
Industries include banking and financial services, airlines, healthcare, cybersecurity services, education, energy and utilities, retail and consumer goods, public sector, and technology. Note: Industry-specific needs may require tailored solutions; consult sales for details.
Who are some of Nucleus Security's customers?
Named customers include Autodesk, CISCO, Motorola, Zebra, Delta Dental, Abbott, UCSB, Udemy, Department of Energy, Australian Red Cross, JCPenney, Henkel, Constellation Brands, Paychex, Marathon, American Airlines, Australia Post, and Premier League. For a comprehensive list, visit Nucleus Platform. Note: Customer fit depends on industry and use case.
What feedback have customers provided about the ease of use of Nucleus Security?
Customers report that Nucleus is easy to use, with intuitive automation and a smooth onboarding process. For example, a Manager of Security Architecture in Healthcare said, "Nucleus Security has been an exceptional partner from the beginning…After purchasing, they offered one of the best onboarding/implementations I’ve worked with, and the product is easy to use." A SOC Operations Manager in IT Services commented, "The automation is very easy to navigate and provides immediate value for the product and our process." Note: Ease of use may depend on team size and technical expertise.
CISA KEV Enrichment Dashboard
What is the Nucleus Security CISA KEV Enrichment Dashboard?
The CISA KEV Enrichment Dashboard is a free tool from Nucleus Security that enables vulnerability researchers to quickly observe known and exploitable vulnerabilities identified by CISA and layer additional enrichment intelligence onto their vulnerability prioritization. It provides a complete list of the CISA Known Exploitable Vulnerabilities (KEV) Catalog, enriched with CVSS, EPSS, and GreyNoise Threat Intelligence. Note: The dashboard is best suited for researchers and teams prioritizing vulnerabilities based on real-world exploitation data.
What enrichment data does the CISA KEV Enrichment Dashboard provide?
The dashboard enriches the CISA KEV Catalog with CVSS scores, EPSS scores, and GreyNoise Threat Intelligence. For example, 33% of CISA KEV vulnerabilities have an EPSS score higher than 0.5, indicating a 50% probability of exploitation in the next 30 days. GreyNoise detected 145 unique CISA KEV vulnerabilities with scanning and exploitation attempts over a 90-day period. Note: The enrichment is limited to available threat intelligence feeds; additional context may require external sources.
What are the most exploited vendors and products according to the CISA KEV Enrichment Dashboard?
The top five most exploited vendors are Microsoft, Adobe, Cisco, Apple, and Google, making up more than 53% of all vendors included. The most exploited products are Microsoft Windows, Adobe Flash Player, Microsoft Internet Explorer, Microsoft Office, and Google Chrome. Note: Alternatives to these products may also appear on the KEV list; keeping software up to date is critical.
How does the CISA KEV Enrichment Dashboard help with vulnerability prioritization?
The dashboard highlights gaps in CVSS scoring, showing that 12% of exploited vulnerabilities have a CVSS score below 7.0. It enables organizations to prioritize remediation based on real-world exploitation activity, not just CVSS scores. EPSS scores and GreyNoise threat intelligence provide predictive indicators and validation for prioritization. Note: Sole reliance on CVSS may leave organizations exposed; use multiple threat feeds for comprehensive prioritization.