Systems and methods for a unified, cloud-managed platform for controlling enterprise network security are provided. According to one embodiment, a network of an enterprise is protected by a cloud-managed platform. An underlying architecture of the cloud-managed platform is abstracted by providing a portal through which modifications to security policies are expressed as business requirements of the enterprise. The security policies are automatically enforced regardless of location or endpoint. A policy digest, including information regarding the modifications and formatted according to a predefined format, generated and locally queued by the portal is retrieved. Security enforcement systems associated with the cloud-managed platform are configured to control communications to and from the network according to the security policies by generating API calls to the security enforcement systems and agents running on endpoints associated with the network are configured to control endpoint-to-endpoint connections according to the security policies based on the policy digest.