Network Associates Laboratories research focused on three fundamental challenges for practically deploying non-bypassable system-call and library-call wrappers across an enterprise: 1) How to securely manage multi-platform, multi-vendor wrapper configurations over a network, 2) How to manage data flow, using both "push" and "pull" models, to facilitate intelligent, network-wide detection and response capabilities, and 3) How to write wrappers that take advantage of their new, networked environment without burdening the wrapper writer with system- and network-specific details.To meet these challenges, we: 1) Identified extensions to our Wrapper Definition Language (WDL), database, and Wrapper Query Language (WQL) to permit high-level, abstract interactions with networked components, 2) Developed policy specification, built a technology base, created APIs for host and network controllers, developed a new GUI, updated the wrappers, and demonstrated the new policy function, and 3) Developed a boundary controller and other cross-platform components for interoperability.The results provide an architecture and prototype implementation for enforcing security policies at system-call and library-call levels across platforms and throughout an enterprise.