A method and associated systems for isolating a source of an attack that originates from a shared computing environment. A computer-security system tags outgoing packets originating from within the shared computing environment in a tamper-proof manner in order to identify which tenant of the shared environment is the true source of each packet. If one of those tenants transmits malicious packets to an external recipient, either because the tenant has malicious intent or becomes infected with malware, the transmitted malicious packets' tags allow the recipient to determine which tenant is the source of the unwanted transmissions. The recipient may then block further communications from the problematic tenant without blocking communications from other tenants of the shared environment.