A security intrusion mitigation system and method are presented. In one embodiment a security intrusion mitigation method includes utilizing network spanning tree configuration information to determine an action for mitigating diffusion of intrusive attacks. The spanning tree information can include an indication of an internal diffusion risks. An action for mitigating diffusion of intrusive attacks is automatically performed. The action for mitigating diffusion of the intrusive attacks includes compensation for functional support of prioritized applications.