Abstract: Systems, methods, and media for enforcing a security policy in a network are provided, including, for example, receiving a plurality of events describing component behavior detected by a plurality of sensors, each sensor monitoring a different component of a plurality of components; attributing a first event of the plurality of events to a first principal; attributing a second event of the plurality of events to a second principal; determining whether the first and second events are correlated; storing a data structure that attributes each of the first and second events to the first principal, if it is determined that the first and second events are correlated; comparing the second event to the security policy; and modifying network behavior to enforce the security policy against the first principal based on the comparison of the second event to the security policy and the attribution of the second event to the first principal.

Abstract: Systems, methods, and media for enforcing a security policy in a network are provided, including, for example, receiving a plurality of events describing component behavior detected by a plurality of sensors, each sensor monitoring a different component of a plurality of components; attributing a first event of the plurality of events to a first principal; attributing a second event of the plurality of events to a second principal; determining whether the first and second events are correlated; storing a data structure that attributes each of the first and second events to the first principal, if it is determined that the first and second events are correlated; comparing the second event to the security policy; and modifying network behavior to enforce the security policy against the first principal based on the comparison of the second event to the security policy and the attribution of the second event to the first principal.