A universal patching machine is used to provide network-based security for
a data network. The universal patching machine may be implemented on a
network appliance located at the edge of the data network. From this
location, the universal patching machine intercepts data traffic between
the internet and the data network. The universal patching machine
examines the intercepted data traffic to detect security vulnerabilities.
If a vulnerability violation is detected, the universal patching machine
modifies the data traffic to remove the violation. Fixing the data
traffic in this way ensures that the vulnerability cannot be exploited in
an attack against the data network. The universal patching machine is
formed from patch processors and a packet controller. The patch
processors are formed from network patches. In operation, the patch
processors detect vulnerabilities and issue modification commands that
direct the packet controller to fix the data traffic.