A network security monitoring and correlation system for providing a three-dimensional visualization of network traffic overlaid with security alerts and other relevant discrete data. The system may comprise an application server communicably linked to a client. The server functions to retrieve network traffic metadata and relevant discrete data associated with individual computer hosts and connections in the monitored network, process the network traffic data by building a graph data structure, and then embedding within the graph data structure one or more layers of additional information about the individual computer hosts and connections derived from the discrete data. The client functions to produce a three-dimensional visualization of the network environment by parsing the graph data structure received from the server and then spawning computer hosts and connections in the 3-D environment. The client will then add the overlay information to the appropriate hosts or connections, with the overlay information preferably being represented within the 3-D environment as a particular color, shape, size, position, or a changing dynamic value.