The scenario describes a need to dynamically assess and act on a sudden influx of SPAM. The Cisco Email Security Appliance (ESA) is the designated solution for email-based threats. The ESA's Outbreak Filters feature is specifically designed for this purpose. It analyzes aggregated traffic data and message attributes in real-time to identify emerging threats like spam campaigns before traditional signatures are available. Based on this dynamic analysis of traffic, Outbreak Filters can modify the policy action for suspicious messages, such as quarantining them for further inspection, thus fulfilling the requirement to "take action" and "modify policies based on the traffic seen."

A. The Cisco Web Security Appliance (WSA) is designed to secure web traffic and is not the appropriate tool for managing email-based SPAM threats.

B. While the ESA does receive real-time updates from Talos, this option only describes the reception of intelligence, not the dynamic policy action based on traffic analysis.

C. The Cisco Web Security Appliance (WSA) is not the primary solution for handling SPAM; its focus is on web security, not email security.

---

1. Cisco Secure Email and Web Manager Configuration Guide

14.2

Chapter: Fighting Viruses and Malware

Section: About Outbreak Filters.

"Outbreak Filters protects your network from large-scale outbreaks and other virus and blended attacks... When a message is identified as a possible threat

Outbreak Filters can temporarily quarantine the message for further analysis... Outbreak Filters uses data from the Cisco Talos Security Intelligence and Research Group (Talos) and other sources to determine a 'threat level' for a particular message." This document confirms that the ESA (managed via the Secure Email and Web Manager) uses Outbreak Filters to dynamically analyze and take action (quarantine) on messages based on threat levels derived from traffic analysis.

2. Cisco Email Security Appliance (ESA) Data Sheet.

Under the "Advanced Malware Protection" and "Spam Protection" sections

the data sheet describes the multi-layered defense approach. It states

"Cisco Advanced Malware Protection (AMP) is included... It provides... file reputation

and file sandboxing... Outbreak Filters provide a critical first layer of defense against new threats." This confirms the ESA is the correct product and Outbreak Filters is a key feature for handling new

dynamic threats like a sudden SPAM wave.

3. Cisco Talos Intelligence Group

"What is Talos?".

"Talos underpins the entire Cisco Security portfolio

providing industry-leading visibility

context

and analysis... This intelligence is fed back into our products

protecting customers against the latest threats." This source verifies that Talos provides the intelligence

but the appliance (in this case

the ESA) is what must be configured to use that intelligence to take action on traffic.