providing at the computing device enforcement engines that implement different layers of security enforcement;

receiving and storing at the computing device security policies having rules, each rule having a rule type;

under control of a firewall agent executing on the computing device,

retrieving the stored security policies; and

for rules of a retrieved security policy,

identifying an enforcement engine to which a rule applies based on the rule type of the rule; and

providing the rule to the identified enforcement engine; and

under control of the enforcement engines executing on the computing device,

storing the rules provided to the enforcement engine by the firewall agent;

under control of a flow manager executing on the computing device,

receiving a network event;

identifying an enforcement engine that is responsible for enforcing its rules against the network event; and

providing the network event to the identified enforcement engine;

under control of the enforcement engines executing on the computing device,

when a network event is provided to the enforcement engine, enforcing the rules provided to the enforcement engine by the firewall agent against the network event provided by the flow manager,

wherein the firewall agent provides a mechanism for distributing the rules to multiple enforcement engines of the computer device, the flow manager distributes network events to enforcement engines, and each enforcement engine enforces its provided rules against the network events that it is provided.