PTAB

IPR2025-01084

Orca Security Ltd v. Wiz Inc

Log In
Key Events
Petition
petition

1. Case Identification

2. Patent Overview

  • Title: Systems and Methods for Automated Generation of Unified Graph Models for Network Entities
  • Brief Description: The ’896 patent relates to cybersecurity systems for generating unified graph models of network entities within complex, multi-platform cloud environments. The disclosed methods aim to provide a simplified, integrated representation by collecting data on network entities, "genericizing" them into groups with shared properties, and creating "imputed entities" to model platform-level functionalities that may not be directly exposed.

3. Grounds for Unpatentability

Ground 1: Obviousness over Ross, Agarwal, and Biran - Claims 1-29 are obvious over Ross in view of Agarwal and Biran.

  • Prior Art Relied Upon: Ross (Patent 11,863,580), Agarwal (Patent 9,800,470), and Biran (Patent 10,447,553).
  • Core Argument for this Ground:

    • Prior Art Mapping: Petitioner argued that the combination of Ross, Agarwal, and Biran teaches every limitation of the challenged claims. Ross, the primary reference, was asserted to disclose a foundational system for collecting data from network entities (workloads) across a multi-cloud environment and generating a network graph. However, Ross’s method of grouping entities was described as basic.

      To supply the "genericizing" limitation of claim 1[b], Petitioner relied on Agarwal. Agarwal was argued to expressly teach grouping network entities (e.g., virtual machines) based on collected data and common properties (e.g., security groups, instance tags) to generate "generic network entities" (e.g., node groups). This process creates a more abstract and manageable representation of the cloud environment.

      For the "imputed entity" limitation of claim 1[d], a key feature added during prosecution to overcome prior art, Petitioner argued for a combination of all three references. Ross was said to teach collecting information from a configuration management database (CMDB). Biran was added to teach the discovery of "host-less components"—platform-level services like AWS load balancers that are transparent to the user—and storing information about them in a CMDB. Agarwal was then cited for its teaching that node groups can be created for automatically discovered resources, including virtual load balancers. Petitioner contended that a person of ordinary skill in the art (POSITA) would combine these teachings to group the host-less components discovered via Biran using the grouping logic from Agarwal, thereby creating an "imputed entity" representing an executed platform functionality.

      Finally, Petitioner asserted that the combination of Ross and Agarwal teaches generating and storing a multi-dimensional network graph that provides a representation of the generic entities and their relationships, satisfying claim 1[c]. The dependent claims (2-13 and 16-29) and independent claims 14 (computer-readable medium) and 15 (system) were argued to be obvious for largely the same reasons, as they recite additional conventional features or implement the same method in different statutory forms.

    • Motivation to Combine: Petitioner asserted several motivations for the combination. A POSITA would combine Ross and Agarwal to improve the usability and clarity of Ross's system by implementing Agarwal’s more advanced genericizing and grouping techniques, which simplifies the visualization and management of complex cloud environments. The motivation to add Biran was to create a more complete and accurate service-aware view of the entire cloud infrastructure. By discovering and incorporating Biran’s "host-less" components, the system could model platform-level services that would otherwise be hidden, providing a significant and predictable improvement.

    • Expectation of Success: Petitioner argued that a POSITA would have had a reasonable expectation of success. The combination involved applying known techniques to improve a system in a predictable way, such as adding a known discovery technique (Biran) to a data collection system (Ross) or applying a known grouping method (Agarwal) to collected data. These modifications were presented as straightforward integrations of compatible technologies for their intended purposes.

4. Key Claim Construction Positions

  • Petitioner noted that the parties in a related, stayed district court litigation had agreed on a construction for the key term "imputed entity."
  • "imputed entity": "Generic entity representing a network entity that is integrated into one or more host platforms, or a network entity that is shielded from, or not otherwise exposed to, a system configured to execute network analysis processes and methods".
  • Petitioner argued that this construction, which focuses on entities that are integrated or shielded, is central to its obviousness argument. Specifically, the "host-less components" taught by Biran (e.g., cloud provider load balancers) directly correspond to network entities that are "shielded from, or not otherwise exposed to" the system, and creating a generic group of these components maps directly to the claimed "imputed entity."

5. Relief Requested

  • Petitioner requests institution of an inter partes review and cancellation of claims 1-29 of the ’896 patent as unpatentable.