This article deals with protection of home and enterprise users and in particular Critical Infrastructures (CIs) against attacks unleashed by terrorists or criminals. Threats and challenges in large-scale network protection are discussed and their congruent defense mechanisms are classified into defensive and offensive. One defensive and one offensive mechanism is described. The Early Detection, Alert and Response (eDare) framework is a defensive mechanism aimed at removing malware from NSPs' traffic. eDare employs powerful network traffic scanners for sanitizing web traffic from known malware. Remaining traffic is monitored and various types of algorithms are used for identifying unknown malware. To augment judgments of the algorithms, experts' opinions are used to classify files suspected as malware which the algorithms are not decisive about. Finally, collaborative feedback and tips from end-users are meshed into the identification process. DENAT system is an offensive mechanism which uses Machine Learning algorithms to analyze traffic that is sent from organizations such as universities through Network Address Translators (NAT). The analysis associates users with the content of their traffic in order to identify access to terror related websites.