US Patent 11601467 Service provider advanced threat protection

Methods and systems are disclosed for service provider based advanced threat protection. A service provider network may include one or more network devices. The service provider network may be configured to determine network isolation configuration information for a client device, on a local area network (LAN), associated with a client account. The network isolation configuration information may include an identification of trusted network destination and/or untrusted network destinations for the client device. The service provider network may send the network isolation configuration information to the client device. The service provider network may be configured to authenticate a segregated memory space operating on the client device. The service provider network may be configured to allow, based on the network isolation configuration information and on the authentication of the segregated memory space, an application or process operating in the authenticated segregated memory space to communicate with an untrusted network destination.