1. A method comprising:intercepting, at a network traffic hub within a local network, a message from a smart appliance to receive an internet address, the smart appliance being communicatively connected to the local network via a switch and configured to receive information from outside the local network, the message being sent through the switch, the network traffic hub being configured within the local network to intercept network traffic between the switch and a router;
transmitting, by the network traffic hub, the message from the network traffic hub to the router;
intercepting, at the network traffic hub, a response from the router, the response comprising an internet address and a netmask;
modifying the netmask in the response such that subsequent intra-network traffic sent from the smart appliance directly to a second smart appliance within the local network via the switch and without leaving the local network is instead sent to the network traffic hub, the second smart appliance different from the network traffic hub, the switch, and the router;
transmitting, from the network traffic hub, the response with the modified netmask to the smart appliance;
receiving, at the network traffic hub, communications from the smart appliance intended for the second smart appliance and forwarding the received communications to a remote server;
determining, by the network traffic hub, that the smart appliance is exhibiting malicious behavior resulting from embedded malicious code based on an analysis of the received communications, the analysis received from the remote server; and
in response to determining that the smart appliance is exhibiting malicious behavior resulting from embedded malicious code, quarantining the smart appliance by preventing the communications from being received by the second smart appliance and by blocking subsequent traffic sent from and to the smart appliance.