A system and method for providing distributed security of a network. Several device profilers are placed at different locations of a network to assess vulnerabilities from different perspectives. The device profiler identifies the hosts on the network, and characteristics such as operating system and applications running on the hosts. The device profiler traverses a vulnerability tree having nodes representative of characteristics of the hosts, each node having an associated set of potential vulnerabilities. Verification rules can verify the potential vulnerabilities. A centralized correlation server, at a centrally accessible location in the network, stores the determined vulnerabilities of the network and associates the determined vulnerabilities with attach signatures. Traffic monitors access the attack signatures and monitor network traffic for attacks against the determined vulnerabilities.