Outbreak Filters protects your network from large-scale virus outbreaks and smaller, non-viral attacks,
such as phishing scams and malware distribution, as they occur. Unlike most anti-malware security
software, which cannot detect new outbreaks until data is collected and a software update is published,
Cisco gathers data on outbreaks as they spread and sends updated information to your Email Security
appliance in real-time to prevent these messages from reaching your users.

Cisco uses global traffic patterns to develop rules that determine if an incoming message is safe or part
of an outbreak. Messages that may be part of an outbreak are quarantined until they’re determined to be
safe based on updated outbreak information from Cisco or new anti-virus definitions are published by
Sophos and McAfee.

Messages used in small-scale, non-viral attacks use a legitimate-looking design, the recipient’s
information, and custom URLs that point to phishing and malware websites that have been online only
for a short period of time and are unknown to web security services. Outbreak Filters analyzes a
message’s content and searches for URL links to detect this type of non-viral attack. Outbreak Filters
can rewrite URLs to redirect traffic to potentially harmful websites through a web security proxy, which
either warns users that the website they are attempting to access may be malicious or blocks the website
completely.

How Outbreak Filters Work

Delaying, Redirecting, and Modifying Messages

The Outbreak Filters feature uses three tactics to protect your users from outbreaks: