Wiz Inc v. Orca Security Ltd

1. Case Identification

• Case #: IPR2024-01109
• Patent #: 11,726,809
• Filed: July 1, 2024
• Petitioner(s): Wiz, Inc.
• Patent Owner(s): Orca Security Ltd.
• Challenged Claims: 1-23

2. Patent Overview

• Title: Securing Virtual Cloud Assets Against Cyber Vulnerabilities
• Brief Description: The ’809 patent discloses methods, systems, and computer-readable media for securing virtual assets in a cloud computing environment. The technology involves determining the location of a virtual disk snapshot, accessing and analyzing that snapshot to identify cyber vulnerabilities, determining a risk level based on those vulnerabilities and the asset's network location, and reporting prioritized alerts.

3. Grounds for Unpatentability

Ground 1: Obviousness over Veselov and Mohanty - Claims 1-10 and 12-23 are obvious over Veselov in view of Mohanty.

• Prior Art Relied Upon: Veselov (Patent 11,216,563) and Mohanty (Patent 9,692,778).
• Core Argument for this Ground:
  • Prior Art Mapping: Petitioner argued that Veselov teaches the core steps of the independent claims, including using a cloud API to determine the location of a virtual disk snapshot, accessing it, and analyzing it to identify security risks like CVEs. However, Petitioner contended Veselov does not explicitly teach correlating vulnerabilities with a network location to determine a risk and then prioritizing alerts based on that risk. Petitioner asserted that Mohanty teaches these missing elements, describing a system that generates prioritized alerts by calculating a score based on vulnerability data and contextual factors, including the asset's network location and its risk to the environment.
  • Motivation to Combine: A POSITA would combine Veselov and Mohanty to achieve predictable results. The primary motivations argued were: (1) to provide more accurate and useful risk assessments for the snapshot-based scanning taught by Veselov by incorporating Mohanty’s context-aware, multi-factor risk analysis, including network location; and (2) to obtain the known benefits of prioritization taught by Mohanty, which facilitates a more efficient response to the most critical security issues identified in Veselov’s scan results.
  • Expectation of Success: Petitioner asserted a POSITA would have a reasonable expectation of success because both references are analogous art in the field of virtual asset security. The techniques of snapshot analysis and network-based risk prioritization were well-known and their combination would involve applying known techniques for their intended purposes without presenting technical challenges or producing unexpected results.

Ground 2: Obviousness over Veselov, Mohanty, and Czarny - Claims 1-10 and 12-23 are obvious over Veselov, Mohanty, and Czarny.

• Prior Art Relied Upon: Veselov (’563 patent), Mohanty (’778 patent), and Czarny (Patent 9,749,349).
• Core Argument for this Ground:
  • Prior Art Mapping: This ground built upon Ground 1, adding Czarny to provide further teachings for certain dependent claims. Specifically, Petitioner argued Czarny teaches more robust methods for "matching installed applications" (claim 1) by describing direct binary-level file comparison and cryptographic hash matching against a database of known vulnerabilities.
  • Motivation to Combine: A POSITA would be motivated to incorporate Czarny’s teachings into the Veselov/Mohanty framework to achieve a more thorough, robust, and flexible vulnerability detection system. Czarny’s binary and hash-based matching techniques were known to be more effective than simple name/version matching for detecting custom or unofficial software.

Grounds 3 & 4: Obviousness over Veselov, Mohanty, and Hutchins - Claim 11 is obvious over Veselov, Mohanty, and Hutchins (with or without Czarny).

• Prior Art Relied Upon: Veselov (’563 patent), Mohanty (’778 patent), and Hutchins (Application # US 2013/0024940).
• Core Argument for this Ground:
  • Prior Art Mapping: These grounds targeted claim 11, which recites mitigating a potential cyber vulnerability by actions such as "quarantining the protected virtual cloud asset." While Veselov and Mohanty teach mitigating vulnerabilities generally, Petitioner argued that Hutchins explicitly teaches this specific remediation step in the context of a similar snapshot-based security analysis. Hutchins discloses creating a snapshot of a VM, analyzing it for malicious code, and then taking a remediating action on the original VM, such as placing it in quarantine.
  • Motivation to Combine: A POSITA would combine Hutchins with the primary combination of Veselov and Mohanty to implement a specific, well-known, and effective remediation step for the vulnerabilities identified. This would provide a complete and predictable security solution, moving from detection and prioritization to concrete mitigation.

4. Key Claim Construction Positions

• "Location" of a Snapshot: Petitioner argued this term should be construed to encompass both virtual locations (e.g., a virtual address) and non-virtual locations. This construction is allegedly supported by the specification's use of "e.g., virtual address," indicating that a virtual address is just one example of a location.
• "[Analyze/Analyzing] the Snapshot": Petitioner argued this term encompasses both direct analysis of the snapshot data as a file and the analysis of a virtual machine (VM) instantiated from that snapshot. This interpretation is based on the specification and the Patent Owner's alleged positions in related litigation.

5. Arguments Regarding Discretionary Denial

• Petitioner argued against discretionary denial under Fintiv, asserting that the parallel district court litigation is at an early stage, with a trial date of March 2, 2026, which is more than 1.5 years after the petition filing and well after the statutory deadline for a Final Written Decision. Petitioner also argued against denial under §325(d), contending that the examiner never considered Mohanty, Czarny, or Hutchins, and that while Veselov was disclosed in an IDS, it was never substantively applied in a rejection or considered in combination with the other references.

6. Relief Requested

• Petitioner requests institution of IPR and cancellation of claims 1-23 of the ’809 patent as unpatentable under 35 U.S.C. §103.