PTAB
IPR2021-01328
Forescout Technologies Inc v. Fortinet Inc
Key Events
Petition
1. Case Identification
- Case #: IPR2021-01328
- Patent #: 9,503,421
- Filed: August 11, 2021
- Petitioner(s): Forescout Technologies, Inc.
- Patent Owner(s): Fortinet, Inc.
- Challenged Claims: 1, 4-10, 15, and 18-24
2. Patent Overview
- Title: Security Information and Event Management
- Brief Description: The ’421 patent relates to systems and methods for network security management. It discloses using a Security Information and Event Management (SIEM) device to automatically conduct complex security functions by creating, scheduling, and managing "work flows" that define groups of security tasks to be performed sequentially or concurrently by various security devices on a private network.
3. Grounds for Unpatentability
Ground 1: Obviousness over Thomas - Claims 1, 4-10, 15, and 18-24 are obvious over Thomas.
- Prior Art Relied Upon: Thomas (Patent 10,129,290).
- Core Argument for this Ground: Petitioner argued that Thomas, which addresses dynamic adaptive defense for cyber-security threats, teaches every limitation of the challenged claims. Petitioner asserted that such a complete disclosure, which would anticipate the claims under 35 U.S.C. §102, renders the claims obvious under §103.
- Prior Art Mapping: Petitioner contended that Thomas's "cyber-data management node" is a "hardware device that receives security and event information" and functions as the claimed SIEM device. This node is disclosed as operating within a private corporate network and creating automated "workflows" of device-actions (the claimed "security tasks") to protect the network. Petitioner further argued that Thomas's "activation component" starts and schedules these workflows, and the system collects their results (e.g., success or failure), thereby mapping to all limitations of independent claims 1 and 15.
Ground 2: Obviousness over Thomas in view of Gill - Claims 4-8 and 18-22 are obvious over Thomas in view of Gill.
- Prior Art Relied Upon: Thomas (Patent 10,129,290) and Gill (Application # 2012/0224057).
- Core Argument for this Ground: Petitioner argued that Thomas provides the foundational network security system using workflows, and Gill, which describes "Situational Intelligence" with auto-remediation, provides specific workflow functionalities that render the dependent claims obvious.
- Prior Art Mapping: Petitioner asserted that Gill teaches the specific limitations of the challenged dependent claims. For tasks performed "serially" (claims 4, 18), Gill discloses scheduling functions for consecutive time periods. For determining a task based on prior results (claims 5, 19), Gill's
Map invokecommand specifies outputs of one action as inputs for another. For normalizing results (claims 8, 22), Gill discloses functions to convert data into a standardized format. For parallel execution (claims 7, 21), Gill'sinitiateWorkflowcommand can be used to start multiple workflows concurrently. - Motivation to Combine: A POSITA would combine Thomas and Gill because Thomas broadly allows for "any appropriate automated action" in its workflows, and Gill provides well-understood, specific examples of such actions. Both references address the same problem of improving network security through automated workflows. Petitioner argued that incorporating Gill’s specific command and control functions would be a simple, predictable way to enhance the capabilities of Thomas's system, fulfilling Thomas's stated goal of providing "improved command and control capability."
- Expectation of Success: Petitioner asserted that a POSITA would have a reasonable expectation of success, as combining Gill's known workflow commands into Thomas's system was a predictable application of existing technology to achieve an improved, but expected, result.
- Prior Art Mapping: Petitioner asserted that Gill teaches the specific limitations of the challenged dependent claims. For tasks performed "serially" (claims 4, 18), Gill discloses scheduling functions for consecutive time periods. For determining a task based on prior results (claims 5, 19), Gill's
4. Key Claim Construction Positions
- Petitioner highlighted several disputed claim terms from the co-pending district court litigation. For the term "a work flow," Petitioner proposed a construction of "data that defines a work flow task that contains a group of tasks that may be sequentially or concurrently conducted by one or more security devices." This contrasts with the Patent Owner's proposed construction requiring "a set of security tasks and related logical conditions."
- For "security information and event management (SIEM) [device]," Petitioner proposed "a device that collects logs of security events from external sources for the purposes of identifying problems and/or threats." This differs from the Patent Owner's proposal of a "hardware device that receives security and event information from security devices."
- Petitioner argued that its invalidity contentions succeed even if the Board adopts the Patent Owner's proposed constructions for these and other terms.
5. Arguments Regarding Discretionary Denial
- Petitioner argued that discretionary denial under Fintiv would be inappropriate. The co-pending district court litigation was in its early stages, with no trial date set and no claim construction order issued, creating a strong likelihood that an IPR decision would issue before trial and that the court would grant a stay.
- Petitioner emphasized that the invalidity issues raised in the IPR, based on the Thomas and Gill references, do not overlap with issues raised during prosecution, as neither reference was previously considered by the USPTO. This lack of overlap, combined with the early stage of litigation, was argued to mitigate any concerns of duplicative efforts and weigh in favor of institution.
6. Relief Requested
- Petitioner requests institution of an inter partes review and cancellation of claims 1, 4-10, 15, and 18-24 of the ’421 patent as unpatentable.