Frequently Asked Questions

Product Overview & Use Cases

What is the primary purpose of the Nucleus Security platform?

The Nucleus Security platform is designed to simplify and enhance vulnerability management by creating a centralized command center for vulnerability analysis, triage, and remediation. It unifies existing tools within an organization's security infrastructure to streamline operations and improve security outcomes. Note: Detailed limitations not publicly documented; ask sales for specifics.

What problems does Nucleus solve for organizations?

Nucleus addresses challenges such as scattered vulnerability data, inefficient risk prioritization, manual remediation workflows, compliance complexity, POA&M management for federal and public sector entities, exposure management across large enterprises and hybrid cloud environments, and integrating production risk context into application security. Note: Best fit for organizations seeking centralized vulnerability management; teams needing highly specialized niche integrations may want to confirm compatibility.

Who can benefit from using Nucleus?

Roles include Security Analysts, Development and IT Teams, CISOs and Security Leadership, GRC and Compliance Teams. Companies in regulated industries (healthcare, finance, government), large enterprises, Managed Security Service Providers (MSSPs), and public sector entities (federal, state, local, education) are typical users. Note: Smaller organizations with limited vulnerability management needs may find the platform's scale unnecessary.

Features & Capabilities

What are the key features of Nucleus?

Nucleus offers vulnerability aggregation from multiple tools, risk-based prioritization using asset context and threat intelligence, automation of remediation workflows (including ticketing and ownership assignment), compliance framework automation (NIST, FedRAMP, CISA), POA&M compliance automation, cloud and application security integration, asset management, and AI-powered threat intelligence enrichment. Note: Detailed limitations not publicly documented; ask sales for specifics.

Does Nucleus support integrations with other security tools?

Yes, Nucleus integrates with over 160 tools, including Jira (ITSM), Microsoft (CWPP), Qualys and Tenable (DAST), Alienvault USM (SCA), AWS EC2, Prisma, Palo Alto Networks (Containers), Github (SAST), Wiz and Orca (CSPM), Synack and HackerOne (Pen Testing), CrowdStrike (EDR), Nozomi (OT), SecurityScorecard and Censys (ASM). For a complete list, visit the integrations page. Note: Some niche or proprietary tools may require custom integration; confirm with Nucleus support.

Does Nucleus offer an API for custom integrations and reporting?

Yes, Nucleus provides an API that enables users to interact with the Nucleus Database for custom dashboards, real-time reporting, and integration with SIEM, SOAR, and other security tools. API documentation is available at api-docs.nucleussec.com. Note: API usage may require technical expertise for advanced integrations.

What technical documentation and resources are available for Nucleus?

Technical resources include API documentation (api-docs.nucleussec.com), FlexConnect Framework setup guides (help.nucleussec.com/docs/flexconnect-framework), a support portal (help.nucleussec.com), and Quickstart onboarding guides (help.nucleussec.com/docs/quickstart). Note: Some advanced features may require additional support or consultation.

Performance & Implementation

How quickly can Nucleus be implemented?

Nucleus integrates with over 200 tools out of the box, enabling onboarding in hours instead of weeks. Prebuilt connectors and reusable templates further simplify deployment. Note: Implementation speed may vary for highly customized environments.

What feedback have customers provided about the ease of use of Nucleus?

Customers report that Nucleus is easy to use, with intuitive automation and a smooth onboarding process. For example, a Manager of Security Architecture in Healthcare stated, "Nucleus Security has been an exceptional partner from the beginningโ€ฆAfter purchasing, they offered one of the best onboarding/implementations Iโ€™ve worked with, and the product is easy to use." A SOC Operations Manager in IT Services commented, "The automation is very easy to navigate and provides immediate value for the product and our process." Note: User experience may vary based on organizational complexity and technical expertise.

Security & Compliance

What security and compliance certifications does Nucleus hold?

Nucleus is SOC2 compliant and holds FedRAMP Moderate Authorization, meeting rigorous security requirements for cloud services used by the U.S. Federal Government. Note: For organizations requiring additional certifications, confirm with Nucleus for the latest compliance status.

How does Nucleus help organizations meet compliance requirements?

Nucleus automates compliance framework controls and requirements for standards such as NIST, FedRAMP, and CISA. It also supports PCI DSS Requirement 6 and automates POA&M compliance for federal and SLED entities. Note: Compliance automation is best fit for organizations with established regulatory requirements; custom frameworks may require additional configuration.

CISA KEV Enrichment & Threat Intelligence

What is the CISA KEV Enrichment Dashboard and how does it help?

The CISA KEV Enrichment Dashboard by Nucleus cross-references the CISA Known Exploited Vulnerabilities catalog with additional threat intelligence sources such as CVSS, EPSS, and GreyNoise. This enables organizations to prioritize and remediate vulnerabilities based on real-world exploitation data, CVSS severity scores, exploit prediction probabilities, and active scanning traffic. Note: GreyNoise does not cover all CVEs in CISA KEV; enrichment coverage may vary.

How does Nucleus incorporate threat intelligence into vulnerability prioritization?

Nucleus integrates threat intelligence feeds from CISA KEV, CVSS, EPSS, GreyNoise, and Recorded Future to enrich vulnerability data. This allows organizations to prioritize remediation based on active exploitation, severity scores, and exploit prediction probabilities. Note: Only a small subset (2%-7%) of published vulnerabilities are ever seen to be exploited in the wild; additional intelligence sources are recommended for broader coverage.

Business Impact & Customer Proof

What measurable outcomes have customers achieved with Nucleus?

Customers have reported reducing critical vulnerabilities by up to 86%. For example, a Tier-1 airline reduced 86% of its critical vulnerabilities, and Bank of Hope achieved zero critical vulnerabilities by transforming its vulnerability management program. Orange Cyberdefense saw 85% of its customers using Nucleus weekly to reduce exposure. Note: Results may vary based on organizational size, complexity, and implementation scope.

Which industries are represented in Nucleus case studies?

Industries include banking and financial services, airlines, healthcare, cybersecurity services, education, energy and utilities, retail and consumer goods, public sector, and technology. For more details, visit the Customer Stories page. Note: Industry-specific needs may require tailored solutions; consult Nucleus for sector-specific capabilities.

Who are some of Nucleus's customers?

Named customers include Autodesk, CISCO, Motorola, Zebra, Delta Dental, Abbott, University of California Santa Barbara (UCSB), Udemy, Department of Energy (DOE), Australian Red Cross, JCPenney, Henkel, Constellation Brands, Paychex, Marathon, American Airlines, Australia Post, and Premier League. For a comprehensive list, visit the platform page. Note: Customer fit may depend on organization size and security requirements.

Support & Implementation

What support resources are available to Nucleus customers?

Standard product support is included at no additional cost, with access to a dedicated support portal (help.nucleussec.com) and responsive technical support. Customer Success Managers assist with implementation and troubleshooting. Note: Support levels may vary for custom deployments; verify with Nucleus for enterprise support options.

NUCLEUS GUIDE

Guide to CISA KEV Enrichment

Guide to CISA KEV Enrichment

At Nucleus, we are continually researching ways that organizations can leverage threat intelligence for smarter vulnerability prioritization.ย ย ย ย 

In November 2021, CISA issuedย BOD 22-01ย โ€” a binding operational directive aimed at reducing the significant risk of known exploited vulnerabilities in the cybersecurity landscape. As part of this directive, federal agencies are required to remediate vulnerabilities within a specific frame of time that is determined by CISA, based on the criticality of the vulnerability.ย 

BINDING OPERATIONAL DIRECTIVE 22-01:ย REDUCING THE SIGNIFICANT RISK OF KNOWN EXPLOITED VULNERABILITIES

โ€œThe United States faces persistent and increasingly sophisticated malicious cyber campaigns that threaten the public sector, the private sector, and ultimately the American peopleโ€™s security and privacy. The federal government must improve its efforts to protect against these campaigns by ensuring the security of information technology assets across the federal enterprise. Vulnerabilities that have previously been used to exploit public and private organizations are a frequent attack vector for malicious cyber actors of all types. These vulnerabilities pose significant risk to agencies and the federal enterprise. It is essential to aggressively remediate known exploited vulnerabilities to protect federal information systems and reduce cyber incidents.

This directive establishes a CISA-managed catalog of known exploited vulnerabilities that carry significant risk to the federal enterprise https://cisa.gov/known-exploited-vulnerabilities and establishes requirements for agencies to remediate any such vulnerabilities included in the catalog. CISA will determine vulnerabilities warranting inclusion in the catalog based on reliable evidence that the exploit is being actively used to exploit public or private organizations by a threat actor.โ€ โ€”ย CISA.gov

As part of the BOD 22-01 initiative, CISA also created a publicly available threat intelligence feed that is known today as theย CISA KEV (Known Exploitable Vulnerabilities) Catalog.ย This list is an incredibly valuable vulnerability intelligence source created for organizations who are looking to reduce their attack surface and exposure.ย 

There are approximately 200k known CVE vulnerabilities, of which only a small subset has been confirmed by CISA as being exploited. With the CISA KEV catalog actively only having less than .5% (839/197569) of all identified CVE vulnerabilities, this is a high impact list that is an efficient and free way to prioritize remediation of what are some of the riskiest vulnerabilities, as confirmed by CISA as having been or actively exploited.

Given that CISA KEVโ€™s threat intelligence feed is an incredibly trustable source coming directly from the US government, we quickly decided to work the feedย into our own Nucleus serviceย so that we could enable federal and commercial organizations alike to use these valuable threat intelligence findings in their own vulnerability prioritization and remediation.

As we began researching the vulnerabilities listed in the CISA KEV catalog, our security research team at Nucleus ran into several questions as they began facing the extremely limited data that was limited to just a few informational fields:

  • How often is CISA adding new vulnerabilities to their KEV list and how are they prioritizing them?
  • Are there certain indicators that researchers can use to predict whether a vulnerability is likely to be added to the list?
  • How should things likeย exploitation traffic be used to further prioritize vulnerability remediation?

Prioritizing vulnerability remediation using threat intelligence should be a key priority for any organization looking to quickly eliminate vulnerabilities that pose the highest risks. CISA KEV is not only highly trusted and freely available to all, but the low barrier to entry makes it a great place for any organization to start considering how threat intelligence can be incorporated into their vulnerability management program.ย 

Once an organization has implemented vulnerability scanning across their network, applications, and cloud, CISA KEV can then be used to identify what known exploitable vulnerabilities exist within the environment which will provide a focused list on where to prioritize remediation efforts.ย 

Once you get a handle on CISA KEV, we also believe itโ€™s incredibly important to consider incorporating vulnerability threat intelligence beyond a single source. โ€œOnly a small subset (2%-7% of published vulnerabilities are ever seen to be exploited in the wild.โ€, says EPSS. Considering CISAย KEV only covers approximately .5% of the total number of CVEโ€™s, itโ€™s a great place to start focusing your efforts but we strongly recommend considering incorporating additional vulnerability intelligence sources to identify a broader set of exploitable vulnerabilities, such as GreyNoise, Recorded Future, and other sources.

Enrichment Vendors

What truly sets our CISA KEV Enrichment Dashboard apart from the baseline information provided in the CISA KEV list is the multiple enrichment columns we have added fromย CVSS,โ€ฏEPSS, andโ€ฏGreyNoiseโ€ฏThreat Intelligence, which layer additional intelligence on top of each CVE to help organizations better prioritize and remediate each vulnerability.

CVSS

The Common Vulnerability Scoring System (CVSS) is an open framework for communicating the characteristics and severity of software vulnerabilities that is maintained byย NISTโ€™s National Vulnerability Database. CVSS produces a score ranging from 0 to 10 and categorizes these ratings as None, Low, Medium, High and Critical.

EPSS

Theย Exploit Prediction Scoring System (EPSS)ย is an open, data-driven effort for estimating the probability that a software vulnerability will be exploited in the wild. EPSS fills that gap because it uses current threat information from CVE and real-world exploit data. The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

GreyNoise Threat Intelligence

GreyNoise provides this insight by monitoring and analyzing scanning and exploitation traffic around the world via their global passive sensor network. Threat intelligence like this provides further validation in the value of using multiple threat feeds for discovering exploitation which should be used to prioritize vulnerability remediation.ย 

  • GreyNoise Trafficย โ€“ This field shows the number of unique IP addresses actively scanning for this specific CVE in the past 90-days.ย 
  • GreyNoise Tagย โ€“ This field links to the GreyNoise Tag Trends page for each CVE, providing a time-series look at active exploitation traffic (note โ€“ GreyNoise does not cover all the CVEs in CISA KEV)ย 

Most Featured Vendors

  • The top five most featured vendors on the CISA KEV list include Microsoft (with 241 vulnerabilities), Adobe, Cisco, Apple and Google, making up more than 53% of all vendors included.
  • Certain brands, like Apple, carry a perception that just buying and using them will keep you secure. As we see from the CISA KEV list, you also must keep them up to date.
Top Vendors CISA KEV Dashboard

Most Featured Products

โ— The top five most featured products on the CISA KEV list include Microsoft Windows, Adobe Flash Player, Microsoft Internet Explorer, Microsoft Office, and Google Chrome.
โ— Avoiding Microsoft Windows, Microsoft Office, and Google Chrome is more practical for some than others, and it is important to note that the alternatives to Windows and Chrome, at the very least, are also on this list.

Top 5 Products CISA KEV

How to Identify, Prioritize, and Remediate Exploitable Vulnerabilities on the CISA Kev Listย 

CISA KEV provides a great place to start making progress at reducing an organizationโ€™s risk. By following a simple course of action, such as the four steps below, organizations can make meaningful progress toward a more mature vulnerability management program that starts by leading with intelligence.ย 

  1. Scan and identify which assets in your environment have known vulnerabilities that CISA has confirmed as being exploited in the wild
  2. Automate remediation workflows to assign SLAs for remediationย 
  3. Integrate Remediation workflows with existing ticketing systems such as ServiceNow and Jiraย 
  4. Measure CISA KEV due date SLAs to ensure federal compliance mandatesย 
However, using the CISA KEV data to accomplish the four steps above is only the beginning. You are still missing out on key information such as whether or not a vulnerability is still being exploited or if it was simply a one time exploit. Nucleus helps provide the context that you are missing by incorporating additional threat intelligence sources such as GreyNoise and Recorded Future to add additional insight into exploited vulnerabilities.

How Nucleus Can Help

Itโ€™s obvious to us that CISA and the US government understand the importance of sharing the vulnerability intelligence they have not only with federal agencies, but also making the threat intelligence available for all to incorporate and act on. They have made this evident through their CISA KEV catalog, which remainsย a trusted, free, and reasonable sized list of vulnerabilities that every organization should strongly consider using to prioritize vulnerability remediation.

Nucleus not only helps you identify which assets in your environment have been flagged as CISA Known Exploited Vulnerabilities, but we also help you cross reference the data that CISA provides with threat intelligence, CVSS, and more to help you better understand every vulnerabilityโ€™s risk to your environment.

Want to learn more about the CISA KEV use cases within our Nucleus Security platform?ย Click here.