Methods and systems for protecting a secured network

The invention claimed is: 1 . A security policy management server comprising: one or more processors and memory storing instructions that, when executed by the one or more processors, cause the security policy management server to: receive, from a plurality of malicious host tracker services, one or more network addresses identifying one or more malicious hosts that have been determined, by at least one of the plurality of malicious host tracker services, to have transmitted malicious network traffic; determine that a first portion of the one or more network addresses provided by a first malicious host tracker service of the plurality of malicious host tracker services and a second portion of the one or more network addresses provided by a second malicious host tracker service of the plurality of malicious host tracker services are correlated based on comparing the first portion of the one or more network addresses and the second portion of the one or more network addresses; automatically create, based on receiving the one or more network addresses and based on the first portion of the one or more network addresses being correlated with the second portion of the one or more network addresses, a packet filtering rule for a dynamic security policy, wherein the packet filtering rule comprises: one or more packet matching criteria that encompasses the first portion of the one or more network addresses and the second portion of the one or more network addresses, and one or more corresponding packet transformation functions that are applicable to packets matching the one or more packet matching criteria; and send, to a packet security gateway located at boundary between a first network protected by the packet security gateway and a second network, the packet filtering rule for the dynamic security policy, wherein the packet filtering rule is configured to cause the packet security gateway to: encapsulate each of one or more packets corresponding to the one or more packet matching criteria with an Internet Protocol header specifying a network address; strip, on a packet-by-packet basis and from the encapsulated one or more packets, the Internet Protocol header specifying the network address; and forward the one or more packets corresponding to the one or more packet matching criteria toward their respective destinations without the Internet Protocol header specifying the network address. 2 . The security policy management server of claim 1 , wherein the instructions, when executed by the one or more processors, further cause the security policy management server to: add the packet filtering rule to the dynamic security policy, wherein the instructions, when executed by the one or more processors, cause the security policy management server to send the packet filtering rule by transmitting the dynamic security policy to the packet security gateway. 3 . The security policy management server of claim 1 , wherein the packet security gateway is configured to filter one or more packets by applying the one or more corresponding packet transformation functions to the packets matching the one or more packet matching criteria. 4 . The security policy management server of claim 1 , wherein the instructions, when executed by the one or more processors, further cause the security policy management server to: create a plurality of packet filtering rules comprising the packet filtering rule and one or more second packet filtering rules, wherein each packet filtering rule of the one or more second packet filtering rules comprises: one or more second packet matching criteria different from the one or more packet matching criteria, and one or more corresponding second packet transformation functions that are applicable to packets matching the one or more second packet matching criteria. 5 . The security policy management server of claim 1 , wherein the instructions, when executed by the one or more processors, cause the security policy management server to determine that the first portion of the one or more network addresses provided by the first malicious host tracker service of the plurality of malicious host tracker services and the second portion of the one or more network addresses provided by the second malicious host tracker service of the plurality of malicious host tracker services are correlated by causing the security policy management server to: determine that at least a first network address of the first portion of the one or more network addresses is a duplicate of at least a second network address of the second portion of the one or more network addresses. 6 . The security policy management server of claim 1 , wherein the instructions, when executed by the one or more processors, cause the security policy management server to determine that the first portion of the one or more network addresses provided by the first malicious host tracker service of the plurality of malicious host tracker services and the second portion of the one or more network addresses provided by the second malicious host tracker service of the plurality of malicious host tracker services are correlated by causing the security policy management server to: determine that a first range of network addresses of the first portion of the one or more network addresses overlaps a second range of network addresses of the second portion of the one or more network addresses. 7 . The security policy management server of claim 1 , wherein the one or more packet matching criteria comprise: a set of network addresses; and a session initiation protocol uniform resource identifier. 8 . The security policy management server of claim 1 , wherein the one or more packet matching criteria comprises a range of network addresses that encompasses the first portion of the one or more network addresses and the second portion of the one or more network addresses. 9 . A method comprising: receiving, by a security policy management server and from a plurality of malicious host tracker services, one or more network addresses identifying one or more malicious hosts that have been determined, by at least one of the plurality of malicious host tracker services, to have transmitted malicious network traffic; determining that a first portion of the one or more network addresses provided by a first malicious host tracker service of the plurality of malicious host tracker services and a second portion of the one or more network addresses provided by a second malicious host tracker service of the plurality of malicious host tracker services are correlated based on comparing the first portion of the one or more network addresses and the second portion of the one or more network addresses; automatically create, based on receiving the one or more network addresses and based on the first portion of the one or more network addresses being correlated with the second portion of the one or more network addresses, a packet filtering rule for a dynamic security policy, wherein the packet filtering rule comprises: one or more packet matching criteria that encompasses the first portion of the one or more network addresses and the second portion of the one or more network addresses, and one or more corresponding packet transformation functions that are applicable to packets matching the one or more packet matching criteria; and sending, to a packet security gateway located at boundary between a first network protected by the packet security gateway and a second network, the packet filtering rule for the dynamic security policy, wherein the packet filtering rule is configured to cause the packet security gateway to: encapsulate each of one or more packets corresponding to the one or