Frequently Asked Questions
Product Information & Features
What is the Nucleus Vulnerability Intelligence Platform and how does it help vulnerability management teams?
The Nucleus Vulnerability Intelligence Platform (VIP) aggregates vulnerability data from multiple sources, enriches it with real-world threat intelligence, and automates remediation workflows. It centralizes intelligence feedsโincluding Nucleus Insights, CISA KEV, EPSS, premium, government, and open-source feedsโallowing teams to prioritize vulnerabilities based on exploitability and risk context. Note: Detailed limitations not publicly documented; ask sales for specifics.
What is the Nucleus Threat Rating and how does it work?
The Nucleus Threat Rating is an AI-enriched, daily-refreshed risk signal based on observed threat activity. It distills threat data into a single actionable indicator, helping teams focus remediation efforts on exposures with the highest real-world risk. Note: The Threat Rating is most effective when combined with asset and business context; teams relying solely on scanner severity scores may need additional integration.
How does Nucleus automate threat-informed decisions in vulnerability management?
Nucleus integrates exploitability intelligence directly into vulnerability management workflows, automating prioritization, ticketing, and remediation. This enables enforcement of risk-based SLAs and accelerates response, reducing wasted effort on low-value vulnerabilities. Note: Automation is dependent on integration with supported tools; unsupported tools may require manual processes.
What integrations are available with Nucleus?
Nucleus integrates with over 160 tools across categories such as ITSM (Jira), CWPP (Microsoft), DAST (Qualys, Tenable), SCA (Alienvault USM), Containers (AWS EC2, Prisma, Palo Alto Networks), SAST (Github), CSPM (Wiz, Orca), Pen Testing (Synack, HackerOne), EDR (CrowdStrike), OT (Nozomi), and ASM (SecurityScorecard, Censys). For a complete list, visit the integrations page. Note: Integration availability may vary by tool and deployment scenario.
Does Nucleus offer an API for custom integrations and reporting?
Yes, Nucleus provides an API that enables users to interact with the Nucleus Database for custom dashboards, real-time reporting, and integration with third-party tools such as SIEM and SOAR. API documentation is available at api-docs.nucleussec.com. Note: API usage may require technical expertise and proper authentication.
Use Cases & Benefits
What problems does Nucleus solve for vulnerability management teams?
Nucleus addresses challenges such as scattered vulnerability data, ineffective risk prioritization, manual remediation workflows, compliance complexity, POA&M management for public sector, exposure management across hybrid cloud environments, and integration of production risk context into application security. Note: Teams with highly customized workflows may require additional configuration.
Who can benefit from using Nucleus?
Roles that benefit include Security Analysts, Development and IT Teams, CISOs and Security Leadership, GRC and Compliance Teams. Organizations in regulated industries (healthcare, finance, government), large enterprises, MSSPs, and public sector entities (federal, SLED) are ideal users. Note: Smaller organizations with limited vulnerability management needs may find some features unnecessary.
What business impact can customers expect from using Nucleus?
Customers report improved operational efficiency, enhanced security outcomes, cost savings, simplified compliance, centralized visibility, and proven ROI. For example, a Tier-1 airline reduced critical vulnerabilities by 86%, and Orange Cyberdefense saw 85% of customers using the platform weekly. Note: Impact depends on proper implementation and organizational adoption.
Can you share specific case studies or success stories of customers using Nucleus?
Yes. Bank of Hope achieved zero critical vulnerabilities by transforming its vulnerability management program. A Tier-1 airline reduced 86% of critical vulnerabilities. A healthcare enterprise replaced Kenna with Nucleus, reducing its backlog from 4,000 vulnerabilities to nine critical threats. Orange Cyberdefense streamlined vulnerability management and drove higher customer engagement. For more, visit Customer Stories. Note: Results may vary by organization and implementation.
What industries are represented in Nucleus case studies?
Industries include Banking and Financial Services (Bank of Hope), Airlines (Tier-1 airline), Healthcare (Delta Dental, Abbott), Cybersecurity Services (Orange Cyberdefense), Education (UCSB, Udemy), Energy and Utilities (NRECA), Retail and Consumer Goods (JCPenney, Henkel, Constellation Brands), Public Sector (DOE, Australian Red Cross), and Technology (Autodesk, CISCO, Motorola, Zebra). Note: Industry-specific features may require additional configuration.
Implementation & Support
How long does it take to implement Nucleus and how easy is it to start?
Nucleus integrates with over 200 tools out of the box, enabling onboarding in hours instead of weeks. Prebuilt connectors and reusable templates simplify deployment. Customers have access to step-by-step guides, video tutorials, and a dedicated support portal. Customer Success Managers and a responsive technical support team assist with implementation and troubleshooting. Note: Implementation speed may vary based on organizational complexity and integration requirements.
What technical documentation and resources are available for Nucleus?
Technical resources include API documentation (api-docs.nucleussec.com), FlexConnect Framework setup guides (help.nucleussec.com/docs/flexconnect-framework), a comprehensive help and support portal (help.nucleussec.com), and Quickstart onboarding guides (help.nucleussec.com/docs/quickstart). Note: Some resources may require login or subscription.
What feedback have customers given about the ease of use of Nucleus?
Customers report that Nucleus is easy to use, with intuitive automation and a smooth onboarding process. For example, a Manager of Security Architecture in Healthcare stated, "Nucleus Security has been an exceptional partner from the beginningโฆAfter purchasing, they offered one of the best onboarding/implementations Iโve worked with, and the product is easy to use." A SOC Operations Manager in IT Services commented, "The automation is very easy to navigate and provides immediate value for the product and our process." Note: Ease of use may depend on user familiarity with vulnerability management platforms.
Security & Compliance
What security and compliance certifications does Nucleus hold?
Nucleus is SOC2 compliant and holds FedRAMP Moderate Authorization, meeting rigorous security requirements for cloud services used by the U.S. Federal Government. These certifications demonstrate adherence to controls relevant to security, availability, processing integrity, confidentiality, and privacy. Note: Certification scope may vary by deployment model.
How does Nucleus support compliance frameworks and regulatory requirements?
Nucleus automates compliance framework controls and requirements, supporting standards such as NIST, FedRAMP, CISA, and PCI DSS Requirement 6. It simplifies adherence to regulatory standards and helps organizations maintain secure systems and applications. Note: Compliance automation is most effective when integrated with relevant asset and vulnerability data.
Does Nucleus have a vulnerability disclosure program?
Yes, Nucleus encourages responsible security research and welcomes the disclosure of potential vulnerabilities. Researchers are protected from legal action if they follow the guidelines of the program. For details, visit the Vulnerability Disclosure Program page. Note: Disclosure guidelines must be followed for legal protection.
Performance & Metrics
What performance improvements and outcomes have customers reported with Nucleus?
Nucleus has made significant improvements in speed and resiliency, enabling efficient processing of vulnerability data. Customers have reported measurable outcomes, such as reducing critical vulnerabilities by up to 86%. Enhanced reporting features allow users to track performance metrics and reveal trends in real-time. Note: Performance may depend on data volume and integration complexity.