A network node in a distributed network employs a surface immunoglobulin program to monitor other nodes in the distributed network and generate an alert upon detecting a suspicious activity; and pushes a free-antibody program to a requesting node petitioning to access the distributed network. The free-antibody program can include a software agent that monitors the requesting node. The free-antibody program reports detected malware and/or suspicious activity to the surface immunoglobulin program, which can enact countermeasures against the requesting node. The network node's role is based on a hierarchy of trustworthiness levels, wherein it performs at least one of monitoring other nodes, sending alerts when anomalous behavior is detected, transmitting the free-antibody software program to the requesting node, updating defensive programs, participating in consensus-based threat analysis with other nodes, identifying threats, tagging suspicious nodes, and performing countermeasures against identified threats.