Determining an entity's cybersecurity risk and benchmarking that risk includes non-intrusively collecting one or more types of data associated with an entity. Embodiments further include calculating a security score for at least one of the one or more types of data based, at least in part, on processing of security information extracted from the at least one type of data, wherein the security information is indicative of a level of cybersecurity. Some embodiments also comprise assigning a weight to the calculated security score based on a correlation between the extracted security information and an overall security risk determined from analysis of one or more previously-breached entities in the same industry as the entity. Additional embodiments include calculating an overall cybersecurity risk score for the entity based, at least in part, on the calculated security score and the weight assigned to the calculated security score.

Determining an entity's cybersecurity risk and benchmarking that risk includes non-intrusively collecting one or more types of data associated with an entity. Embodiments further include calculating a security score for at least one of the one or more types of data based, at least in part, on processing of security information extracted from the at least one type of data, wherein the security information is indicative of a level of cybersecurity. Some embodiments also comprise assigning a weight to the calculated security score based on a correlation between the extracted security information and an overall security risk determined from analysis of one or more previously-breached entities in the same industry as the entity. Additional embodiments include calculating an overall cybersecurity risk score for the entity based, at least in part, on the calculated security score and the weight assigned to the calculated security score.

Aspects of the subject disclosure may include, for example, obtaining traffic that is conveyed at least in part within a private cloud network, based on the obtaining, identifying characteristics of the traffic, and based on the identifying of the characteristics of the traffic, causing at least one action to be performed within the private cloud network. Other embodiments are disclosed.

Aspects of the subject disclosure may include, for example, obtaining traffic that is conveyed at least in part within a private cloud network, based on the obtaining, identifying characteristics of the traffic, and based on the identifying of the characteristics of the traffic, causing at least one action to be performed within the private cloud network. Other embodiments are disclosed.

Some embodiments provide a method that configures a virtual datacenter that includes a set of workloads executing on hosts in a public cloud and an edge gateway executing on a particular host for handling data traffic between the workloads and different external entities having different sets of network addresses. The method configures a router to execute on the particular host to route data messages between the edge gateway and an underlay network of the public cloud. The router has at least two different interfaces for exchanging data messages with the edge gateway, each router interface corresponding to an interface of the edge gateway. The edge gateway interfaces enable the edge gateway to perform different sets of services on data messages between the workloads and the external entities. The method configures the router to route traffic received from the external entities and addressed to the workloads based on source network addresses.

Some embodiments provide a method that configures a virtual datacenter that includes a set of workloads executing on hosts in a public cloud and an edge gateway executing on a particular host for handling data traffic between the workloads and different external entities having different sets of network addresses. The method configures a router to execute on the particular host to route data messages between the edge gateway and an underlay network of the public cloud. The router has at least two different interfaces for exchanging data messages with the edge gateway, each router interface corresponding to an interface of the edge gateway. The edge gateway interfaces enable the edge gateway to perform different sets of services on data messages between the workloads and the external entities. The method configures the router to route traffic received from the external entities and addressed to the workloads based on source network addresses.

Embodiments identify a station that rotates an over the air station address. As address rotation was not originally designed into wireless networks, the rotation can introduce communication challenges for the station. The embodiments derive that traffic referencing two different over the air station addresses are associated with a single common station. This is accomplished by determining a similarity between properties of two sets of traffic. A first set of traffic references the first over the air station address and a second set of traffic references the second over the air station address. If the properties common across the two sets of traffic indicate sufficient similarity, the embodiments determine that both sets of traffic are associated with a single device. Network configuration of the device is then adjusted based on the determination.

A method for service function chaining in a network includes defining, for a flow of packets, a chain of selected network service functions (NSFs) to be traversed by the flow. Each of the selected NSFs is associated with a programmable switch. The method also includes generating a chain establishment packet (CEP) that contains network identifier information (NII) about the selected NSFs and that is configured as a regular network packet to be delivered to the destination node along a network path that includes the programmable switches to which the selected NSFs is associated. Each programmable switch, upon receipt of the CEP and based on the NII about the selected NSFs contained in the CEP, performs installation of packet forwarding rules for the flow together with network address and port translation operations, and selects, on behalf of the respective NSF, socket parameters for use by the NSF for processing the flow.

Systems and methods for mapping IP addresses to an entity include receiving at least one domain name associated with the entity. Embodiments may further include determining one or more variations of the at least one domain name based on analysis of domain name data collected from a plurality of domain name data sources that mention a variation of the at least one domain name. Some embodiments may also include identifying one or more IP addresses pointed to by the one or more variations of the entity's domain name based on analysis of IP address data collected from a plurality of IP address data sources. Additional embodiments include assigning weights to each of the identified one or more IP addresses and creating a mapping of IP addresses to associate with the entity based on analysis of the weighted one or more IP addresses.

A computer program product, system, and computer implemented method for application-level redirect trapping and creation of NAT mapping to work with routing infrastructure for private connectivity in cloud and customer networks. The approach disclosed herein generally comprises a method of leveraging a reverse connection endpoint and IP address mapping controller to capture redirection messages from a private cloud or network (e.g., a service consumer network or a service consumer hybrid cloud). This allows at least the IP address mapping controller to manage a cloud networking infrastructure to provide for a service provider network (e.g., a public cloud) to support applications that overcome the isolation requirements of a private cloud or network to perform useful work. For example, without saddling the private cloud or network user with a heavy pre-configuration burden, the approach disclosed herein supports redirection to dynamically determined IP addresses at the private cloud or network.