A method for vertically extensible intrusion detection for an enterprise
comprises receiving a first packet flow from a first node, the first
packet flow comprising at least a portion of packet headers received at
the first node during a first timeframe and receiving a second packet
flow, the second packet flow comprising at least a portion of packet
headers received at the second node during a second timeframe. The first
and second packet flow are processed to detect an attack on the
enterprise system. In response to the attack, an alert message is
communicated to a master server, a response message is received from the
master server, the response message comprising a signature to impede the
attack, and the response message is automatically communicated to the
first node and the second node.