An open architecture, transparent and expandable system for proactively preventing cyber-attacks into and within a communication network of a user organization. The system includes a plurality of modals in the form of abstract security objects. The modals are the expandable feature of the system that perform at least one of the following security operations: Internet protocols (IP's); context-based pattern matching; target quarantine; faking responses; defragmentation; monitoring; a virtual honeypot; and protocol analysis, wherein the modals perform different operations using different data. The system also includes: a plurality of bricks, wherein the bricks are specific implementations of the modals, such that a brick equals a modal plus data, and such that the bricks create a course of action that defines the inspection flow within a single policy and between policy chains; a plurality of policies, wherein the policies are chains of bricks that are executed by the system architecture, wherein the security manager of the user organization may define the profile on which the policy will be performed; an intelligence database for storing information about the attacks and the attackers; and a modal system development kit (SDK), wherein third party companies develop new modals according to the open architecture, and transparently integrate the new modals into the system.