Intelligent workflow for protecting servers from outside threats

What is claimed is: 1 . A method, comprising: monitoring, by a computing device, network communications to a server; determining, by the computing device, a threat to the server based on the monitoring; determining, by the computing device, a risk level of the threat; selecting, by the computing device, a response to the threat based on the determined risk level, wherein the response is selected from a predefined set of responses; initiating, by the computing device, the selected response. 2 . The method of claim 1 , wherein the predefined set of responses comprises: blocking network communication to the server; switching the server to a different network; and sending network communications to a device associated with the threat. 3 . The method of claim 1 , wherein the risk level is determined based on a type of the threat. 4 . The method of claim 3 , wherein the type of threat is one of: transaction volume exceeds a predefined threshold; non-compliant device; and unknown device. 5 . The method of claim 4 , further comprising determining the threshold by analyzing historic network traffic data of the server using machine learning. 6 . The method of claim 5 , wherein the threshold is one of plural thresholds, and further comprising determining respective ones of the plural thresholds for respective applications on the server. 7 . The method of claim 4 , further comprising determining a device is a non-compliant device by comparing security software of the device to predefined standards. 8 . The method of claim 4 , further comprising determining a device is an unknown device based on a MAC address or an IP address of the device. 9 . The method of claim 1 , wherein the risk level is determined based on a type of the threat and a predefined value of data stored at the server. 10 . The method of claim 9 , wherein: the type of threat is one of: transaction volume exceeds a predefined threshold; non- compliant device; and unknown device; and the predefined value of data is one of low value and high value. 11 . The method of claim 1 , wherein the monitoring comprises network traffic analysis. 12 . The method of claim 1 , wherein the monitoring comprises tracking of volumes and transactions and evaluating firewall traffic. 13 . A computer program product comprising one or more computer readable storage media having program instructions collectively stored on the one or more computer readable storage media, the program instructions executable to: monitor network communications to a server; determine a threat to the server based on the monitoring; determine a risk level of the threat; select a response to the threat based on the determined risk level, wherein the response is selected from a predefined set of responses comprising: blocking network communication to the server; switching the server to a different network; and sending network communications to a device associated with the threat; and initiate the selected response. 14 . The computer program product of claim 13 , wherein: the risk level is a first risk level based on the threat being a transaction volume that exceeds a predefined threshold; the risk level is a second risk level based on the threat being a non-compliant device; the risk level is a third risk level based on the threat being and unknown device. 15 . The computer program product of claim 14 , wherein the program instructions are executable to determine the threshold by analyzing historic network traffic data of the server using machine learning. 16 . The computer program product of claim 14 , wherein the program instructions are executable to determine a device is a non-compliant device by comparing security software of the device to predefined standards. 17 . The computer program product of claim 14 , wherein the program instructions are executable to determine a device is an unknown device based on a MAC address or an IP address of the device. 18 . The computer program product of claim 13 , wherein the risk level is determined based on a type of the threat and a predefined value of data stored at the server. 19 . A system comprising: a processor, a computer readable memory, one or more computer readable storage media, and program instructions collectively stored on the one or more computer readable storage media, the program instructions executable to: monitor network communications to a server; determine a threat to the server based on the monitoring; determine a risk level of the threat based on a type of the threat; select a response to the threat based on the determined risk level, wherein the response is selected from a predefined set of responses comprising: blocking network communication to the server; switching the server to a different network; and sending network communications to a device associated with the threat; and initiate the selected response. 20 . The system of claim 19 , wherein the program instructions are executable to: determine the threshold by analyzing historic network traffic data of the server using machine learning; determine a device is a non-compliant device by comparing security software of the device to predefined standards; and determine a device is an unknown device based on a MAC address or an IP address of the device.