With growing complexity of civilian or defence systems and structures intelligent security attacks have become more difficult to detect, analyse and respond in real time. Attacks in the information and communication technologies environment are usually defended by individual elements targeted, or according to the type of attack. This approach is difficult, costly and is always a step behind the attackers who have strategic view. Attackers may also target the defender's finances by driving its defence expenditures to unsustainable levels. It is proposed here a general macro vision of defence as a whole, with two major aspects. First, the defence system is composed of independent layers of detection, starting from the cheapest and most available to expert level with high costs, based on autonomous agents, swarm behaviour and immune system metaphor. Secondly, the whole defence should be considered as a single system, with cyber-attacks, financial fraud, money laundering, organised crime, border trafficking, terrorism, guerrilla warfare, stealth attacks, conventional war and other threats are considered as parts of the same defence with feeding information to each other in a real time environment.