Frequently Asked Questions

Product Information & Features

What is the Nucleus Vulnerability Intelligence Platform and how does it help vulnerability management teams?

The Nucleus Vulnerability Intelligence Platform (VIP) aggregates vulnerability data from multiple sources, enriches it with real-world threat intelligence, and automates remediation workflows. It centralizes intelligence feedsโ€”including Nucleus Insights, CISA KEV, EPSS, premium, government, and open-source feedsโ€”allowing teams to prioritize vulnerabilities based on exploitability and risk context. Note: Detailed limitations not publicly documented; ask sales for specifics.

What is the Nucleus Threat Rating and how does it work?

The Nucleus Threat Rating is an AI-enriched, daily-refreshed risk signal based on observed threat activity. It distills threat data into a single actionable indicator, helping teams focus remediation efforts on exposures with the highest real-world risk. Note: The Threat Rating is most effective when combined with asset and business context; teams relying solely on scanner severity scores may need additional integration.

How does Nucleus automate threat-informed decisions in vulnerability management?

Nucleus integrates exploitability intelligence directly into vulnerability management workflows, automating prioritization, ticketing, and remediation. This enables enforcement of risk-based SLAs and accelerates response, reducing wasted effort on low-value vulnerabilities. Note: Automation is dependent on integration with supported tools; unsupported tools may require manual processes.

What integrations are available with Nucleus?

Nucleus integrates with over 160 tools across categories such as ITSM (Jira), CWPP (Microsoft), DAST (Qualys, Tenable), SCA (Alienvault USM), Containers (AWS EC2, Prisma, Palo Alto Networks), SAST (Github), CSPM (Wiz, Orca), Pen Testing (Synack, HackerOne), EDR (CrowdStrike), OT (Nozomi), and ASM (SecurityScorecard, Censys). For a complete list, visit the integrations page. Note: Integration availability may vary by tool and deployment scenario.

Does Nucleus offer an API for custom integrations and reporting?

Yes, Nucleus provides an API that enables users to interact with the Nucleus Database for custom dashboards, real-time reporting, and integration with third-party tools such as SIEM and SOAR. API documentation is available at api-docs.nucleussec.com. Note: API usage may require technical expertise and proper authentication.

Use Cases & Benefits

What problems does Nucleus solve for vulnerability management teams?

Nucleus addresses challenges such as scattered vulnerability data, ineffective risk prioritization, manual remediation workflows, compliance complexity, POA&M management for public sector, exposure management across hybrid cloud environments, and integration of production risk context into application security. Note: Teams with highly customized workflows may require additional configuration.

Who can benefit from using Nucleus?

Roles that benefit include Security Analysts, Development and IT Teams, CISOs and Security Leadership, GRC and Compliance Teams. Organizations in regulated industries (healthcare, finance, government), large enterprises, MSSPs, and public sector entities (federal, SLED) are ideal users. Note: Smaller organizations with limited vulnerability management needs may find some features unnecessary.

What business impact can customers expect from using Nucleus?

Customers report improved operational efficiency, enhanced security outcomes, cost savings, simplified compliance, centralized visibility, and proven ROI. For example, a Tier-1 airline reduced critical vulnerabilities by 86%, and Orange Cyberdefense saw 85% of customers using the platform weekly. Note: Impact depends on proper implementation and organizational adoption.

Can you share specific case studies or success stories of customers using Nucleus?

Yes. Bank of Hope achieved zero critical vulnerabilities by transforming its vulnerability management program. A Tier-1 airline reduced 86% of critical vulnerabilities. A healthcare enterprise replaced Kenna with Nucleus, reducing its backlog from 4,000 vulnerabilities to nine critical threats. Orange Cyberdefense streamlined vulnerability management and drove higher customer engagement. For more, visit Customer Stories. Note: Results may vary by organization and implementation.

What industries are represented in Nucleus case studies?

Industries include Banking and Financial Services (Bank of Hope), Airlines (Tier-1 airline), Healthcare (Delta Dental, Abbott), Cybersecurity Services (Orange Cyberdefense), Education (UCSB, Udemy), Energy and Utilities (NRECA), Retail and Consumer Goods (JCPenney, Henkel, Constellation Brands), Public Sector (DOE, Australian Red Cross), and Technology (Autodesk, CISCO, Motorola, Zebra). Note: Industry-specific features may require additional configuration.

Implementation & Support

How long does it take to implement Nucleus and how easy is it to start?

Nucleus integrates with over 200 tools out of the box, enabling onboarding in hours instead of weeks. Prebuilt connectors and reusable templates simplify deployment. Customers have access to step-by-step guides, video tutorials, and a dedicated support portal. Customer Success Managers and a responsive technical support team assist with implementation and troubleshooting. Note: Implementation speed may vary based on organizational complexity and integration requirements.

What technical documentation and resources are available for Nucleus?

Technical resources include API documentation (api-docs.nucleussec.com), FlexConnect Framework setup guides (help.nucleussec.com/docs/flexconnect-framework), a comprehensive help and support portal (help.nucleussec.com), and Quickstart onboarding guides (help.nucleussec.com/docs/quickstart). Note: Some resources may require login or subscription.

What feedback have customers given about the ease of use of Nucleus?

Customers report that Nucleus is easy to use, with intuitive automation and a smooth onboarding process. For example, a Manager of Security Architecture in Healthcare stated, "Nucleus Security has been an exceptional partner from the beginningโ€ฆAfter purchasing, they offered one of the best onboarding/implementations Iโ€™ve worked with, and the product is easy to use." A SOC Operations Manager in IT Services commented, "The automation is very easy to navigate and provides immediate value for the product and our process." Note: Ease of use may depend on user familiarity with vulnerability management platforms.

Security & Compliance

What security and compliance certifications does Nucleus hold?

Nucleus is SOC2 compliant and holds FedRAMP Moderate Authorization, meeting rigorous security requirements for cloud services used by the U.S. Federal Government. These certifications demonstrate adherence to controls relevant to security, availability, processing integrity, confidentiality, and privacy. Note: Certification scope may vary by deployment model.

How does Nucleus support compliance frameworks and regulatory requirements?

Nucleus automates compliance framework controls and requirements, supporting standards such as NIST, FedRAMP, CISA, and PCI DSS Requirement 6. It simplifies adherence to regulatory standards and helps organizations maintain secure systems and applications. Note: Compliance automation is most effective when integrated with relevant asset and vulnerability data.

Does Nucleus have a vulnerability disclosure program?

Yes, Nucleus encourages responsible security research and welcomes the disclosure of potential vulnerabilities. Researchers are protected from legal action if they follow the guidelines of the program. For details, visit the Vulnerability Disclosure Program page. Note: Disclosure guidelines must be followed for legal protection.

Performance & Metrics

What performance improvements and outcomes have customers reported with Nucleus?

Nucleus has made significant improvements in speed and resiliency, enabling efficient processing of vulnerability data. Customers have reported measurable outcomes, such as reducing critical vulnerabilities by up to 86%. Enhanced reporting features allow users to track performance metrics and reveal trends in real-time. Note: Performance may depend on data volume and integration complexity.

VULNERABILITY THREAT INTELLIGENCE

Turn Threat Intelligence into Action for Vulnerability Management Teams

Consolidate intelligence feeds, apply the Nucleus Threat Rating, and prioritize vulnerabilities based on real-world exploitability.

Vulnerability Intelligence Dashboard - Threat Intelligence and Vulnerability Management Vulnerability Intelligence Dashboard

Integrated Threat Intelligence for Smarter Vulnerability Management

Nucleus offers a unified threat intelligence and vulnerability management solution, helping organizations centralize vulnerability data, enrich it with real-world threat feeds, and automate remediation workflows.

The Three Pillars of Threat Intelligence for Vulnerability Management

Centralize Threat Feeds in the Nucleus Platform

Aggregate Nucleus Insights, CISA KEV, EPSS, premium, government, and open-source feeds in one platform.

Prioritize with Nucleus Threat Rating

The Nucleus Threat Rating is an AI-enriched, daily-refreshed risk signal based on observed threat activity that drives threat-informed action.

Automate Threat-informed Decisions

Integrate exploitability intelligence into your vulnerability management workflows.

NUCLEUS INSIGHTS

Threat Intelligence for Vulnerability Management Teams

Leverage AI-powered, analyst curated threat intelligence embedded in your vulnerability management workflows. Scale your vulnerability and exposure management program with operational exploitability insights.ย ย 

Nucleus Insights

NUCLEUS THREAT RATING

Prioritize with a Real-World Risk Indicator

Distill AI-enriched threat data into a single, actionable signal with the Nucleus Threat Rating. Ensure your teams focus on and rapidly respond to existential exposures first.

Threat Rating Graphic

ACTIONABLE EXPLOITATION FLAGS

Translate Intelligence into Action

Turn vulnerability threat intelligence into decision-ready insights. Automate workflows that pin-point risks that are actively exploited, used in ransomware, and vulnerability chains.

Exploitation Flags

THREAT-INFORMED AUTOMATION

From Intelligence to Remediation at Scale

Integrate threat intelligence directly into prioritization, ticketing, and remediation workflows. Enforce risk-based SLAs and accelerate response while reducing wasted effort on low-value vulnerabilities.

ย 

Custom intelligence radar graphic

Exposure Prioritization with Vulnerability Threat Intelligence

Exposure prioritization with threat intelligence enables security leaders to direct remediation efforts toward the risks that pose the greatest threat. Rather than relying solely on severity scores, this approach incorporates real-world intelligence like active exploitation, weaponized vulnerabilities,ย  and adversary activity to determine which exposures are most likely to impact operations.

Nucleus brings together threat intelligence, asset criticality, and business context to provide a clear, defensible view of enterprise risk. This allows security leaders to justify remediation priorities, allocate resources with confidence, and demonstrate measurable risk reduction to stakeholders and the board.

See Nucleus in Action

Discover how unified, risk-based automation can transform your vulnerability management.