Some embodiments establish for an entity a virtual network over several public clouds of several public cloud providers and/or in several regions. In some embodiments, the virtual network is an overlay network that spans across several public clouds to interconnect one or more private networks (e.g., networks within branches, divisions, departments of the entity or their associated datacenters), mobile users, and SaaS (Software as a Service) provider machines, and other web applications of the entity. The virtual network in some embodiments can be configured to optimize the routing of the entity's data messages to their destinations for best end-to-end performance, reliability and security, while trying to minimize the routing of this traffic through the Internet. Also, the virtual network in some embodiments can be configured to optimize the layer 4 processing of the data message flows passing through the network.

The subject matter of the present disclosure can be implemented by, among other things, a remote control device configured to receive an identifier, present a plurality of controllable devices for selection on a display of the remote control device, and receive a selection of two or more controllable devices via the user interface. Using the identifier, a session with the two or more controllable devices is generated and performances of a same task by the two or more controllable devices are controlled by the remote control device by transmitting a message containing control information and the identifier to a network service.

The subject matter of the present disclosure can be implemented by, among other things, a remote control device configured to receive an identifier, present a plurality of controllable devices for selection on a display of the remote control device, and receive a selection of two or more controllable devices via the user interface. Using the identifier, a session with the two or more controllable devices is generated and performances of a same task by the two or more controllable devices are controlled by the remote control device by transmitting a message containing control information and the identifier to a network service.

The subject matter of the present disclosure can be implemented in, among other things a computer-readable storage medium encoded with instructions for causing a programmable processor to receive, by a server, a first message from a remote control that is distinct from and external to the server, wherein the first message includes a remote control identifier and control information for controlling one or more functions of at least one device other than the remote control. The instructions also cause the programmable processor to retrieve, by the server, a controlled device identifier that uniquely identifies a controlled device that is distinct from and external to the server. The instructions also cause the programmable processor to send a second message from the server to the controlled device identified by the controlled device identifier to control an operation of the controlled device.

Systems and methods for mapping IP addresses to an entity include receiving at least one domain name associated with the entity. Embodiments may further include determining one or more variations of the at least one domain name based on analysis of domain name data collected from a plurality of domain name data sources that mention a variation of the at least one domain name. Some embodiments may also include identifying one or more IP addresses pointed to by the one or more variations of the entity's domain name based on analysis of IP address data collected from a plurality of IP address data sources. Additional embodiments include assigning weights to each of the identified one or more IP addresses and creating a mapping of IP addresses to associate with the entity based on analysis of the weighted one or more IP addresses.

In one aspect, a computerized method includes the step of providing process monitor in a Gateway. The method includes the step of, with the process monitor, launching a Gateway. Daemon (GWD). The GWD runs a GWD process that implements a Network Address Translation (NAT) process. The NAT process includes receiving a set of data packets from one or more Edge devices and forwarding the set of data packets to a public Internet. The method includes the step of receiving another set of data packets from the public Internet and forwarding the other set of data packets to the one or more Edge devices. The method includes the step of launching a Network Address Translation daemon (NATD). The method includes the step of detecting that the GWD process is interrupted; moving the NAT process to the NATD.

Some embodiments provide a simplified mechanism to deploy and control a multi-segmented application by using application-based manifests that express how application segments of the multi-segment application are to be defined or modified, and how the communication profiles between these segments. In some embodiments, these manifests are application specific. Also, in some embodiments, deployment managers in a software defined datacenter (SDDC) provide these manifests as templates to administrators, who can use these templates to express their intent when they are deploying multi-segment applications in the datacenter. Application-based manifests can also be used to control previously deployed multi-segmented applications in the SDDC. Using such manifests would enable the administrators to be able to manage fine grained micro-segmentation rules based on endpoint and network attributes.

An example computer-implemented method to translate a namespace includes receiving a first synchronization request associated with a first content item. This first synchronization request can include a first content item path and come from a client device. The example method can then include determining that a portion of the first content item path matches an entry path in an entry in a namespace mount table. The entry can include a second namespace. The example method can then include modifying the first synchronization request by removing the portion of the first content item path and including the second namespace in the first synchronization request. The example method can then include sending the first synchronization request to a content management system.

Some embodiments establish for an entity a virtual network over several public clouds of several public cloud providers and/or in several regions. In some embodiments, the virtual network is an overlay network that spans across several public clouds to interconnect one or more private networks (e.g., networks within branches, divisions, departments of the entity or their associated datacenters), mobile users, and SaaS (Software as a Service) provider machines, and other web applications of the entity. The virtual network in some embodiments can be configured to optimize the routing of the entity's data messages to their destinations for best end-to-end performance, reliability and security, while trying to minimize the routing of this traffic through the Internet. Also, the virtual network in some embodiments can be configured to optimize the layer 4 processing of the data message flows passing through the network.

Determining an entity's cybersecurity risk and benchmarking that risk includes non-intrusively collecting one or more types of data associated with an entity. Embodiments further include calculating a security score for at least one of the one or more types of data based, at least in part, on processing of security information extracted from the at least one type of data, wherein the security information is indicative of a level of cybersecurity. Some embodiments also comprise assigning a weight to the calculated security score based on a correlation between the extracted security information and an overall security risk determined from analysis of one or more previously-breached entities in the same industry as the entity. Additional embodiments include calculating an overall cybersecurity risk score for the entity based, at least in part, on the calculated security score and the weight assigned to the calculated security score.