A method is presented in which a system reduces the risk of an advanced persistent threat (“APT”) detected at one or more network devices by implementing one or more mitigation actions depending on the nature of the detected threat. Accordingly, in response to detecting the risk of an APT at one or more network devices, a centralized controller implements one or more mitigation actions to minimize the vulnerability of an enterprise network to unauthorized access to one or more network resources. A centralized controller may therefore instruct one or more network devices to take appropriate mitigation actions depending on the nature of an APT detected on one or more network devices.