An automated arrangement for detecting adversaries is provided in which assessments of detected adversaries are reported to a reputation service from security devices, such as unified threat management systems in deployed customer networks. By using actual deployed networks, the number of available sensors can be very large to increase the scope of the adversary detection, while still observing real attacks and threats including those that are targeted to small sets of customers. The reputation service performs a number of correlations and validations on the received assessments to then return a reputation back to the security device in the enterprise network that can be used for blocking adversaries, but only when multiple, distinct sources report the same adversary in their assessments to thus ensure that the reputation is accurate and reliable.