Frequently Asked Questions

Product Overview & Use Cases

What is Nucleus and how does it help organizations manage vulnerabilities?

Nucleus is a unified vulnerability management platform that aggregates data from existing security tools, providing a centralized command center for vulnerability analysis, triage, and remediation. It automates workflows, prioritizes risks using real-world intelligence, and helps organizations align with compliance frameworks. This approach is especially valuable for enterprises and government agencies seeking to streamline vulnerability discovery and remediation. Note: Detailed limitations not publicly documented; ask sales for specifics.

Who can benefit from using Nucleus?

Nucleus is designed for Security Analysts, Development and IT Teams, CISOs and Security Leadership, GRC and Compliance Teams, and Managed Security Service Providers (MSSPs). It is best suited for organizations in regulated industries (healthcare, finance, government), large enterprises managing complex infrastructures, and public sector entities including federal government and SLED (State, Local, and Education). Note: Teams with highly specialized or legacy systems may require custom integration; consult support for details.

What problems does Nucleus solve for its customers?

Nucleus addresses challenges such as scattered vulnerability data, ineffective risk prioritization, manual remediation workflows, compliance complexity, POA&M management for public sector, exposure management across hybrid cloud environments, and integration of production risk context into application security. Note: Organizations with unique compliance frameworks may need additional customization; contact sales for specifics.

Features & Capabilities

What are the key features of the Nucleus platform?

Key features include vulnerability aggregation from multiple tools, risk-based prioritization using asset context and threat intelligence, automation of remediation workflows, compliance framework automation (NIST, FedRAMP, CISA), POA&M compliance at scale, cloud and application security integration, asset management, and AI-powered threat intelligence enrichment. Note: Some advanced features may require additional configuration or licensing; check documentation for details.

Does Nucleus offer integrations with other tools?

Yes, Nucleus integrates with over 160 tools, including Jira (ITSM), Microsoft (CWPP), Qualys and Tenable (DAST), Alienvault USM (SCA), AWS EC2, Prisma, Palo Alto Networks (Containers), Github (SAST), Wiz and Orca (CSPM), Synack and HackerOne (Pen Testing), CrowdStrike (EDR), Nozomi (OT), SecurityScorecard and Censys (ASM). For a complete list, visit the integrations page. Note: Integration depth may vary by tool; review documentation for compatibility.

Does Nucleus provide an API for custom integrations and reporting?

Yes, Nucleus offers an API that enables users to interact with the Nucleus Database for custom dashboards, real-time reporting, and integration with SIEM, SOAR, and other security tools. API documentation is available at api-docs.nucleussec.com. Note: API usage may require technical expertise; consult support for implementation guidance.

Implementation & Ease of Use

How long does it take to implement Nucleus, and how easy is it to start?

Nucleus integrates with over 200 tools out of the box, enabling onboarding in hours instead of weeks. Prebuilt connectors and reusable templates simplify deployment. Customers have access to step-by-step guides, video tutorials, and a dedicated support portal. Customer Success Managers and a responsive technical support team assist with implementation and troubleshooting. Note: Organizations with highly customized environments may require additional onboarding time.

What feedback have customers provided about the ease of use of Nucleus?

Customers report that Nucleus is easy to use, with intuitive automation and a smooth onboarding process. For example, a Manager of Security Architecture and Threat Management in Healthcare stated, "Nucleus Security has been an exceptional partner from the beginning…After purchasing, they offered one of the best onboarding/implementations I’ve worked with, and the product is easy to use." Another customer noted, "There are no words to describe how much easier it is to manage vulnerabilities using Nucleus." Note: Usability may vary based on team size and technical expertise; trial recommended for evaluation.

Performance & Business Impact

What performance improvements and business impact can customers expect from Nucleus?

Nucleus delivers faster performance, increased resiliency, and customizable dashboards for real-time metrics. Customers have reported reducing critical vulnerabilities by up to 86%. For example, a Tier-1 airline reduced 86% of its critical vulnerabilities, and Bank of Hope achieved zero critical vulnerabilities by transforming its vulnerability management program. Orange Cyberdefense saw 85% of its customers using Nucleus weekly to reduce exposure. Note: Results may vary based on organization size and existing processes.

Security & Compliance

What security and compliance certifications does Nucleus hold?

Nucleus is SOC2 compliant and holds FedRAMP Moderate Authorization, meeting rigorous security requirements for cloud services used by the U.S. Federal Government. These certifications demonstrate adherence to controls relevant to security, availability, processing integrity, confidentiality, and privacy. Note: Additional certifications may be required for specific industries; check with sales for details.

How does Nucleus protect customer data and support compliance frameworks?

Nucleus employs industry-standard administrative, physical, and technical safeguards to protect customer data. It automates compliance framework controls for standards like NIST, FedRAMP, and CISA, and supports PCI DSS Requirement 6. Under its Master Service Agreement, Nucleus warrants compliance with all applicable laws and regulations, including breach notification laws. Note: Compliance support may require additional configuration for non-standard frameworks.

Customer Proof & Success Stories

Can you share specific case studies or success stories of customers using Nucleus?

Yes, Nucleus has documented success stories across multiple industries. For example, Bank of Hope achieved zero critical vulnerabilities (read the full story), a Tier-1 airline reduced 86% of critical vulnerabilities (case study), and Orange Cyberdefense streamlined vulnerability management (read more). UCSB transformed its risk management approach (video story). Note: Results are organization-specific; review case studies for context.

What industries are represented in Nucleus case studies?

Industries include Banking and Financial Services, Airlines, Healthcare, Cybersecurity Services, Education, Energy and Utilities, Retail and Consumer Goods, Public Sector, and Technology. For more details, visit the Customer Stories page. Note: Industry-specific requirements may affect implementation; consult sales for guidance.

Technical Requirements & Documentation

Where can prospects find technical documentation for Nucleus?

Technical documentation is available at api-docs.nucleussec.com for the API, FlexConnect Framework Documentation, and help.nucleussec.com for guides, FAQs, and troubleshooting. Quickstart guides are at help.nucleussec.com/docs/quickstart. Note: Some documentation may require login or partner access.

Support & Customer Service

What support options are available for Nucleus customers?

Standard product support is included at no additional cost, with access to a dedicated support portal (help.nucleussec.com) and responsive technical support. Customer Success Managers assist with onboarding and ongoing needs. Note: Premium support options may be available; contact sales for details.

Customer List & Social Proof

Who are some of Nucleus's customers?

Named customers include Autodesk, CISCO, Motorola, Zebra, Delta Dental, Abbott, University of California Santa Barbara (UCSB), Udemy, Department of Energy (DOE), Australian Red Cross, JCPenney, Henkel, Constellation Brands, Paychex, Marathon, American Airlines, Australia Post, and Premier League. For a comprehensive list, visit the platform page. Note: Customer adoption varies by industry and region.

CUSTOMER STORY

Australian Government Logistics Enterprise Improves Visibility and Workflow Efficiency

We Spoke Nucleus Listened

Customer Profile

  • Australian Government Logistics Enterprise
  • 32,000 Employees
  • $7 Billion in Revenue
  • Seeking a tool to help developers work faster and more efficiently.
  • Interview: Manager, Application Security

Executive Summary

  • A large Australian Government Logistics Enterprise, with 32,000 employees and $7 billion in revenue, was seeking a tool to help developers work faster and more efficiently.
  • The effort aimed to give the large developer team a view of all of their assets and vulnerabilities in one shared location to allow for prioritization, tracking, and a view into their coverage.
  • After 5 months doing product evaluation across 8 solutions, none filled the gap they needed to solve. On a whim, the AppSec Manager asked industry colleagues if anyone had solved this problem and was recommended Nucleus, a brand-new company at the time.
  • Nucleus became transformational to the enterprise’s broader security process, successfully aggregating the data in a way they envisioned, improving visibility and workflow efficiency, and giving them the tools to transition from a mindset of “DevOps” to one of “DevSecOps.”

The Challenge

“After evaluating 8 tools across 5 months, I was ripping my hair out. None of them did what we actually needed. I couldn’t believe no one had solved this.”

As the manager for Application Security for the Australian Logistics juggernaut, enabling his developers to get to production as quickly and as securely as possible was constantly top-of-mind. There were so many tools already in place and an impossibly large amount of data, with no way to take that data from the input sources and place it into a single platform where the developer team could make valuable use of it.

“No vendors were providing vulnerability aggregation for AppSec, especially from the developer-first point-of-view. There were lots of security tools, but no developer security tools. I really hit the wall. I started to wonder if we’d have to sink many years and millions of dollars into building what we needed internally. It was frustrating.”

At his wits-end, the AppSec Manager reached out to a Slack community he belongs to, which includes security practitioners across different industries. After explaining his use-case, he asked simply… “Has anyone done this? What is everyone doing? I can’t be alone here.” One member of the community recommended he look at Nucleus.

“He told me ‘we just put in Nucleus and we really like it’… Oh, and the clincher for me: he said ‘and the pricing doesn’t suck either!’ so, I checked them out.”

Evaluation and Evolution

The AppSec Manager dove into due diligence of his own. He recognized some promise in Nucleus, which at the time was new to the market without the impressive customer list of today. He requested an exploratory call – where he was floored by the candor he received.

“They really echoed my sentiments, without even knowing what those were at the time of that call. They told me this is an evolving industry, there’s nothing mature in this market to solve what I need, but they’re at the forefront and if I partner with them at this stage, I can help influence it to be the tool we needed. They basically sold me by telling me they couldn’t solve my problem right away. But I knew they ‘got it’.”

Nucleus was deployed to the enterprise and evolved with the broader security program. A core tenant of Nucleus is to “work the way that you do”, showing a willingness to be flexible and evolve the solution to tackle the real-world problems that customers are facing.

“We talked and Nucleus listened. We told them what we needed that wasn’t already part of the platform, and they went out and built it. The uptake was tremendous as our team started to see the power and became invested.”

The Results

Nucleus is now the central source of data for “everything” at the enterprise’s security operations, and has expanded in scope and adoption into other business units. By having a complete picture of their assets in one shared platform, developers can better prioritize their work while also giving product managers insight and focus to optimize the security posture of their product.

“We set out to give power to the developers to visualize their data. We really wanted to remove the smoke and mirrors and put the security data directly in their hands without a middleman. Nucleus helped transform everyone into one large team, where everyone feels accountable for security.”

Nucleus helped shift the culture by bringing vast sets of data from disparate tools into a central hub and giving users that information across function. Using the Nucleus platform for unified vulnerability management enabled the enterprise to get vital security information out from behind the curtain of the security team and into the hands and desktops of the developer team. Developers now take direct responsibility for security in their area and can act on the information in their lane.

“Nucleus cares and wants to build with you as a customer. I wish I would’ve found them sooner!”

Want to See Nucleus in Action?

Watch our demo on-demand.