CLOUD ASSET MISCONFIGURATION RISK DETECTION AND PREVENTION

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This action is responsive to communication received on 10/20/2025. Claims 1-20 are appending of which claims 1, 4, 5, 7, 8, 11, 12, 14, 15, 18 and 19 are amended The Examiner recommends filing a written authorization for Internet communication in response to the present action. Doing so permits the USPTO to communicate with Applicant using Internet email to schedule interviews or discuss other aspects of the application. Without a written authorization in place, the USPTO cannot respond to Internet correspondence received from Applicant. The preferred method of providing authorization is by filing form PTO/SB/439, available at: https://www.uspto.gov/patent/forms/forms. See MPEP § 502.03 for other methods of providing written authorization. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1, 3-5, 7, 8, 10-12, 14, 15, and 17-19 are rejected under 35 U.S.C. 103 as being unpatentable over Lu US 2024/0430303 and further in view of Mortsolf US 2022/0393952. Regarding claims 1, 8 and 15, Lu, teaches a method, non-transitory CRM comprising instructions and system comprising: receiving input to configure a cloud asset via a user interface, wherein the user interface is a web browser interface for a cloud service(user may control modify assets using GUI , ¶71) [0071] The geographic and physical environments (indoor, outdoor) have been demonstrated by the present applicants based on open source map technology (e.g., map client) combined with game graphics technology to deliver previously-unknown and highly effective system monitoring and control. The assets of the systems being monitored and controlled are sometimes provided using map and asset layers and usable with simple (e.g., Web browser) tools by the end users or operators. identifying the cloud service for the cloud asset(identify the security Saas app that a tenant has installed that corresponds to data/security appliance ¶s44,45) [0044] In addition, the disclosed techniques for providing security controls across SaaS apps can facilitate users (e.g., network/security/IT/InfoSec admins, etc.) to quickly access a horizontal view from both a security and compliance perspective about the issues across all of their supported SaaS apps (e.g., to quickly determine how many SaaS apps do not have Multi-Factor Authentication (MFA) enabled/turned on, etc.). [0045] Also, even with a large number of supported SaaS apps, the disclosed techniques for providing security controls across SaaS Apps can facilitate users accessing/monitoring/configuring various security settings/issues by using a fixed number of common controls. determining an asset identity for the cloud asset(determine the category associated with the Saas security appliance and policies for security configuration associated therewith, ¶s 24,31,32) [0024] Another technical challenge for enterprise admins is not only protecting sensitive data against security issues but also retaining compliance and uniform policy enforcement across a potentially vast array of security settings associated with many different SaaS apps. Unfortunately, with limited resources, tools, and budgets, enterprise IT leaders are typically asked to do more with less. SaaS Security Posture Management (SSPM) is a type of commercially available security solution/product that aims to address various SaaS security issues by monitoring and evaluating the security configuration of each SaaS app. For example, an SSPM solution can connect to many different SaaS apps through a supported/public API(s) (e.g., which can be used to collect the status of the configurations for that SaaS app and provide alerting and remediation options to the enterprise customers). [0031] In some embodiments, a system/method/computer program product for providing security controls across SaaS apps includes collecting configuration settings for each of a plurality of Software as a Service (SaaS) applications (apps) for a SaaS security service, wherein the configuration settings are related to security for one or more of the plurality of SaaS apps; grouping each of the configuration settings into one of a plurality of categories and one of a plurality of subcategories; and determining that a configuration setting associated with at least one of the plurality of SaaS apps is not in compliance with a rule of a security policy. [0032] For example, various security common controls are disclosed that can assist users (e.g., IT/network/security/InfoSec admins for an enterprise) to easily manage security postures across a large number of SaaS apps by categorizing security settings across SaaS apps into a predetermined set of categories (e.g., data security, identity and access management (LAM), app hardening, etc.). Moreover, each category can be further categorized into subcategories (e.g., sharing settings under data security, session management under IAM, etc.). As such, the disclosed techniques for security controls across SaaS apps facilitate organizing similar security related settings across multiple SaaS apps by mapping them to a fixed/predetermined framework of security categories and subcategories for more intuitive, efficient, and effective security posture management of such SaaS apps for the enterprise, such as will be further described below. determining a security misconfiguration threshold of a set of security misconfiguration thresholds for the identified cloud service using the asset identity(determining that change to a configuration parameter cause a security policy violation, where such violation regard differences to best practices for values/ranges(i.e. misconfiguration threshold) that trigger a policy violation ¶s33-35, 55) [0033] In an example implementation, the rule is associated with at least one of a plurality of rules of the security policy configured for security compliance for each of the plurality of subcategories. The plurality of SaaS apps is associated with an enterprise customer of the SaaS security service. The SaaS security service is implemented as a cloud-based security service. Also, a security platform (e.g., a virtual or container-based firewall and/or a Network Gateway FireWall (NGFW)) can be configured to enforce the security policy. [0034] In one embodiment, a system/method/computer program product for providing security controls across SaaS apps further includes automatically analyzing each of the configuration settings for each of the plurality of SaaS apps based on a plurality of rules of the security policy configured for security compliance for each of the plurality of subcategories. [0035] In one embodiment, a system/method/computer program product for providing security controls across SaaS apps further includes generating an alert if a configuration change violates one or more of a plurality of rules of the security policy configured for security compliance for each of the plurality of subcategories. [0055] After onboarding each of the enterprise's supported SaaS apps to the SSPM solution, the SSPM solution can be used to automatically assess a security posture for such SaaS apps for the enterprise. For example, the SSPM solution can be configured to execute a scan that compares each of the SaaS app configuration settings against various SSPM built-in best/recommended security setting practices (e.g., IAM/Session Management configuration setting(s), such as values/ranges for associated timeout settings, etc.). Based on the scan results, SSPM can generate an alert(s) for policy (e.g., security policy) violations. Lu teaches a system for determination and resolving security misconfiguration but does not specifically teaches the determination of a security misconfiguration threshold is performed before submission of the input to the cloud asset. Thus Lu does not teach determining the input satisfies the security misconfiguration threshold prior to submission of the input to configure the cloud asset, wherein submission of the input implements the configuration of the cloud asset; and updating the user interface to prevent the submission of the input in response to detection of the satisfaction of the security misconfiguration threshold. Mortsolf in the same field of endeavor as the invention teaches a system for management of asset configuration changes. Mortsolf teaches determining the input satisfies the security misconfiguration threshold prior to submission of the input to configure the cloud asset, wherein submission of the input implements the configuration of the cloud asset; and(the system evaluates the draft(prior to submission) configuration changes for violations of rules with respect to permissible settings/parameter changes, where if such changes are committed the asset’s configuration is changed ¶s14, 16) [0014] An aspect of the invention is directed to a method for implementing changes to physical assets, comprising: receiving a dataset at a console coupled to a data network, the dataset corresponding to a plurality of data-connected physical assets coupled to the data network, wherein each data-connected physical asset is associated with a respective feature set of the data-connected physical asset that can be monitored and controlled over said network using respective monitoring and control signals; using a console graphics processing unit (GPU) in said console, generating a model-based three-dimensional vector graphics representation of said data-connected physical assets, along with respective states of said data-connected physical assets, based on respective data in said dataset; on a console display screen in electrical communication with the console, displaying the model-based three-dimensional vector graphics representation of said data-connected physical assets, including displaying a state of a plurality of configuration settings of said data-connected physical assets; using said console GPU, executing an interface abstraction layer to generate a plurality of model-based graphical user interface tools corresponding to the configuration settings of said data-connected physical assets; on said console display screen, displaying a vector graphic representation of the model-based graphical user interface tools so as to present an interactive control interface including said model-based graphical user interface tools to a user of the console; using said interactive control interface, accepting a plurality of inputs through said one or more model-based graphical user interface tools, the inputs corresponding to a plurality of draft configuration changes of said data-connected physical assets; using a console processor to determine whether any of the draft configuration changes violates any logical configuration change rules; and when a first draft configuration change violates a first logical configuration change rule, using the GPU to update the model-based three-dimensional vector graphics representation of said data-connected physical assets to graphically indicate that the first draft configuration change violates the first logical configuration change rule. [0016] In one or more embodiments, the method further comprises using the console processor to determine whether the user is authorized to make each draft configuration change; and when the user is not authorized to make at least one draft configuration change, using the GPU to update the model-based three-dimensional vector graphics representation of said data-connected physical assets to graphically indicate that the at least one draft configuration change is not authorized. In one or more embodiments, the logical configuration rule is based on a data model of a class of said data-connected physical assets. In one or more embodiments, the method further comprises when none of the draft configuration changes violates any of the logical configuration change rules: with the console processor, translating each draft configuration change to a corresponding target data-connected physical asset format; and with the console processor, committing each draft configuration change to a corresponding target data-connected physical asset. In one or more embodiments, the method further comprises storing the draft configuration changes in computer-readable memory that is network accessible to the console processor. In one or more embodiments, the method further comprises after committing each draft configuration change, receiving a rollback request to restore a last configuration state of the data-connected physical assets. updating the user interface to prevent the submission of the input in response to detection of the satisfaction of the security misconfiguration threshold(display of a violation graphical illustrates to the user that non permissible config change, ¶80) [0080] If any of the draft configuration changes violates a logical configuration change rule and/or if the user is not authorized to implement any of the draft configuration changes (i.e., step 920=YES), the flow chart 90 proceeds to step 930 where the Changeset Manager updates a graphical representation of at least a portion of the network to graphically indicate the rule violation(s). For example, a rule violation can be illustrated in map view 401 by placing a circle 1010 on a physical asset 1020, as illustrated in updated map view 1000 in FIG. 10. Physical asset 1020 can represent the target physical asset for the configuration change and/or the physical asset that would be negatively impacted by the draft configuration change. Additionally or alternatively, a circle 1030 can be placed on a logical or network connection 442 that would be negatively impacted by the draft configuration change. Other graphical representations can be used to graphically illustrate the rule violation in other embodiments. A rule violation dialog box or panel 1040 can be displayed with details regarding the draft configuration change(s) that caused the rule violation(s). The contents of the rule violation dialog box can change when the user selects each circle 1010, 1030. It would have been obvious to a person of ordinary skill in the art at the time of the effective filing of the instant application to modify Lu system for post configuration change violation detection and remediation with a system that determines violations of rules to corresponding particular data security appliance categories of Lu with determination of a configuration rule violate prior to deploying the configuration change as taught by Mortsolf. The reason for this modification would be to provide faster detection and remediation of configuration rules violations that are pro-active and prevent misconfiguration rather than reactively remediation of configuration violations after configuration changes are deployed. Regarding claims 3, 10 and 17, Mortsolf teaches updating the user interface to include an explanation of why the input satisfies the security misconfiguration threshold(feedback i.e. explanation of the violation displayed in a dialogue box, ¶81) [0081] Additionally or alternatively, the rule violation can be graphically illustrated in screen 820, such as by graphically updating the status 802 or the selectable controllable feature(s) 823 whose configuration change caused the rule violation, such as by placing respective circles 1110, 1130 thereon, as illustrated in FIG. 11. Other graphical representations can be used to graphically illustrate the rule violation in other embodiments. Audio and/or other feedback can also be used to indicate rule violations. A rule violation dialog box or panel 1140 can be displayed in one or both display portions 821, 822 with details regarding the draft configuration change(s) that caused the rule violation(s). Regarding claims 4, 11 and 18, Lu teaches wherein updating the user interface comprises updating the user interface via a web browser plugin updates the cloud service user interface in response to the detection of the satisfaction of the security misconfiguration threshold(Lu teaches GUI for configuring Saas security settings and determining and displaying violations, is done with plug-in software, ¶48) [0048] Referring to FIG. 1, SaaS security service architecture 100 includes a plurality of workers 110 that can each include a plurality of connectors 112. Connectors 112 of Workers 110 are in communications with a SaaS App Configuration component 106. SaaS App Configuration 106 is in communication with a Tenant Configuration (Config) Data Store 124 for securely storing SaaS App configurations for each supported/sanctioned SaaS App associated with each Tenant (e.g., each enterprise customer of the SaaS security service). SaaS App Configuration 106 is also in communication with a Configuration Catalog/Plugins component 108. Configuration Catalog/Plugins component 108 can be implemented using public and/or private APIs and/or plugin solutions for communicating with each of the supported SaaS Apps of the SaaS security service, to obtain configuration information for each SaaS app and for configuring the SaaS App as shown at 126 and 128 (e.g., in some implementations, such information can be collected via unpublished/private APIs and/or web scraping). SaaS App Configuration 106 is also in communication with a UI Console component 104 (e.g., implemented as a Graphical User Interface (GUI) and/or another form of UI) of the SaaS security service. Regarding claims 5, 12 and 19, Lu teaches wherein the cloud service is one of a plurality of cloud services, wherein the web browser plugin updates a user interface of another of the plurality of cloud services in response to another misconfiguration to prevent submission of the other misconfiguration, and wherein determining the input satisfies the security misconfiguration threshold includes using the identification of the cloud service to interpret the input( detection includes multiple Saas apps correspond to different categories, and each app can be determined to have security misconfigurations, each Saas apps implemented using a plug-in ¶48) . [[0048] Referring to FIG. 1, SaaS security service architecture 100 includes a plurality of workers 110 that can each include a plurality of connectors 112. Connectors 112 of Workers 110 are in communications with a SaaS App Configuration component 106. SaaS App Configuration 106 is in communication with a Tenant Configuration (Config) Data Store 124 for securely storing SaaS App configurations for each supported/sanctioned SaaS App associated with each Tenant (e.g., each enterprise customer of the SaaS security service). SaaS App Configuration 106 is also in communication with a Configuration Catalog/Plugins component 108. Configuration Catalog/Plugins component 108 can be implemented using public and/or private APIs and/or plugin solutions for communicating with each of the supported SaaS Apps of the SaaS security service, to obtain configuration information for each SaaS app and for configuring the SaaS App as shown at 126 and 128 (e.g., in some implementations, such information can be collected via unpublished/private APIs and/or web scraping). SaaS App Configuration 106 is also in communication with a UI Console component 104 (e.g., implemented as a Graphical User Interface (GUI) and/or another form of UI) of the SaaS security service. Regarding claims 7 and 14, Lu/Mortsolf teaches wherein satisfying the security misconfiguration includes detecting a value within the received input is within or outside of range of values, the method further comprising(Mortsolf teaches determining a violation of a security setting practices for a range of values, ¶55) [0055] After onboarding each of the enterprise's supported SaaS apps to the SSPM solution, the SSPM solution can be used to automatically assess a security posture for such SaaS apps for the enterprise. For example, the SSPM solution can be configured to execute a scan that compares each of the SaaS app configuration settings against various SSPM built-in best/recommended security setting practices (e.g., IAM/Session Management configuration setting(s), such as values/ranges for associated timeout settings, etc.). Based on the scan results, SSPM can generate an alert(s) for policy (e.g., security policy) violations. Lu teaches receiving additional input to modify the value; determining the modified value does not satisfy the security misconfiguration threshold(user is allow to make changes to fix the mis configuration and if correct the system allows the configuration change to proceed and no longer displays the violation, ¶77) [[0077] The Changeset Manager then provides the user with an opportunity to make modifications to the group of draft configuration changes to correct the logical configuration change rule violation(s). After the group of draft configuration changes is modified, the Changeset Manager determines and/or evaluates (a) whether the user is authorized to make the draft configuration changes as modified (e.g., based on RBAC) and (b) whether each draft configuration change violates any of the logical configuration change rules. If there are no logical configuration change rule violations, the Changeset Manager allows the user to implement the draft configuration changes. Otherwise, the Changeset Manager causes the console to graphically identify the logical configuration change rule violation and the draft change that caused the logical configuration change rule violation, as discussed above. and updating the user interface to allow submission of in response to determining that the modified value does not satisfy the security misconfiguration thresholds(user is allow to make changes to fix the mis configuration and if correct the system allows the configuration change to proceed and no longer displays the violation, ¶77) [0077] The Changeset Manager then provides the user with an opportunity to make modifications to the group of draft configuration changes to correct the logical configuration change rule violation(s). After the group of draft configuration changes is modified, the Changeset Manager determines and/or evaluates (a) whether the user is authorized to make the draft configuration changes as modified (e.g., based on RBAC) and (b) whether each draft configuration change violates any of the logical configuration change rules. If there are no logical configuration change rule violations, the Changeset Manager allows the user to implement the draft configuration changes. Otherwise, the Changeset Manager causes the console to graphically identify the logical configuration change rule violation and the draft change that caused the logical configuration change rule violation, as discussed above. Claims 2, 9, and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Lu/Mortsoff as applied to claims 1, 8 and 15 above, and further in view of Kludy US 2014/0344232.pn. Regarding claim 2, 9 and 16, Lu/Mortsoff does not teach wherein updating the user interface includes disabling a user interface element such that that user interaction with the user interface element no longer results in submission of input to configure one or more security policies. Kludy in the same field of endeavor teaches a system for validating parameters entered in a web browser to configure network parameters. Kludy teaches wherein updating the user interface includes disabling a user interface element such that that user interaction with the user interface element no longer results in submission of input to configure one or more security policies(deactivate the submit button until valid input is entered, ¶58). [0058] The user can then edit the input values as needed via user interface 202, and can choose to submit the one or more input values. After receiving the input values, remote device 504 can evaluate the input values using remote device validation rules 510. If the input values are valid, remote device 504 can submit the input values to server 130 for validation (5010). If, however, the input is not valid (i.e., one or more remote device validation rules returns an error when given that input value), the user may not be able to submit the input value to server 130. For example, user interface 202 can deactivate submit button 410. The user can then have the option to correct the error before attempting to submit the input values. It would have been obvious to a person of ordinary skill in the art at the time of the effective filing of the instant application to modify Lu/Mortsolf with disabling a submit button or otherwise deactivate UI elements that trigger the submission of configuration parameters as taught by Kludy. The reason for this modification would be to provide error control for configuring parameters. Claims 6, 13 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Lu/Mortsoff as applied to claims 1, 8 and 15 above, and further in view of Shafer US 2007/0113273. Regarding 6, 13 and 20, Lu/Mortsoff does not teach receiving input to add or modify the security misconfiguration threshold. Shafer in the same field of endeavor as the invention teaches a system for enforcement of network configuration policies. Shafer teaches receiving input to add or modify the security misconfiguration threshold. [0039] Network devices 8 may perform a specific action when a configuration change request is not consistent with a deployed device-specific configuration policy. In other words, network devices 8 may perform a specific action when a configuration change request is inconsistent with a deployed device-specific configuration policy. For instance, when the configuration change request is inconsistent with a deployed device-specific configuration policy, network device 8A may perform the action of rejecting the configuration change request. Alternately, network device 8A may apply the configuration change request and generate an event. The event may be a warning to administrator 10 that the configuration change request is inconsistent with a deployed device-specific configuration policy. In another example, network device 8A may receive an identity credential for a user who is submitting a configuration change request. Network device 8A then applies the configuration change request to network device 8A when the identity credential matches a stored identity credential. In this way, a senior administrator can override a deployed device-specific configuration policy. It would have been obvious to a person of ordinary skill in the art at the time of the effective filing of the instant application to modify Lu/Mortsoff with the function of overriding otherwise changing the expected values of a configuration policy. The reason for this modification would be to allow for a system that can adapt over time to changes in expectedbest practices values/ranges defined in rules/policies. Applicant Remarks Applicant’s arguments with respect to claims 1-20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument. Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to Tom Y. Chang whose telephone number is 571-270-5938. The examiner can normally be reached on Monday-Friday from 9am to 5pm. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Emmanuel Moise, can be reached on (571)272-3865. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from Patent Center. Status information for published applications may be obtained from Patent Center. Status information for unpublished applications is available through Patent Center for authorized users only. Should you have questions about access to Patent Center, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) Form at https://www.uspto.gov/patents/uspto-automated- interview-request-air-form. /TOM Y CHANG/ Primary Examiner, Art Unit 2442