ColdPath provides organizations professional consultation on securing their web architectures. We help organizations account for a very complex threat landscape as it pertains to web infrastructure and its applications, specifically accounting for the introduction and integration of open-source technologies.
Whether it’s deploying on bare metal at a data center you manage or deploying on a cloud platform like GCE and AWS, ColdPath has the knowledge and skills to harden, monitor and response to any security issues you might encounter. We provide our services through two very specific approaches – programmatic and technical application.
Services we offer include:
- Security Program: Design and Deployment of a security governance program;
- Technical Services: Deployment and Maintenance of security applications;
As a team we’re bringing over 30 years of technology and security experience. In that time, there have been a few common themes across all the organizations we’ve supported:
- Rarely do they know what assets they truly have;
- The threat landscape is too complex and continuously evolving, making it difficult to stay ahead of;
- There is never a resource focused to security, it’s always the part-time job of another individual;
- They all care enough not to be a statistic, but don’t proactive, continuous, effort towards security until after a compromise;
That’s why we created ColdPath. ColdPath will help your organization establish its own security governance program. We’ll spend time doing the boring, but very critical work, of helping you understand and document your environment.
It will include the creation of some of the most important documents in your security arsenal:
- Business Continuity
- Asset Inventory & Management
- Information Security Policy
- Vulnerability Management Program
- Identity and Access Management
This process will be especially important to organizations looking to conform with PCI DSS, SOC II Type I / II, or ISO 27001 requirements.
ColdPath partners with your organization to provide security that is practical and integrates with your organization. We understand the importance of business and realize that security is not a revenue generator, but is imperative to protecting it.
One of the unique aspects of ColdPath is that our team is comprised of technologists that have built complex web applications that have served millions of customers around the world.
Technologies include the creation of OSSEC Host Intrusion Detection System (HIDS), one of the most widely used open-source security tools in the market and the Sucuri platform, a cloud-based Web Application Firewall (WAF), Indicators of Comprise (IoC) detection system, Incident Response platform and Backups solution. OSSEC was acquired by Trend Micro and now powers their Deep Security Scanner and Sucuri was acquired by GoDaddy, powering millions of small businesses around the world.
Why this matters to you is that we bring the depth of knowledge you require, and deserve, to ensure a secure environment. Our technical services include the design, deployment and maintenance of whatever solutions are agreed to.
The services include, but not limited to:
- Deployment of a log management and retention solution;
- Configuration of a network and / or host based intrusion detection system;
- Configuration and maintenance of protective and performance solutions that meet your applications specific needs;
- Dynamic and Static application security testing and validation;
Advancing Your Security Objectives
Whether you are managing custom applications, or trying to figure out how to account for open-source, ColdPath is the partner you want. Through our years of experience, we have consulted and assisted 100’s of thousands of small businesses around the world recover from comprises, let us partner with you to help you reduce your risk of becoming a statistic.
From web applications to security tools, at ColdPath, we understand that keeping up with the rapidly evolving pace of the threat landscape is practically impossible for small businesses. Let us make our experiences in the domain part of your business arsenal, and help reduce your security exposure.