A method for vertically extensible intrusion detection for an enterprise comprises receiving a first packet flow from a first node, the first packet flow comprising at least a portion of packet headers received at the first node during a first timeframe and receiving a second packet flow, the second packet flow comprising at least a portion of packet headers received at the second node during a second timeframe. The first and second packet flow are processed to detect an attack on the enterprise system. In response to the attack, an alert message is communicated to a master server, a response message is received from the master server, the response message comprising a signature to impede the attack, and the response message is automatically communicated to the first node and the second node.