Nucleus Security was launched in 2018 by its three founders, Steve Carter, Nick Fleming, and Scott Kuffer, who have decades of experience in the field of vulnerability management (VM), supporting US government organizations. While working as VM practitioners, they identified inefficiencies in the processes that must take place once vulnerabilities are identified to quickly prioritize and remediate them. They set out to optimize the VM processes and workflows by building a platform for the federal government, automating processes that had traditionally been done manually. Adhering to the federal government technology requirements, they chose to build the platform on MariaDB, as it was on the government’s approved software list. Nucleus was able to ingest and process results from vulnerability scanning tools without issues when scanning was occurring monthly or quarterly. Yet, when they uncovered opportunities to expand Nucleus to the private sector, many of their initial customers were scanning weekly or daily, and MariaDB became a bottleneck that was preventing the company from scaling to meet the needs of very large enterprises.
When the Nucleus team began architecting its platform, which was built to be deployed anywhere, but primarily in AWS, they explored graph databases, document-oriented databases, and traditional relational databases. But, said Steve, “It quickly became apparent as we started to onboard bigger customers that a high-performance relational database system was the correct solution to support our data model and the features we wanted to bring to the large enterprise market.”
Scott added, “We were working on customer use cases that made it evident that we needed a relational database because all the data Nucleus is ingesting is highly relational. The majority of the data we store are time stamped vulnerability scan results, which include individual vulnerabilities, and each is tied to assets in a many-to-many relationship.”
The team explored solutions for scaling MariaDB, like Percona, but found that it wouldn’t meet their need to scale horizontally. “We determined that a sharded cluster was needed to scale the system horizontally. While Percona offered a clustered architecture it did not offer the performance improvements that a sharded system provides.” said Steve.
SingleStore supports the MariaDB MySQL syntax, which enabled Nucleus to replace its original database with few code or query changes. “We started with the free tier of SingleStore. We took a clone of our existing MariaDB database and did a proof of concept (POC) to determine how to migrate the changes we had to make to our application and the database schema. It went really smoothly,” said Steve. SingleStore was far less complex than MariaDB and easier to maintain. The team got the SingleStore database deployed, its data loaded, and had the Nucleus application working in about half a day.
Nearly every action performed through the Nucleus web application is powered by SingleStore, which also powers the Nucleus job queue. This allows customers to set up integrations with vulnerability scanning and ticketing tools and configure automated data ingestion to occur at desired frequencies (e.g., hourly, daily, weekly) to trigger reports, alerts, and tickets in systems like Jira and ServiceNow.
SingleStore has enabled Nucleus to fill the VM gap and provide a solution its market desperately needs.
Successful market expansion into the large enterprise
Within one quarter of switching to SingleStore, Nucleus converted its first beta account to a paying customer. “We closed a partnership deal with the Australian Post Office, our first cornerstone large enterprise client, which launched a lot of our subsequent success. They’re scanning thousands of applications at multiple layers continuously throughout the entire development lifecycle, and we wouldn't have been able to support them without SingleStore,” said Scott.
Ability to ingest 60X more assets compared to its legacy database
“We do a lot of our licensing based on numbers of assets, an asset being a computer, device or application to be scanned. Each asset can have hundreds (or even thousands) of vulnerabilities. With SingleStore we're able to ingest vulnerability scans containing over 100,000 assets in less than one hour with no problems. Before, with MariaDB, we were only able to ingest vulnerability scans with up to 5,000 assets, and it would take up to three hours depending on the data” said Scott.
Performance increase of 20X for its slowest scans
During the SingleStore POC, the initial performance tests far exceeded expectations. “We started by importing our largest tables from MariaDB and running our slowest queries. With SingleStore we saw speed improvement of 20X for some of our slowest queries,” said Steve. The stellar performance from SingleStore enabled the team to use its free tier longer than expected. “We have the confidence that we can meet the real-time demands and service levels agreements (SLAs) from large enterprise customers. We upgraded our subscription to SingleStore to ensure we have 24x7 access to its support team. Not only can we meet customer demands, but with SingleStore we’ve actually lowered our AWS infrastructure costs by about 3X,” said Steve.