Wiz Inc v. Orca Security Ltd

1. Case Identification

• Case #: IPR2025-00442
• Patent #: 11,627,154
• Filed: January 17, 2025
• Petitioner(s): Wiz, Inc.
• Patent Owner(s): Orca Security Ltd.
• Challenged Claims: 1-20

2. Patent Overview

• Title: Graphical User Interface System for Attack Vector Visualizations
• Brief Description: The ’154 patent describes a system and method for cybersecurity in a cloud environment. The system identifies assets and their relationships, analyzes them to determine potential attack paths from outside the environment (forward analysis) and subsequent exposure risks to downstream assets (backward analysis), and presents these paths visually in a graphical user interface.

3. Grounds for Unpatentability

Ground 1: Obviousness over Keren and Morgan - Claims 1-20 are obvious over Keren in view of Morgan.

• Prior Art Relied Upon: Keren (Patent 11,374,982) and Morgan (Patent 12,015,631).

• Core Argument for this Ground:

  • Prior Art Mapping: Petitioner argued that the combination of Keren and Morgan teaches or suggests all limitations of the challenged claims. Keren disclosed a cybersecurity system that identifies assets ("security objects") in a cloud environment, determines their network relationships, calculates their "reachability property" from external networks like the internet, and presents the network topology in an interactive graphical user interface. Keren’s system thus provided a foundational framework for visualizing network paths to and from specific assets. However, Petitioner contended Keren focused on network connectivity and reachability without explicitly analyzing paths based on exploitable vulnerabilities.

  Morgan addressed this gap by teaching a risk management system that identifies specific vulnerabilities (e.g., CVEs) and generates a "threat graph" showing the actual pathways an attacker could exploit to move through a network and access sensitive assets. Morgan’s system performed a forward analysis by identifying attack vectors from an external entity to a target asset and a backward analysis by showing how an attacker, after compromising one asset, could move laterally to compromise downstream assets. The combination, therefore, taught a system that identifies assets and relationships (Keren), performs forward and backward analysis of exploitable attack vectors (Morgan), and presents the results in a graphical user interface (Keren, Morgan). This combination allegedly met the limitations of independent claims 1, 14, and 20, with the dependent claims adding only conventional and well-known features also taught by the combination.

  • Motivation to Combine (for §103 grounds): Petitioner asserted a person of ordinary skill in the art (POSITA) would combine Keren and Morgan to improve the security posture of the cloud environment. A POSITA would have recognized that Keren's system, while useful for visualizing network topology, provided an incomplete picture of risk because reachability alone does not confirm exploitability. Morgan’s teachings on vulnerability-based attack path analysis would be a logical and desirable enhancement to Keren’s system, allowing it to more accurately identify and visualize true security risks, which would in turn aid network administrators in prioritizing remediation efforts.

  • Expectation of Success (for §103 grounds): A POSITA would have had a reasonable expectation of success in combining the references. Keren provided the necessary foundational framework, including asset identification, network mapping, and an interactive GUI. Integrating Morgan's well-known techniques for vulnerability scanning and attack path generation into Keren’s system would have been a predictable implementation of known functions to achieve an improved, but expected, result without meaningful technical challenges.

4. Arguments Regarding Discretionary Denial

• Petitioner argued against discretionary denial under 35 U.S.C. §325(d), asserting that the primary prior art references, Keren and Morgan, were never presented to or considered by the USPTO during the original prosecution. Petitioner further contended that the references were not cumulative to the art of record and that the Examiner committed material error by allowing the claims without any substantive rejection under 35 U.S.C. §102 or §103, instead merely copying and pasting claim language as the reason for allowance.

5. Relief Requested

• Petitioner requests institution of inter partes review and cancellation of claims 1-20 of Patent 11,627,154 as unpatentable.