Breaking the Swivel Chair Cycle: Why Security Teams Struggle with Asset Visibility-and How to Fix It
|
By Corey Tomlinson
For many security professionals, managing asset visibility feels like an endless game of whack-a-mole. They are stuck in what experts call the “swivel chair approach”—constantly pivoting between multiple dashboards, spreadsheets, and security tools to manually stitch together an understanding of their risk landscape.
|
By Tally Netzer
The question of ownership is one of the biggest reasons vulnerabilities persist in organizations far longer than they should. Who owns vulnerabilities? This isn’t just a theoretical debate—it’s a critical operational issue. Modern scanning solutions excel at identifying and prioritizing vulnerabilities, but without clear ownership, those vulnerabilities often linger unaddressed or improperly documented, increasing an organization’s risk exposure.
|
By Scott Kuffer
If you read the newest risk-based vulnerability management literature, it appears we have a new favorite punching bag: the Common Vulnerability Scoring System (CVSS). You seemingly can’t throw a rock into the “vuln-o-sphere” without hitting someone dunking on CVSS or the National Vulnerability Database (NVD). The argument goes something like this: “Exploitation rates are up, ransomware is surging, and vulnerabilities are multiplying like rabbits.
|
By Corey Tomlinson
Looking back on 2024 to start the new year, we had the great opportunity to host and be part of several conversations and demonstrations that we hope were valuable learning opportunities for everyone who joined us. Let’s take a moment to review some of the highlights from those 2024 events before we leap into 2025.
|
By Scott Kuffer
While vulnerability management is one of the few preventative practices in security, vulnerability patching is still a reactive process. It’s a continuous cycle of discovery, vendors releasing patches, and remediation teams applying those patches. What if there was a way to build in some proactivity to this endless reactive spiral?
|
By Tamir Hardof
Today marks an exciting milestone for Nucleus as we unveil our refreshed brand and new website. This update isn’t just about a new look; it’s a reflection of our journey, growth, and unwavering commitment to you—our customers and partners.
|
By Steve Carter
We’ve had a lot to celebrate at Nucleus this year, with today’s news being the being one of our most significant achievements of the year. Speaking for the whole company, we are proud to have been named to the Deloitte Technology Fast 500, a ranking of the 500 fastest growing technology companies in North America for 2024, and for the recognition of our 1,562% growth over the past three years.
|
By Nucleus
Growing vulnerability and risk management market offers partners significant growth opportunity.
|
By Aaron Unterberger
As organizations continue to embrace digital transformation, their infrastructure increasingly spans cloud environments, third-party integrations, and remote work setups. This shift enhances efficiency and productivity—but also broadens the digital attack surface, creating new points of exposure to the public internet.
|
By Nucleus
In this webinar, Adam Dudley and Aaron Attarzadeh from Nucleus discuss the critical role asset correlation plays in vulnerability management. They dive into how organizations can unify disparate asset data to gain clearer, more actionable risk insights. They explore the challenges of managing vulnerabilities in today's complex environments, with a focus on metadata integration, asset correlation, and how to manage data from multiple scanners and sources.
|
By Nucleus
In this Nucleus webinar, our panel of cybersecurity experts delves into the complexities and best practices for Risk-Based Vulnerability Management (RBVM) in modern organizations. Led by co-founder Scott Kuffer, the discussion covers the evolution of RBVM, the importance of a unified data approach, the role of automated tools, and effective metrics for vulnerability management. Insights from Cecil Pineda, Gregg Martin, and Steve Carter provide a comprehensive look at strategies for mitigating risks and improving security posture through enhanced vulnerability management processes into 2025.
|
By Nucleus
In this demo of Nucleus Security's integration with SecurityScorecard, learn how users can set up, manage, and leverage this connection for enriched vulnerability and asset data.
|
By Nucleus
In this Nucleus webinar, we take a deep dive into the practical challenges and strategies for managing security debt in the context of Risk-Based Vulnerability Management (RBVM). Scott Kuffer, co-founder of Nucleus Security and veteran in vulnerability management, explains how RBVM has shifted from a holistic risk reduction approach to a prioritization-heavy process that often falls short. He discusses why traditional methods lead to excessive security debt and demonstrates how aligning VM processes with product management principles can create more efficient, business-centric remediation.
|
By Nucleus
In this webinar, discover how the Nucleus Vulnerability Intelligence Platform (VIP) is changing the way organizations handle vulnerabilities. Learn how VIP empowers security teams to assess, prioritize, and mitigate vulnerabilities in real time by leveraging automated workflows, comprehensive data aggregation, and custom risk ratings. Key topics covered: Chapters Don't forget to like, comment, and subscribe for more in-depth webinars and expert discussions on cybersecurity and vulnerability management!
|
By Nucleus
How should we measure risk? Zebra Technologies has more than a dozen cybersecurity tools, thirty-five teams, and hundreds of people worldwide managing vulnerabilities. They wanted to measure with one yardstick; use a single, risk-based solution that could be customized to meet business criteria.
|
By Nucleus
Join us for an in-depth webinar on the Exploit Prediction Scoring System (EPSS), a powerful tool for predicting the exploitability of vulnerabilities. This discussion features experts Jay Jacobs from Cyentia and Stephen Schafferr from Peloton Interactive. They explore the intricacies of EPSS, its application, and the benefits of using EPSS over traditional methods like CVSS for better vulnerability management. Key topics include operationalizing EPSS, leveraging threat intelligence, and creating effective prioritization strategies. .
|
By Nucleus
Join Scott Kuffer, Co-Founder of Nucleus Security, in this webinar, focused on effective vulnerability management. Dive deep into the complexities of managing non-CVE based vulnerabilities. Learn about centralized vs. distributed remediation strategies and gain practical tips on triaging, prioritizing, and responding to vulnerabilities. This webinar emphasizes the importance of a unified approach to vulnerability management, leveraging threat modeling, and re-evaluating risk assessment methodologies to protect your business.
|
By Nucleus
Steve Carter, CEO and co-founder of Nucleus Security, and Dr. Nikki Robinson, Security Architect at IBM, discuss the importance of the people side of vulnerability management. They explore challenges such as context switching, long mean time to remediation, and the impact of communication on vulnerability management programs. The conversation includes practical advice on incorporating human factors into cybersecurity practices, how to improve communication and collaboration among teams, and why understanding human factors is crucial for effective vulnerability management.
|
By Nucleus
Welcome to our latest vulnerability management webinar, hosted by Scott Kuffer and Gene Bandy. In this session, Scott and Gene dive deep into the complexities and challenges faced by organizations in managing vulnerabilities and what you can do about it. Key Topics Covered: Why Watch This Webinar? Don't forget to like, comment, and subscribe for more in-depth webinars and expert discussions on cybersecurity and vulnerability management!
|
By Nucleus
There are hundreds of statistics you could collect and monitor to use as guiding metrics, but that doesn't mean it's a good idea to do so. Learn the four most critical metrics to track in vulnerability management, and what they tell us about the health of your program.
|
By Nucleus
Many organizations are using outdated, highly inefficient, and time consuming VM processes that leave security personnel struggling to keep up. As the vulnerability landscape continues to evolve rapidly, the processes used to discover, track, and remediate them has failed to evolve with it.
|
By Nucleus
Vulnerability exploitation is involved in over half of breaches, making it a huge risk to organizations. And the problem only continues to balloon year over year... both in the speed at which attackers are capitalizing on exploited vulnerabilities, and in the way that technology and assets outgrow most organization's current vulnerability management programs. In this series, we're going to be breaking down how vulnerability management has grown and evolved over time, plus how to modernize your program using things like risk-based vulnerability management.
- February 2025 (2)
- January 2025 (3)
- December 2024 (4)
- November 2024 (5)
- October 2024 (7)
- September 2024 (4)
- August 2024 (8)
- July 2024 (4)
- June 2024 (3)
- May 2024 (2)
- April 2024 (5)
- March 2024 (2)
- February 2024 (7)
- January 2024 (4)
- December 2023 (3)
- November 2023 (5)
- October 2023 (5)
- September 2023 (1)
Nucleus is a Risk Based Vulnerability Management (RBVM) solution that automates vulnerability management processes and workflows, enabling organizations to mitigate vulnerabilities 10 times faster, using a fraction of the resources that it takes to perform these tasks today.
The only Risk-Based Vulnerability Management Platform purpose-built for the world’s most complex enterprises:
- Vulnerability Management: Mitigate vulnerabilities 10X faster, using a fraction of resources.
- Application Security: Accelerate AppSec to the Speed of Operations & ship secure code faster.
- Government: Ensure compliance and control access to data any way you choose.
- MSSPs: Manage all clients from a single platform with true multi-tenancy.
Unified Vulnerability Management.