US Patent 10122748 Network protection system and threat correlation engine

A network protection system and method for processing of network traffic between one or more networked devices. The network protection system may include the networked devices and a threat correlation device. The networked devices may operate as a monitoring agent and/or an interdiction agent. The threat correlation device may execute computer code for receiving information from the monitoring agent regarding an event recognized by the monitoring agent, retrieving an event score for the event from a risk scoring database based on an event type, a destination of the event, and a number of occurrences of the event, and updating a risk score by adding the event score to the risk score. When the risk score reaches a critical threshold, the threat correlation device may send instructions to the interdiction agent to take protective or defensive action against data traffic of that event type and from that aggressor.