receiving a report of malicious network traffic observed by first network equipment operating in a first communication network, wherein the report indicates a second communication network distinct from the first communication network as an originating network of the malicious network traffic;

in response to the receiving of the report, identifying second network equipment operating in the second communication network as a source of the malicious network traffic;

based on the identifying, blocking, via a network controller device of a third communication network, first communications from the second network equipment from reaching the first communication network via a first link directly coupling the first communication network and the second communication network for a first defined time interval, wherein the third communication network is distinct from each of the first communication network and the second communication network;

based on the identifying, blocking, via the network controller device of the third communication network, second communications from the second network equipment from reaching the third communication network for the first defined time interval; and

in response to determining that the malicious network traffic from the second network equipment has not discontinued at an expiration of the first defined time interval, blocking the second network equipment from transmitting network traffic outside of the second communication network for a second defined time interval, wherein a duration of the second defined time interval as measured from the expiration of the first defined time interval is longer than a duration of the first defined time interval.