Intelligent quarantine on switch fabric for physical and virtualized infrastructure

What is claimed is: 1 . A method comprising: monitoring data traffic passing into a virtualized network environment including a plurality of virtual machines running on a switch fabric; identifying, at the switch fabric, a network threat introduced into the virtualized network environment through at least a portion of the data traffic passing into the virtualized network environment; and performing one or more remedial measures in the virtualized network environment based on the identification of the network threat in the virtualized network environment. 2 . The method of claim 1 , wherein the switch fabric is a virtualized switch fabric. 3 . The method of claim 1 , further comprising: intercepting the at least a portion of the data traffic introducing the network threat into the virtualized network environment at the switch fabric; and performing the one or more remedial measures while the at least a portion of the data traffic remains in the switch fabric. 4 . The method of claim 3 , wherein performing the one or more remedial measures includes quarantining, in the switch fabric, the at least a portion of the data traffic introducing the network threat in the virtualized network environment. 5 . The method of claim 1 , wherein performing the one or more remedial measures comprises preventing transmission of the at least a portion of the data traffic introducing the network threat to either or both the virtual machines and one or more hypervisors hosting the virtual machines in the virtualized network environment. 6 . The method of claim 1 , wherein the network threat is identified at a first node in the switch fabric, the method further comprising: generating threat information regarding the network threat introduced into the virtualized network environment; and propagating the threat information to one or more additional nodes in the switch fabric distinct from the first node in the switch fabric, wherein the one or more additional nodes in the switch fabric are configured to identify one or more additional network threats introduced into the virtualized network environment based on the threat information. 7 . The method of claim 6 , wherein the first node in the switch fabric receives the at least a portion of the data traffic introducing the network threat as an ingress point for the switch fabric and locally identifies the network threat introduced through the at least a portion of the data traffic received at the first node. 8 . The method of claim 6 , wherein the threat information includes one or a combination of an identification of a type of threat of the network threat, an identification of a source of the at least a portion of the data traffic introducing the network threat into the virtualized network environment, a signature of the at least a portion of the data traffic, and an identification of characteristics of the at least a portion of the data traffic. 9 . The method of claim 1 , further comprising: matching the at least a portion of the data traffic introducing the network threat to a known network threat based on a signature of the at least a portion of the data traffic and a signature of the known network threat; and identifying the network threat in the at least a portion of the data traffic based on a matching of the at least a portion of the data traffic to the known network threat. 10 . The method of claim 9 , wherein the known network threat and the signature of the known network threat are identified previously in one or more network environments. 11 . The method of claim 9 , wherein the at least a portion of the data traffic introducing the network threat is matched to the known network threat locally within the switch fabric based on one or more policies distributed to nodes within the switch fabric. 12 . The method of claim 11 , wherein the one or more policies include the signature of the known network threat. 13 . The method of claim 1 , further comprising identifying the network threat in the at least a portion of the data traffic based on inclusion of one or more characteristics of the at least a portion of the data traffic in a traffic exclusion list associated with the virtualized network environment, wherein the traffic exclusion list specifies one or more characteristics of traffic to refrain from transmitting through the virtualized network environment. 14 . The method of claim 13 , wherein the traffic exclusion list is included in one or more policies distributed to nodes within the switch fabric and one or more nodes within the switch fabric locally identify the network threat in the at least a portion of the data traffic using the traffic exclusion list included in the one or more policies. 15 . A system comprising: one or more processors; and at least one computer-readable storage medium having stored therein instructions which, when executed by the one or more processors, cause the one or more processors to perform operations comprising: monitoring data traffic passing into a virtualized network environment including a plurality of virtual machines running on a switch fabric that is virtualized in the virtualized network environment; identifying, at the switch fabric, a network threat introduced into the virtualized network environment through at least a portion of the data traffic passing into the virtualized network environment; and performing one or more remedial measures in the virtualized network environment based on the identification of the network threat in the virtualized network environment. 16 . The system of claim 15 , wherein the instructions which, when executed by the one or more processors, further cause the one or more processors to perform operations comprising preventing transmission of the at least a portion of the data traffic introducing the network threat to either or both the virtual machines and one or more hypervisors hosting the virtual machines in the virtualized network environment, as part of performing the one or more remedial measures in the virtualized network environment. 17 . The system of claim 15 , wherein the network threat is identified at a first node in the switch fabric and the instructions which, when executed by the one or more processors, further cause the one or more processors to perform operations comprising: generating threat information regarding the network threat introduced into the virtualized network environment; and propagating the threat information to one or more additional nodes in the switch fabric distinct from the first node in the switch fabric, wherein the one or more additional nodes in the switch fabric are configured to identify one or more additional network threats introduced into the virtualized network environment based on the threat information. 18 . The system of claim 15 , wherein the instructions which, when executed by the one or more processors, further cause the one or more processors to perform operations comprising: matching the at least a portion of the data traffic introducing the network threat to a known network threat based on a signature of the at least a portion of the data traffic and a signature of the known network threat; and identifying the network threat in the at least a portion of the data traffic based on a matching of the at least a portion of the data traffic to the known network threat. 19 . The system of claim 18 , wherein the at least a portion of the data traffic introducing the network threat is matched to the known network threat locally w