Mitigating network security threats through a self-quarantining network is disclosed. Traffic received from a local source via a physical port is monitored. If a threat is detected, traffic associated with the physical port is restricted. In some embodiments, the monitoring includes one or more of performing a signature check on the traffic, applying statistical analysis to the traffic, performing protocol analysis on the traffic, and aggregating information about the traffic with information about traffic from an outside source.