The complexity and variability of the network environment make it difficult for systems to detect abnormal behavior or attacks in a timely manner, and the linkage system between different devices cannot effectively achieve data sharing, which makes the network security device linkage system unable to effectively respond to new malicious attacks, resulting in long blocking response time and high packet loss rate. Therefore, in order to improve the security of the network, a network security device linkage system based on echo state network recognition was designed. In the hardware design of the network security device linkage system, an open interface approach is adopted to connect independent firewalls, intrusion detection systems, and other devices through interfaces, achieving information sharing and ensuring effective linkage. NetFlow Collector, Apache Spark, and Snort processing modules are used for information collection, processing, and detection. Then, through the Cobalt Strike device linkage decision-making device, trigger the linkage control mechanism, and use the WatchGuard linkage control platform to achieve network device linkage defense. In software design, to improve the accuracy of anomaly detection, an echo state network is introduced in the Snort processing module to carry out anomaly detection of various device data. Finally, based on the detection results, an improved FUP algorithm is used in the Cobalt Strike device for network security event correlation mining to discover potential attack information and submit it to the policy decision point of the decision-making layer for policy triggering. The policy triggering is completed by retrieving the corresponding processing strategy. Finally, the policy decision point issues the security event processing strategy command to the WatchGuard linkage control platform, thereby completing the linkage operation. According to the test results, the overall blocking response time of the system is only 184s, and the minimum packet loss rate of the system is 0.05, indicating an efficient linkage effect.