Today's computer networks consist of many computing devices exchanging data and interacting with each other. One issue that arises with the rise in computer networks is the ability to detect a misbehaving device or host within the network, and blocking the misbehaving device from continuing is activities without the need for an additional network device capable of handling the detection of the misbehaving device, the decision making, and the security response.
Current solutions to provide network security are based on infrastructure elements, such as servers, appliances, and firewalls, collecting and processing data in order to detect problematic activities and their ability to trigger the necessary containment actions. For example, an intrusion detection system (IDS) may detect a problematic device, a security information and event management (SIEM) component determines whether to block the device, and a closest network device enforces the decision. However, this approach results in several issues. For example, due to the latency between a problematic device and the infrastructure, the analysis cannot be completed in real time. Additionally, the solution is not scalable onto large hierarchical networks, such as the Internet of Things. Further, the infrastructure required to provide such security results in a single point of failure. Thus, a solution is needed to provide network security.