Wiz Inc v. Orca Security Ltd

1. Case Identification

• Case #: IPR2024-00864
• Patent #: 11,663,032
• Filed: May 24, 2024
• Petitioner(s): Wiz, Inc.
• Patent Owner(s): Orca Security Ltd.
• Challenged Claims: 1-25

2. Patent Overview

• Title: Securing Virtual Cloud Assets Against Cyber Vulnerabilities
• Brief Description: The ’032 patent discloses methods, systems, and computer-readable media for securing virtual assets in a cloud computing environment. The technology involves locating and accessing a snapshot of a virtual disk, analyzing the snapshot to identify vulnerabilities by matching installed applications against a known list, and then prioritizing and reporting those vulnerabilities based on whether the applications are in use.

3. Grounds for Unpatentability

Ground 1: Claims 1-11 and 13-25 are obvious over Veselov in view of Hufsmith.

• Prior Art Relied Upon: Veselov (Patent 11,216,563) and Hufsmith (Application # 2020/0097662).
• Core Argument for this Ground: Petitioner argued that Veselov taught the foundational method of snapshot-based security analysis, including locating, accessing, and analyzing a snapshot to identify vulnerabilities. However, Veselov did not explicitly teach prioritizing alerts based on application usage. Hufsmith supplied this missing element, teaching the well-known technique of prioritizing vulnerabilities based on whether the associated code is active or dormant.
  • Prior Art Mapping: Petitioner asserted that Veselov disclosed the core limitations of the independent claims, such as determining the location of a virtual disk snapshot using a cloud environment API, accessing the snapshot, analyzing it for vulnerabilities (e.g., CVEs), and reporting the results. Petitioner contended that Hufsmith taught the remaining key limitations by disclosing a security assessment process that determines whether an application is used (i.e., active versus "dormant code") and then adjusts the priority of associated vulnerabilities, such as by down-weighting risks tied to dormant code.
  • Motivation to Combine: Petitioner argued a person of ordinary skill in the art (POSITA) would combine Veselov and Hufsmith because they are analogous arts addressing security analysis of virtual resources. A POSITA would have been motivated to incorporate Hufsmith’s detailed, usage-based prioritization techniques into Veselov's more general security framework to gain the known benefits of reducing alert fatigue and focusing on the most critical threats, which were predictable improvements.
  • Expectation of Success: Petitioner claimed a POSITA would have had a reasonable expectation of success because both Veselov's snapshot analysis and Hufsmith's usage-based prioritization were well-understood and routinely practiced techniques in the field. Combining them would not have presented significant technical challenges and would have yielded predictable results.

Ground 2: Claim 12 is obvious over Veselov, Hufsmith, and Hutchins.

• Prior Art Relied Upon: Veselov (Patent 11,216,563), Hufsmith (Application # 2020/0097662), and Hutchins (Application # US 2013/0024940).
• Core Argument for this Ground: This ground built upon the combination of Veselov and Hufsmith to address the specific mitigation actions recited in dependent claim 12. Petitioner argued that while Veselov and Hufsmith established the underlying method for identifying and mitigating vulnerabilities (as recited in parent claim 11), Hutchins explicitly taught the specific mitigation step of "quarantining the protected virtual cloud asset."
  • Prior Art Mapping: Petitioner mapped the combination of Veselov and Hufsmith to the limitations of claim 11, which claim 12 depends from. Petitioner then asserted that Hutchins explicitly taught one of the alternative mitigation options in claim 12. Hutchins described a snapshot-based security analysis that, upon detecting malicious code, takes a remedial action that "may include placing the first virtual machine in quarantine."
  • Motivation to Combine: A POSITA would have been motivated to incorporate Hutchins’ teachings because Veselov provided a general framework for remediation without specifying particular actions. Hutchins offered a well-known, concrete remediation step—quarantining—that was a straightforward and effective implementation for Veselov's system. The motivation was to obtain the known benefits of quarantining, such as minimizing a vulnerable asset's exposure and preventing contamination of other network resources.
  • Expectation of Success: Petitioner argued that success was expected because quarantining was a common and routinely practiced technique in cybersecurity. Integrating this well-understood mitigation step into the security process taught by Veselov and Hufsmith would have been a predictable and straightforward task for a POSITA.

4. Key Claim Construction Positions

• "Location of a Snapshot": Petitioner proposed this term should be construed to encompass both virtual locations (e.g., a virtual address) and non-virtual locations. This construction was based on the specification's use of "e.g., virtual address," which Petitioner argued indicated that a virtual address is just one example of a possible location.
• "Analyzing the Snapshot": Petitioner contended this term should encompass both direct analysis of snapshot data (e.g., as a data file) and analysis of a virtual machine (VM) that is instantiated from the snapshot. Petitioner noted that this interpretation is consistent with the patent owner's apparent position in related litigation and that Veselov described both approaches.

5. Arguments Regarding Discretionary Denial

• §314(a) (Fintiv): Petitioner argued against discretionary denial under Fintiv, stating that the parallel district court litigation was in its early stages. The trial was not scheduled to begin until December 8, 2025, which is well over 1.5 years after the filing of the petition and long after a Final Written Decision (FWD) would issue in this inter partes review (IPR).
• §325(d): Petitioner argued that denial was not warranted because the asserted prior art and arguments were not previously considered by the USPTO. While Veselov was listed in an Information Disclosure Statement, it was never substantively discussed or applied in a rejection. The other key references, Hufsmith and Hutchins, were never presented to the examiner at all.

6. Relief Requested

• Petitioner requested institution of an IPR and cancellation of claims 1-25 of the ’032 patent as unpatentable.