A company runs an Amazon SageMaker training job in a public subnet within an Amazon VPC. The network is configured to allow seamless data transfer between the SageMaker training job and Amazon S3. Recently, the company detected malicious traffic originating from a specific IP address targeting resources within the VPC. The company needs to block all traffic from this suspicious IP address while ensuring legitimate traffic remains unaffected. Which solution should the company implement to meet this requirement?