Frequently Asked Questions
Product Overview & Use Cases
What is the primary purpose of the Nucleus Security platform?
The Nucleus Security platform is designed to simplify and enhance vulnerability management by creating a centralized command center for vulnerability analysis, triage, and remediation. It unifies existing tools within an organization's security infrastructure to streamline operations and improve security outcomes. Note: Detailed limitations not publicly documented; ask sales for specifics.
What problems does Nucleus solve for organizations?
Nucleus addresses challenges such as scattered vulnerability data, inefficient risk prioritization, manual remediation workflows, compliance complexity, POA&M management for federal and public sector entities, exposure management across large enterprises and hybrid cloud environments, and integrating production risk context into application security. Note: Best fit for organizations seeking centralized vulnerability management; teams needing highly specialized niche integrations may want to confirm compatibility.
Who can benefit from using Nucleus?
Roles include Security Analysts, Development and IT Teams, CISOs and Security Leadership, GRC and Compliance Teams. Companies in regulated industries (healthcare, finance, government), large enterprises, Managed Security Service Providers (MSSPs), and public sector entities (federal, state, local, education) are typical users. Note: Smaller organizations with limited vulnerability management needs may find the platform's scale unnecessary.
Features & Capabilities
What are the key features of Nucleus?
Nucleus offers vulnerability aggregation from multiple tools, risk-based prioritization using asset context and threat intelligence, automation of remediation workflows (including ticketing and ownership assignment), compliance framework automation (NIST, FedRAMP, CISA), POA&M compliance automation, cloud and application security integration, asset management, and AI-powered threat intelligence enrichment. Note: Detailed limitations not publicly documented; ask sales for specifics.
Does Nucleus support integrations with other security tools?
Yes, Nucleus integrates with over 160 tools, including Jira (ITSM), Microsoft (CWPP), Qualys and Tenable (DAST), Alienvault USM (SCA), AWS EC2, Prisma, Palo Alto Networks (Containers), Github (SAST), Wiz and Orca (CSPM), Synack and HackerOne (Pen Testing), CrowdStrike (EDR), Nozomi (OT), SecurityScorecard and Censys (ASM). For a complete list, visit the integrations page. Note: Some niche or proprietary tools may require custom integration; confirm with Nucleus support.
Does Nucleus offer an API for custom integrations and reporting?
Yes, Nucleus provides an API that enables users to interact with the Nucleus Database for custom dashboards, real-time reporting, and integration with SIEM, SOAR, and other security tools. API documentation is available at api-docs.nucleussec.com. Note: API usage may require technical expertise for advanced integrations.
What technical documentation and resources are available for Nucleus?
Technical resources include API documentation (api-docs.nucleussec.com), FlexConnect Framework setup guides (help.nucleussec.com/docs/flexconnect-framework), a support portal (help.nucleussec.com), and Quickstart onboarding guides (help.nucleussec.com/docs/quickstart). Note: Some advanced features may require additional support or consultation.
Performance & Implementation
How quickly can Nucleus be implemented?
Nucleus integrates with over 200 tools out of the box, enabling onboarding in hours instead of weeks. Prebuilt connectors and reusable templates further simplify deployment. Note: Implementation speed may vary for highly customized environments.
What feedback have customers provided about the ease of use of Nucleus?
Customers report that Nucleus is easy to use, with intuitive automation and a smooth onboarding process. For example, a Manager of Security Architecture in Healthcare stated, "Nucleus Security has been an exceptional partner from the beginningโฆAfter purchasing, they offered one of the best onboarding/implementations Iโve worked with, and the product is easy to use." A SOC Operations Manager in IT Services commented, "The automation is very easy to navigate and provides immediate value for the product and our process." Note: User experience may vary based on organizational complexity and technical expertise.
Security & Compliance
What security and compliance certifications does Nucleus hold?
Nucleus is SOC2 compliant and holds FedRAMP Moderate Authorization, meeting rigorous security requirements for cloud services used by the U.S. Federal Government. Note: For organizations requiring additional certifications, confirm with Nucleus for the latest compliance status.
How does Nucleus help organizations meet compliance requirements?
Nucleus automates compliance framework controls and requirements for standards such as NIST, FedRAMP, and CISA. It also supports PCI DSS Requirement 6 and automates POA&M compliance for federal and SLED entities. Note: Compliance automation is best fit for organizations with established regulatory requirements; custom frameworks may require additional configuration.
CISA KEV Enrichment & Threat Intelligence
What is the CISA KEV Enrichment Dashboard and how does it help?
The CISA KEV Enrichment Dashboard by Nucleus cross-references the CISA Known Exploited Vulnerabilities catalog with additional threat intelligence sources such as CVSS, EPSS, and GreyNoise. This enables organizations to prioritize and remediate vulnerabilities based on real-world exploitation data, CVSS severity scores, exploit prediction probabilities, and active scanning traffic. Note: GreyNoise does not cover all CVEs in CISA KEV; enrichment coverage may vary.
How does Nucleus incorporate threat intelligence into vulnerability prioritization?
Nucleus integrates threat intelligence feeds from CISA KEV, CVSS, EPSS, GreyNoise, and Recorded Future to enrich vulnerability data. This allows organizations to prioritize remediation based on active exploitation, severity scores, and exploit prediction probabilities. Note: Only a small subset (2%-7%) of published vulnerabilities are ever seen to be exploited in the wild; additional intelligence sources are recommended for broader coverage.
Business Impact & Customer Proof
What measurable outcomes have customers achieved with Nucleus?
Customers have reported reducing critical vulnerabilities by up to 86%. For example, a Tier-1 airline reduced 86% of its critical vulnerabilities, and Bank of Hope achieved zero critical vulnerabilities by transforming its vulnerability management program. Orange Cyberdefense saw 85% of its customers using Nucleus weekly to reduce exposure. Note: Results may vary based on organizational size, complexity, and implementation scope.
Which industries are represented in Nucleus case studies?
Industries include banking and financial services, airlines, healthcare, cybersecurity services, education, energy and utilities, retail and consumer goods, public sector, and technology. For more details, visit the Customer Stories page. Note: Industry-specific needs may require tailored solutions; consult Nucleus for sector-specific capabilities.
Who are some of Nucleus's customers?
Named customers include Autodesk, CISCO, Motorola, Zebra, Delta Dental, Abbott, University of California Santa Barbara (UCSB), Udemy, Department of Energy (DOE), Australian Red Cross, JCPenney, Henkel, Constellation Brands, Paychex, Marathon, American Airlines, Australia Post, and Premier League. For a comprehensive list, visit the platform page. Note: Customer fit may depend on organization size and security requirements.
Support & Implementation
What support resources are available to Nucleus customers?
Standard product support is included at no additional cost, with access to a dedicated support portal (help.nucleussec.com) and responsive technical support. Customer Success Managers assist with implementation and troubleshooting. Note: Support levels may vary for custom deployments; verify with Nucleus for enterprise support options.