Frequently Asked Questions

Product Overview & Use Cases

What is Nucleus and how does it help organizations manage vulnerabilities?

Nucleus is a unified vulnerability and exposure management platform that aggregates, normalizes, and correlates vulnerability data from over 160 scanning tools, asset inventory systems, and threat intelligence sources. It provides centralized visibility, risk-based prioritization, and workflow automation to accelerate remediation and streamline compliance across diverse attack surfaces. Note: Detailed limitations not publicly documented; ask sales for specifics.

Who can benefit from using Nucleus?

Nucleus is designed for security analysts, IT and development teams, CISOs, GRC and compliance teams, and organizations in regulated industries such as healthcare, finance, government, and education. It is also suitable for large enterprises managing complex infrastructures and Managed Security Service Providers (MSSPs) needing multi-tenant architecture. Note: Teams requiring highly specialized vulnerability management workflows may need custom enhancements.

Features & Capabilities

What are the key features of the Nucleus platform?

Nucleus offers integrations with over 160 tools, automation of data ingestion, asset ownership assignments, vulnerability prioritization, ticketing, report generation and delivery, multi-tenancy for managing data among agencies, granular role-based access control, and vulnerability intelligence for consistent risk assignment. Note: Some integrations may require custom development for unique environments.

Does Nucleus support automation for vulnerability management workflows?

Yes, Nucleus automates manual and error-prone processes such as data ingestion, asset ownership assignments, vulnerability prioritization, ticketing, report generation, and report delivery. This enables organizations to scale workflows without increasing headcount. Note: Automation capabilities may be limited by the complexity of legacy systems or unique organizational requirements.

What integrations are available with Nucleus?

Nucleus integrates with over 160 tools, including ITSM (Jira), CWPP (Microsoft), DAST (Qualys, Tenable), SCA (Alienvault USM), Containers (AWS EC2, Prisma, Palo Alto Networks), SAST (Github), CSPM (Wiz, Orca), Pen Testing (Synack, HackerOne), EDR (CrowdStrike), OT (Nozomi), and ASM (SecurityScorecard, Censys). For a complete list, visit our integrations page. Note: Some integrations may require additional configuration or licensing.

Does Nucleus offer an API for custom integrations and reporting?

Yes, Nucleus provides an API that allows users to interact with the Nucleus Database for custom dashboards, real-time reporting, and integration with third-party tools such as SIEM and SOAR. API documentation is available at our API documentation page. Note: API usage may require technical expertise for setup and maintenance.

Implementation & Support

How long does it take to implement Nucleus, and what is the onboarding experience?

Nucleus can be operational within 90 days, as demonstrated by the US State Agency case study. Prebuilt connectors and reusable templates enable onboarding in hours instead of weeks. The platform offers step-by-step guides, video tutorials, and a dedicated support portal. Customer Success Managers and a responsive technical support team assist throughout implementation. Note: Implementation timelines may vary based on organizational complexity and integration requirements.

What technical documentation and resources are available for Nucleus?

Technical resources include API documentation (API docs), FlexConnect Framework setup guides (FlexConnect docs), a help and support portal (help.nucleussec.com), and quickstart onboarding guides (Quickstart). Note: Some advanced documentation may require registration or partnership access.

What kind of customer support does Nucleus provide?

Nucleus includes standard product support at no additional cost, with access to a dedicated support portal and responsive technical support. Customer Success Managers assist with implementation and ongoing troubleshooting. Note: Premium support options may be available for enterprise customers; inquire for details.

Performance & Results

What measurable results have organizations achieved with Nucleus?

Organizations have reported reducing manual vulnerability analysis and triage by 80%, achieving real-time statewide cyber risk visibility, and reducing high-risk vulnerabilities by 50% within three months (US State Agency case study). Other customers have reduced critical vulnerabilities by up to 86% and improved mean-time-to-remediate. Note: Results may vary based on organizational size, complexity, and existing processes.

How does Nucleus improve operational efficiency and risk reduction?

Nucleus centralizes visibility into vulnerabilities, exposures, and assets, automates dozens of workflows, and replaces manual spreadsheets with dashboards and scheduled reports. This enables faster remediation, improved risk posture, and continuous monitoring. Note: Efficiency gains depend on the degree of automation and integration achieved during implementation.

Security & Compliance

What security and compliance certifications does Nucleus hold?

Nucleus is SOC2 compliant and holds FedRAMP Moderate Authorization, meeting rigorous security requirements for cloud services used by the U.S. Federal Government. It also warrants compliance with applicable laws and regulations under its Master Service Agreement. Note: Certifications may not cover all industry-specific requirements; verify with your compliance team.

How does Nucleus support compliance frameworks and regulatory requirements?

Nucleus automates compliance framework controls and requirements, supporting standards such as NIST, FedRAMP, CISA, and PCI DSS Requirement 6. It simplifies adherence to regulatory standards and audit readiness. Note: Organizations with highly specialized compliance needs may require additional customization.

Customer Proof & Success Stories

Can you share specific case studies or success stories of customers using Nucleus?

Yes. The US State Agency reduced manual vulnerability analysis and triage by 80% and high-risk vulnerabilities by 50% within three months. Bank of Hope achieved zero critical vulnerabilities, a Tier-1 airline reduced 86% of critical vulnerabilities, and Orange Cyberdefense streamlined vulnerability management and drove higher customer engagement. For more, visit Customer Stories. Note: Outcomes depend on customer engagement and implementation scope.

What industries are represented in Nucleus case studies?

Industries include banking and financial services, airlines, healthcare, cybersecurity services, education, energy and utilities, retail and consumer goods, public sector, and technology. For details, visit Customer Stories. Note: Industry-specific requirements may affect implementation and outcomes.

Limitations & Trade-Offs

Are there any limitations or scenarios where Nucleus may not be the best fit?

While Nucleus offers broad integrations and automation, organizations with highly specialized workflows or legacy systems may require custom enhancements or additional configuration. Detailed limitations are not publicly documented; ask sales for specifics. Note: Always assess your unique requirements before selecting a platform.

CUSTOMER STORY

Transforming Vulnerability and Exposure Management for a US State Agency

US Capitol

Customer Profile

  • US State Government Agency
  • Dozens of sub-agencies
  • Serves millions of citizens
  • Looking to unify, prioritize, and automate response to vulnerabilities and exposures

Executive Summary

The state-level agency is the backbone of IT infrastructure and cybersecurity for dozens of executive branch agencies serving millions of citizens. It ensures essential state functions, such as public safety, health services, and transportation operate smoothly and securely. By adopting advanced technologies, this agency not only safeguards the stateโ€™s digital assets but also sets a national standard for state-level cybersecurity.

In 2023, this agency established a project to modernize its vulnerability management operations. The goal was to address what was preventing the state-level agency and its sub-agencies from improving vulnerability management service level objectives (SLO) and reducing vulnerability-related risk.

Key Results

  • Level of effort for manual vulnerability analysis and triage reduced by 80%
  • Real-time statewide cyber risk visibility for executive leadership
  • Reduced high-risk vulnerabilities by 50% within three months

Before Nucleus, teams spend up to 80% of their time sorting through vulnerability data, leaving little room for remediation. By automating the heavy lifting, Nucleus flips that ratioโ€”enabling teams to focus on fixing high-risk vulnerabilities and reducing their backlog.

Key Challenges

Securing a decentralized network, with dozens of state agencies, posed many unique challenges:

  1. Data Overload: Disparate security scanning tools generated vast amounts of vulnerability and exposure data, making timely analysis and assessment impossible using manual processes.
  2. Emerging Threats: Rapid response to critical vulnerabilities, including zero-day threats, was impeded by the lack of unified threat intelligence across commercial and internal agency feeds.
  3. Remediation Timelines: Manual processes and poor visibility prolonged exposure to high-risk vulnerabilities with remediation timelines regularly missing agency and leadership goals.

The Nucleus Solution

The Nucleus Security unified vulnerability and exposure management platform aggregates, normalizes, and correlates vulnerability data from over 160 scanning tools, asset inventory systems, and threat intelligence sources. Designed for scalability, Nucleus provides security teams with centralized visibility, risk-based prioritization, and workflow automation to accelerate vulnerability remediation and streamline compliance across diverse attack surfaces.

Why They Chose Nucleus

The Agency explored several unified vulnerability management platforms over the course of several months, and ultimately selected Nucleus for three key reasons:

Meeting the Agencyโ€™s Technical Requirements: Nucleus was the only vendor that met requirements for multi-tenancy, third party integrations, scalability, and FedRAMP authorization with support for SaaS and on-premises deployment.

Deep Subject Matter Expertise: The Nucleus team demonstrated deep knowledge in vulnerability management and public sector use cases during a three-month proof-of-value (POV). The Nucleus teamโ€™s expertise was key to helping them navigate the process and organizational changes that were required to modernize the agencyโ€™s vulnerability and exposure management program.

Collaboration Partnership: Nucleus worked closely with the agency to ensure a seamless experienceโ€”from initial discussions to deployment and ongoing support. Our team provided hands-on guidance at every step, ensuring long-term success beyond just implementation.

Nucleus provides security teams with centralized visibility, risk-based prioritization, and workflow automation to accelerate vulnerability remediation and streamline compliance across diverse attack surfaces.

Implementation Experience

Within 90 days, Nucleus was operational and delivering value to the agency:

  • Aggregating, normalizing, and deduplicating all vulnerability, exposure, and asset information generated by the agencyโ€™s vulnerability assessment tool stack.
  • Enriching vulnerability scan data with real-time threat and vulnerability intelligence from over 15 sources. This created an intelligence-led approach to prioritization ensuring that the stateโ€™s sub-agencies were focused on mitigating exposures that pose the highest risk.
  • Automating the manual and error-prone processes that were in place to efficiently deliver vulnerability information to agencies.

Through the implementation, Nucleus worked closely with the agency to develop several custom enhancements. These included:

  • Integrations with vulnerability and asset inventories used by the agency.
  • Custom role-based access control (RBAC) model tailored to grant the access based on unique roles within each sub-agency.
  • State-wide reporting capabilities were created to enable statewide monitoring across all government agencies.

Within six months, Nucleus was fully operational, transforming how the agency monitors vulnerabilities and exposures. State agencies were successfully onboarded and began using Nucleus to analyze, prioritize, and drive remediation for vulnerabilities and security weaknesses identified by scanning tools. The end result was accelerated vulnerability response, lower mean-time-to-remediate (MTTR) vulnerabilities, and a significant reduction of the level of effort spent on vulnerability analysis and triage statewide.

Nucleus Data Core Diagram

Key Features

Nucleus is a comprehensive vulnerability and exposure management platform. Here are some of the key features that helped successfully transform the agencyโ€™s vulnerability management program:

  • Integrations: Nucleus already supported most integrations the agency needed to unify vulnerability, attack surface, and asset inventory data, as well as to create issues/tickets. Nucleus supports over 160 integrations natively and rapidly supports new integrations.
  • Automation: With a small team, the agency manages diverse tools, high volumes of data, and extensive responsibilities. It used the Nucleus automation framework to automate data ingestion, asset ownership assignments, vulnerability prioritization, ticketing, report generation, report delivery, and more. This enabled the agency to scale its workflows without increasing headcount.
  • Multi-tenancy: As a service provider to nearly dozens of agencies, true multi-tenancy was a must for the agency. Built from the ground up to support the multi-tenancy requirements of the intelligence community, Nucleus had all the features that the agency needed to manage data among agencies with full separation, provide granular role-based access within agencies, and maintain statewide visibility and centralized control over the entire platform and information.
  • Vulnerability Intelligence: With a diverse stack of vulnerability scanners and Attack Surface Management (ASM) tools, the agency had multiple sources of vulnerability data reporting different priorities and severity ratings. This made it nearly impossible to prioritize consistently across the full spectrum of vulnerabilities and exposures. Nucleusโ€™ vulnerability intelligence was leveraged to assign risk levels consistently across all sources of vulnerabilities, based on the agencyโ€™s prioritization methodology.

The agency used the Nucleus automation framework to automate data ingestion, asset ownership assignments, vulnerability prioritization, ticketing, report generation, report delivery, and more.

Results & Impact

Operational Improvements

The agency centralized visibility into all vulnerabilities, exposures, and assets. The leadership team now has a real-time view of cyber risk exposure and remediation status across all its executive branch networks, enhancing their continuous monitoring capability. Nucleus has automated dozens of workflows that were previously manual, enabling the agency to scale its operation and deliver results significantly faster. Spreadsheets have been eliminated and replaced with dashboards, on-demand reports, and scheduled reports that answer the questions that the agency needs answered automatically.

Statewide Impact

With Nucleus in place, each agency has an automated, up-to-date, and threat-prioritized list of every vulnerability impacting its systems. By focusing patching and mitigation efforts on high-risk and high-impact vulnerabilities, agencies have improved their overall cybersecurity risk posture, and the organization has the visibility needed to understand the risk posture of the agencies and the state.

Risk Reduction

  • Customized vulnerability prioritization leveraging threat and vulnerability intelligence from Cybersecurity and Infrastructure Security Agency (CISA), Multi-State Information Sharing and Analysis Center (MS ISACs), and other feeds.
  • Significant reduction in the meantime to remediate (aka โ€œdwell timeโ€) of high-risk vulnerabilities and overall improvement of security posture.

Nucleus has automated dozens of workflows that were previously manual, enabling the agency to scale its operation and deliver results significantly faster. Spreadsheets have been eliminated and replaced with dashboards.

The Result

The agency partnered with Nucleus to modernize its vulnerability and exposure management program while streamlining compliance.

The result: faster remediation of critical risk, rapid response to emerging threats, and continuous monitoring of agency and vendor security efficacy tailored to state-specific requirements.

With Nucleus, the agency continues to set the standard for public-sector cybersecurity, ensuring critical exposures are targeted based on the most current intelligence.

Want to See Nucleus in Action?

Watch our demo on-demand.