In these years, rapid development of internet to help the enterprises make the information exchange easier amount their inner departments but also make the abnormal event driven by hacker more frequent. Because the intrusion method is to change with each passing day, we encounter a tough challenge to network security problem. In order to protect their own important enterprise resources and information, enterprises purchase more and more information security system to defense the attack from outside. However, we can detect and control the network environment using network devices and information security systems by logging all users’ behaviors while the information security event was happened but not real-time be aware of the situation. The administrator usually finds the network problem until a great amount of complaint by user and then confirms what the problem is and why the problem happened. Hence, based on above requirement, this paper will construct an agent-based detection and control model, including two kinds of gateways. One is detection and control gateway and another is information security exchange gateway, and using XML format to be data exchange format standard. The Security Operation Center ( SOC ) is responsible for collecting and supervising the abnormal alert messages sent from subsystem constructed at other areas. In addition, we also design an agent that is responsible for network flow control and command process in order to detect intrusion activities in real-time, meanwhile shows all alert messages on the control screen to let the network administrator aware of the abnormal network event and then deals with those kinds of threat. This model will efficiently enhance the protection mechanism in information operation to make sure information security.