Want a hardcopy to share? Download as PDF
- Large U.S. Private University
- 2,000+ Employees
- 10,000+ Students
- Seeking a tool to automate VM processes and work more efficiently.
- Interview: Vulnerability Analyst
EXECUTIVE SUMMARY
- A large private University System in the U.S. with 2,000+ employees and 10,000 students, was seeking a tool to automate VM processes and work more efficiently.
- The tool needed to integrate with a complex security stack with many embedded solutions, while eliminating manual processes and spreadsheets.
- Following 7 months of vendor evaluations across 15 tools, the University concluded that Nucleus best met the criteria, ‘playing nicely’ with all integrations, offering superior asset flexibility, and at a more reasonable cost than other contenders.
- The decision to onboard Nucleus saved the University countless man-hours and budget dollars, surpassing expectations by partnering closely with stakeholders to build the program they needed in the context of their security ecosystem.
THE
CHALLENGE
“Our biggest challenge prior to adopting Nucleus was the sheer volume of manual work and complete lack of automation.”
“We knew there had to be a better, more efficient method of compiling data, tracking, and remediating vulnerabilities.”
“There was maybe one other platform that deserved consideration. But, they were so unrealistically expensive, even for an enterprise of our size to pay, it made no sense.”
EVALUATION
AND
EVOLUTION
Determined to find a tool that could offer effective automation and save precious man-hours, the security team set out on a comprehensive vendor review, compiling a list of 15 solutions across both established and newer-to-market vendors. Across seven months, the team dove deep into the capabilities of each, heavily weighting four key components:
- Integrations
- Flexibility
- Price
- Customer Service
Integrations. A key tenet to their search, the University was already invested in several scanning and security solutions that they wanted to maintain. They quickly learned many of the prospective vendors offered scanning capabilities of their own, which the University would be forced to adopt instead.
“Nucleus was one of the few solutions we looked at that ‘played well’ with everyone and was not going to force us to use one product over another.”
Flexibility. Another key point for Nucleus: flexibility with assets. The University wanted to leverage data from their entire suite of tools, while having plasticity to shape prioritization based on their unique business context.
“With Nucleus, we were able to adjust risk scores of assets, change criticality of vulnerabilities, and keep notes on our individual assets in a form other than a tag. We needed that.”
Pricing. While functionality was paramount to pricing, the University remained budget conscious. Finding that prices varied wildly from vendor to vendor, they were pleasantly surprised with the transparency and affordability of Nucleus, without sacrificing functionality.
“Being a higher educational institution, budget is always a concern. Nucleus was competitive in its pricing, saving us more on budget than its competitors, while offering more product features that were important to us.”
Customer Service. As a final key component to the evaluation, the University valued collaboration and wanted a partnership to help evolve their vulnerability management program, recognizing that ‘cookie-cutter’ wasn’t going to be the right approach.
“Customer service is a big focus for us, and Nucleus has exceeded our expectations. From the early stages of product demo, they were clear in what their product could and could not do and letting us know what was on their roadmap. Many companies will promise you the world to get you in the door and leave you hanging after. The team at Nucleus continue to this day to follow up to see how things are going and to address any issues.”
SEE WHY CUSTOMERS LOVE WORKING WITH US
THE
RESULTS
Nucleus is now the central source of data for “everything” at the enterprise’s security operations, and has expanded in scope and adoption into other business units. By having a complete picture of their assets in one shared platform, developers can better prioritize their work while also giving product managers insight and focus to optimize the security posture of their product.
“We set out to give power to the developers to visualize their data. We really wanted to remove the smoke and mirrors and put the security data directly in their hands without a middleman. Nucleus helped transform everyone into one large team, where everyone feels accountable for security.”
Nucleus helped shift the culture by bringing vast sets of data from disparate tools into a central hub and giving users that information across function. Using the Nucleus platform for unified vulnerability management enabled the enterprise to get vital security information out from behind the curtain of the security team and into the hands and desktops of the developer team. Developers now take direct responsibility for security in their area and can act on the information in their lane.
“Nucleus cares and wants to build with you as a customer. I wish I would’ve found them sooner!”