Some embodiments establish for an entity a virtual network over several public clouds of several public cloud providers and/or in several regions. In some embodiments, the virtual network is an overlay network that spans across several public clouds to interconnect one or more private networks (e.g., networks within branches, divisions, departments of the entity or their associated datacenters), mobile users, and SaaS (Software as a Service) provider machines, and other web applications of the entity. The virtual network in some embodiments can be configured to optimize the routing of the entity's data messages to their destinations for best end-to-end performance, reliability and security, while trying to minimize the routing of this traffic through the Internet. Also, the virtual network in some embodiments can be configured to optimize the layer 4 processing of the data message flows passing through the network.

Some embodiments establish for an entity a virtual network over several public clouds of several public cloud providers and/or in several regions. In some embodiments, the virtual network is an overlay network that spans across several public clouds to interconnect one or more private networks (e.g., networks within branches, divisions, departments of the entity or their associated datacenters), mobile users, and SaaS (Software as a Service) provider machines, and other web applications of the entity. The virtual network in some embodiments can be configured to optimize the routing of the entity's data messages to their destinations for best end-to-end performance, reliability and security, while trying to minimize the routing of this traffic through the Internet. Also, the virtual network in some embodiments can be configured to optimize the layer 4 processing of the data message flows passing through the network.

Aspects of the subject disclosure may include, for example, specification of network service functions (e.g., a firewall or network address translation appliance) to be included in a service function path. Routers in a communication network may publish information regarding reachable network service functions and an API may be exposed that provides the information regarding the reachable network service functions. Other embodiments are disclosed.

Aspects of the subject disclosure may include, for example, specification of network service functions (e.g., a firewall or network address translation appliance) to be included in a service function path. Routers in a communication network may publish information regarding reachable network service functions and an API may be exposed that provides the information regarding the reachable network service functions. Other embodiments are disclosed.

A computer performs dynamic address isolation. The computer comprises an application associated with an application address, a network interface coupled to receive incoming data packets from and transmit outgoing data packets to an external network, a network address translation engine configured to translate between the application address and a public address, and a driver for automatically forwarding the outgoing data packets to the network address translation engine to translate the application address to the public address, and for automatically forwarding the incoming data packets to the network address translation engine to translate the public address to the application address. The computer may communicate with a firewall configured to handle both network-level security and application-level security.

The controller has a communication unit that receives read/write requests specifying an address of the same virtual area from a plurality of clients, and an actual area to be read/written by the communication unit. The communication unit has a management table that associates an identifier of the client with an address of the actual area that is different for each client, and an address conversion unit that carries out reading and writing to the address of the actual area associated with the identifier of the client with reference to the management table.

Determining an entity's cybersecurity risk and benchmarking that risk includes non-intrusively collecting one or more types of data associated with an entity. Embodiments further include calculating a security score for at least one of the one or more types of data based, at least in part, on processing of security information extracted from the at least one type of data, wherein the security information is indicative of a level of cybersecurity. Some embodiments also comprise assigning a weight to the calculated security score based on a correlation between the extracted security information and an overall security risk determined from analysis of one or more previously-breached entities in the same industry as the entity. Additional embodiments include calculating an overall cybersecurity risk score for the entity based, at least in part, on the calculated security score and the weight assigned to the calculated security score.

Determining an entity's cybersecurity risk and benchmarking that risk includes non-intrusively collecting one or more types of data associated with an entity. Embodiments further include calculating a security score for at least one of the one or more types of data based, at least in part, on processing of security information extracted from the at least one type of data, wherein the security information is indicative of a level of cybersecurity. Some embodiments also comprise assigning a weight to the calculated security score based on a correlation between the extracted security information and an overall security risk determined from analysis of one or more previously-breached entities in the same industry as the entity. Additional embodiments include calculating an overall cybersecurity risk score for the entity based, at least in part, on the calculated security score and the weight assigned to the calculated security score.

An example apparatus includes a discernment logic circuit and logic circuitry. The discernment logic circuit discerns whether a requested communications transaction received over the management communications bus from another of the plurality of logic nodes involves a first type of transaction or a second type of transaction. The second type of transaction has a plurality of commands associated with the requested communication transaction to convey respectively different parts of the requested communications transaction including an address part and a data part. The logic circuitry accesses, in response to discerning that the requested communications transaction involves the second type of transaction, a register of the plurality of registers associated with the first type of transaction, wherein the plurality of registers associated with the first type of transaction are mapped into a set of addresses for the second type of transaction.

A method of translating network addresses includes defining a service address including a first IP address for a server. The server actually uses a service address including a second IP address. A packet originating from a client is received, the target address of the packet being the first IP address. The destination address of the packet is changed from the first IP address to a third IP address. The destination address of the packet is then changed from the third IP address to the second IP address. The first packet is then sent to the server. The present disclosure also provides a system for implementing the method of translating network address. The security of data transmission is improved while resolving IP network segment conflicts.