In a world of continuously changing systems and a constantly changing threat landscape the protection needs to move from blocking known malicious behavior to detection of suspicious behavior and reacting appropriately, without waiting for a “blacklist” to be updated. The protection strategy needs to be changed from controlling checkpoints for known malicious behavior to monitoring the behavior of the system and constantly checking for deviations from “good” behavior (“whitelisting”). Also, the target moves from total prevention of attacks to a reduction of the potential impact of an attack. There are multiple ways to limit the impact of an attack. The first way is to limit the spread of an infection and thus shrinking the “attack surface”. This can be achieved by a segmentation of the system (e.g. at network level). Other methods include slowing down the rate of attack and reducing remediation time by quickly responding to all attacks. This is achieved with an adaptive security architecture (ASA).