Having Problems with Lots of Spam Passing through Cisco Cloud Email Security Since Last Week?

If you're having problems where a lot of messages that Cisco Cloud Email Security would normally filter out have been coming in, it appears to be the result of an upgrade gone wrong. In our case, it took a P1 ticket to get resolved.

We found evidence of an issue by looking at the incoming mail policies (accessible by going to Mail Polices > Incoming Mail Policies):

You will notice that the Anti-Spam, Anti-Virus, and Graymail columns are all showing "Not Available". That is because they are all disabled. These all need to be enabled to get things working normally again.

When we accessed the Cisco IronPort Anti-Spam settings, it showed that it was globally turned off. (This can be accessed by going to Security Services > IronPort Anti-Spam).

However, we were completely unable to turn anything on, regardless of access level (I'm a Cloud Administrator, but my coworker is an Administrator).

The cause of the problem: Cisco upgrading our appliance, and it turned out the feature keys somehow got blown out. In setting them back in, there is a requirement of accepting an End User License Agreement. Somewhere within this area is where Cisco failed to properly handle things.

Resolving this required creating a ticket with Cisco (initially a P3 ticket, which eventually got escalated to P1). If you're seeing yourself with this exact same issue, know you're not alone. Hopefully, Cisco fixes this for all of their CES customers in one swoop, but just watch out for this just in case. 

This problem started this past Friday morning for us but has just gotten resolved as I'm creating this post. While getting the ticket resolved, I highly recommend requesting that Cisco adds an email address from your organization to Atlas so that you're notified of when upgrades are planned to take place.