Netskope Inc v. Fortinet Inc

I. Executive Summary and Procedural Information

• Parties & Counsel:
  • Plaintiff: Netskope, Inc. (Delaware)
  • Defendant: Fortinet, Inc. (Delaware)
  • Plaintiff’s Counsel: Perkins Coie LLP
• Case Identification: 3:22-cv-01852, N.D. Cal., 07/12/2022
• Venue Allegations: Plaintiff alleges venue is proper in the Northern District of California because Defendant Fortinet maintains its principal place of business within the district.
• Core Dispute: Plaintiff seeks a declaratory judgment that its cloud-security platform does not infringe three patents owned by Defendant related to data leak prevention and centralized network security management.
• Technical Context: The dispute is in the field of enterprise network security, focusing on modern cloud-based architectures like Secure Access Service Edge (SASE) and technologies for Data Loss Prevention (DLP).
• Key Procedural History: The complaint alleges that this declaratory judgment action was filed after months of licensing negotiations during which Fortinet repeatedly threatened litigation but allegedly refused to provide claim charts or identify the specific products and claims at issue. The First Amended Complaint, analyzed here, was filed to remove declaratory judgment claims on three of the six originally identified patents after Fortinet provided Plaintiff with a covenant not to sue on those specific patents.

Case Timeline

Date	Event
2009-08-28	U.S. Patent No. 8,793,151 Priority Date
2012-06-28	U.S. Patent No. 10,237,282 Priority Date
2013-06-05	U.S. Patent No. 9,197,601 Priority Date
2014-09-10	U.S. Patent No. 9,225,734 Priority Date
2017-05-31	U.S. Patent No. 11,032,301 Priority Date
2018-05-10	U.S. Patent No. 10,826,941 Priority Date
2019-03-19	U.S. Patent No. 10,237,282 Issued
2020-11-03	U.S. Patent No. 10,826,941 Issued
2021-06-08	U.S. Patent No. 11,032,301 Issued
2021-10-22	Fortinet sends letter to Netskope accusing infringement of three patents
2022-07-12	First Amended Complaint for Declaratory Judgment Filed

II. Technology and Patent(s)-in-Suit Analysis

U.S. Patent No. 10,237,282 - “Data Leak Protection”

The Invention Explained

• Problem Addressed: The patent describes the challenge of preventing the intentional or accidental leakage of confidential information from an organization’s network, particularly when users can easily copy and transmit digital data. (’282 Patent, col. 1:40-52).
• The Patented Solution: The invention proposes a network security device that uses digital "watermarks" embedded in files to control their transmission. The device maintains a database of filtering rules, where each rule links a specific watermark value to a set of network services (e.g., email, instant messaging) and a corresponding action (e.g., block, log). When an outbound file is detected, the device identifies its watermark, checks for a matching rule that is active for the specific network service being used, and performs the specified action. (’282 Patent, Abstract; col. 2:1-21).
• Technical Importance: This technology provides a granular, policy-based method for enforcing data loss prevention rules that depend on both the data's sensitivity level (indicated by the watermark) and the channel through which it is being transmitted. (’282 Patent, Abstract).

Key Claims at a Glance

• The complaint asserts non-infringement of independent claims 1 and 11 (Compl. ¶283).
• Claim 1 (method) requires:
  • Maintaining a filter database with a plurality of filtering rules on a network security device.
  • Each filtering rule specifying a watermark value, a set of network services for which the rule is active, and an action to be taken.
  • Receiving outbound network traffic containing a file associated with a particular network service.
  • Identifying a watermark value embedded within the file.
  • Determining if a filtering rule exists that matches the identified watermark and is active for the particular network service.
  • Performing the specified action if such a rule exists.
• The complaint states that Netskope services, including its dependent claims, do not infringe (Compl. ¶¶ 284, 285).

U.S. Patent No. 10,826,941 - “Systems and methods for centrally managed host and network firewall services”

The Invention Explained

• Problem Addressed: The patent describes that traditional network security, which relies on firewalls at the corporate perimeter, has become inefficient as workforces have become distributed and applications have moved to the cloud, leading to management complexity and unreliable traffic routing. (’941 Patent, col. 1:20-52).
• The Patented Solution: The invention discloses a remote, centralized system for protecting an enterprise network. This system controls both communications entering and leaving the network ("to and from") and connections between devices within the network ("endpoint to endpoint"), all according to a single set of security policies. When an administrator requests a policy change, the system generates a "policy digest" representing the modifications, retrieves it, and generates calls to system components to implement the updated controls. (’941 Patent, Abstract; col. 2:1-17).
• Technical Importance: This approach provides a unified, cloud-managed security policy that integrates perimeter defense with internal network segmentation, aiming to simplify security management for modern, distributed organizations. (’941 Patent, col. 1:53-65).

Key Claims at a Glance

• The complaint asserts non-infringement of independent claims 1 and 12 (Compl. ¶311).
• Claim 1 (method) requires, at a remote system:
  • Controlling communications to and from the enterprise network based on security policies.
  • Controlling endpoint-to-endpoint connections within the enterprise network based on the same security policies.
  • Receiving a request to modify the policies.
  • Automatically generating and storing a "policy digest" comprising the modifications.
  • Retrieving the policy digest.
  • Generating calls to system components that control communications.
  • Modifying control of the communications based on those calls.
• The complaint states that Netskope services, including its dependent claims, do not infringe (Compl. ¶¶ 312, 313).

U.S. Patent No. 9,197,601 - “System and method for providing a single global borderless virtual perimeter through distributed points of presence”

• Technology Synopsis: The patent addresses the difficulty of securing modern, distributed computer platforms that extend beyond traditional data centers (’601 Patent, col. 1:19-33). The proposed solution is a network of "Perimeter Points of Presence" (P/PoPs) that create a customizable "virtual perimeter" by processing data traffic through selectable service systems according to a defined policy (’601 Patent, Abstract).
• Asserted Claims: Independent claims 1 and 18 (Compl. ¶297).
• Accused Features: The complaint identifies Netskope's NewEdge services as the subject of any potential infringement allegation for this patent (Compl. ¶293).

III. The Accused Instrumentality

Product Identification

• The complaint identifies Netskope's cloud-security platform, including its Data Loss Prevention (DLP), behavior analytics, NewEdge, and Cloud Inline services (Compl. ¶¶ 279, 293, 307).

Functionality and Market Context

• The complaint describes the accused instrumentalities as a comprehensive, cloud-based security platform that monitors user activity, protects confidential information from loss or exfiltration (DLP), and manages network traffic (Compl. ¶¶ 9, 11-13). Netskope’s NewEdge service is described as a Secure Access Service Edge (SASE) system, and its Cloud Inline services are described as managing traffic between a client and a server (Compl. ¶¶ 298, 312).
• Netskope alleges it is a "market leader" and innovator, citing its recognition in industry reports (Compl. ¶¶ 7, 16). The complaint provides a February 2022 Gartner Magic Quadrant for Security Service Edge, which shows Netskope positioned in the "Leaders" quadrant (Compl. ¶33, Figure 1 at p. 7).

IV. Analysis of Infringement Allegations

Netskope's complaint seeks a declaratory judgment of non-infringement. The following tables summarize Netskope's asserted theories of non-infringement for the lead patents.

• 10,237,282 Infringement Allegations

Claim Element (from Independent Claim 1)	Alleged Non-Infringing Functionality	Complaint Citation	Patent Citation
maintaining... a filter database containing a plurality of filtering rules, wherein each filtering rule of the plurality of filtering rules specifies a watermark value...	Netskope services include at least one filtering rule (e.g., a default profile) that does not specify a watermark value and/or network services.	¶284	col. 2:1-4

• 10,826,941 Infringement Allegations

Claim Element (from Independent Claim 1)	Alleged Non-Infringing Functionality	Complaint Citation	Patent Citation
controlling endpoint to endpoint connections within the enterprise network according to the set of security policies.	Netskope services like Netskope Cloud Inline services manage traffic between a client and server.	¶312	col. 2:5-7

• Identified Points of Contention:
  • Scope Questions: For the ’941 Patent, a central dispute may involve the interpretation of "controlling endpoint to endpoint connections within the enterprise network." The complaint’s assertion that its services manage "traffic between a client and server" raises the question of whether this functionality falls within the scope of the claim, or if the claim is limited to a different type of connection, such as peer-to-peer traffic between workstations.
  • Technical Questions: For the ’282 Patent, the dispute may turn on a factual and definitional question. Netskope’s non-infringement theory appears to rely on its system containing at least one filtering rule that does not specify a watermark value. This raises the question of whether the claim language "each filtering rule of the plurality of filtering rules specifies a watermark value" requires every rule in the database to specify a watermark, or merely requires the presence of a plurality of rules that do.

V. Key Claim Terms for Construction

• The Term: "each filtering rule... specifies a watermark value" (from Claim 1 of the ’282 Patent)

• Context and Importance: This term is central because Netskope's non-infringement theory is that its DLP services include a "default profile" that does not specify a watermark, thereby failing to meet the "each" requirement (Compl. ¶284). The construction of "each" and the scope of "plurality of filtering rules" will be critical.

• Intrinsic Evidence for Interpretation:

  • Evidence for a Broader Interpretation: The patent's overall focus is on a system for watermark-based DLP (’282 Patent, Abstract). A party might argue that the "plurality of filtering rules" refers to the collection of rules that implement this core watermarking function, and that the presence of other, unrelated rule types (like a default profile) is irrelevant to the claimed invention.
  • Evidence for a Narrower Interpretation: The plain language of Claim 1 recites "a filter database containing a plurality of filtering rules," and then states that "each filtering rule of the plurality... specifies a watermark value" (’282 Patent, col. 12:51-54). This language may support an interpretation that every rule within the claimed plurality must contain a watermark element.

• The Term: "controlling endpoint to endpoint connections within the enterprise network" (from Claim 1 of the ’941 Patent)

• Context and Importance: This term's scope is critical to determining whether Netskope's SASE and Cloud Inline services, which it describes as managing "traffic between a client and server," perform the claimed function (Compl. ¶312).

• Intrinsic Evidence for Interpretation:

  • Evidence for a Broader Interpretation: The patent describes its goal as protecting "enterprise networks" as workforces become distributed and applications move to the cloud (’941 Patent, col. 1:20-31). A party could argue that in this context, "endpoints" should be construed broadly to include clients and servers, as client-server communication is a primary form of traffic within a modern enterprise network.
  • Evidence for a Narrower Interpretation: The specification’s distinction between controlling communications "to and from the enterprise network" and controlling connections "within the enterprise network" may suggest that "endpoint to endpoint" refers specifically to internal, peer-to-peer traffic, as distinct from client-server traffic that might cross the network perimeter to reach a cloud application.

VI. Other Allegations

• Indirect Infringement: In each count, the complaint requests a declaration that Netskope does not "directly or indirectly infringe" the patent-in-suit (Compl. ¶¶ 231, 275, 289, 301, 317). The non-infringement arguments are based on the alleged absence of required claim elements in Netskope's products. If successful, such arguments would likely defeat claims for both direct and indirect infringement.

VII. Analyst’s Conclusion: Key Questions for the Case

• A core issue will be one of definitional scope: does the '941 Patent’s claim to control "endpoint to endpoint connections within the enterprise network" read on a system that manages "traffic between a client and server," as Netskope describes its products, or does this represent a fundamental technical distinction?
• A key question of claim interpretation will concern the '282 Patent: does the requirement that "each filtering rule" specifies a watermark value mean that every rule in an accused system must do so, potentially allowing a single non-conforming "default profile" to avoid infringement, or does it refer only to the specific subset of rules that perform the patented watermarking function?
• A central procedural issue, based on the extensive background provided in the complaint, will be whether the court finds that a justiciable controversy existed at the time of filing that was ripe for a declaratory judgment action, particularly given Fortinet’s alleged refusal to provide specific infringement details pre-suit.