Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in response to the application 18/593,216 filed on 03/01/2024.
Claims 1-20 have been examined and are pending in this application.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the
basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
(a)(2) the claimed invention was described in a patent issued under section 151, or in an
application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.
Claims 1-20 are rejected under 35 U.S.C. 102 (a)(2) as being anticipated by Reed (US 2022/0360600 A1).
Regarding Claim 1
Reed discloses:
A non-transitory computer readable medium containing instructions that when executed by at least one processor cause the at least one processor to perform operations for dynamic cloud workload protection, the operations comprising:
installing an agentless scanning system, the agentless scanning system being configured to scan a cloud server, the cloud server including a network and a memory (Reed ¶628, 658–660: teaches installing and using an agentless scanning system for cloud workloads, where the system operates via serverless functions and cloud provider APIs (e.g., CloudTrail). The agentless scanner captures snapshots and reads block storage (memory/disks) and configuration metadata (network), consistent with scanning a cloud server including a network and a memory.);
detecting, using a cloud provider application program interface (API), an installation of a new workload in the cloud server, the new workload including disks (Reed ¶628, 659–660, 670: teaches detecting, via cloud provider APIs (e.g., CloudTrail), the installation/deployment of a new workload (compute asset) in a cloud server. Upon detection, the system triggers a snapshot of the workload’s disks (block storage) and related configuration/metadata.);
scanning, using the agentless scanning system, the disks of the new workload (Reed ¶659, 660, 670–672: teaches scanning, via an agentless system, the disks of a new workload by capturing snapshots and performing read-only access to runtime block storage of compute assets when the new workload is deployed.)
installing an agent on the new workload (Reed ¶639–640, 664, 672: teaches installing an agent on a new workload by determining when a compute asset is deployed without an agent, and then performing an agent-based operation including deploying an agent to that workload.);
monitoring, using the agent, the disks, the network, and the memory of the new workload (Reed ¶573, 639–640, 664–665: teaches that once an agent is deployed on a workload, the agent monitors disk activity (file integrity, storage), network activity (via eBPF hooks, traffic attribution), and memory/processes (compliance and anomaly detection).);
generating, using the agent, a notification when an interesting event occurs (Reed ¶664–665: discloses that when the agent detects an interesting event (such as an anomaly), it triggers the generation of a notification/alert using alert generator 158/alert notifier 162);
scanning, using the agentless scanning system, the cloud server (Reed ¶658–660, 670–672: teach rescanning the cloud server via the agentless system,); and
generating at least one command to perform one or more of a remediation and a policy update (Reed ¶567, 665–666: discloses generating commands for remediation (fix vulnerabilities, redeploy agents, change configs) and policy updates (SaC).).
Regarding Claim 2
Reed discloses:
The non-transitory computer readable medium of claim 1, wherein the installation of the agent on the new workload is performed by an automation or an end user (Reed ¶639–640, 664–665: Teaches that installation of the agent on the workload may be performed directly by an end user, such as a system administrator acting on a notification to deploy the agent, or alternatively by automation tools within the data platform that automatically deploy the agent when a workload without one is detected.).
Regarding Claim 3
Reed discloses:
The non-transitory computer readable medium of claim 1, wherein the monitoring includes analyzing read/write actions (Reed ¶613–615, 617–619, 665: teaches that monitoring includes analyzing read/write actions, since it discloses monitoring log files, authentication system interactions, supply chain attack behaviors, and threats such as malware and cryptominers, all of which require analyzing file and disk read/write activity.).
Regarding Claim 4
Reed discloses:
The non-transitory computer readable medium of claim 1, wherein the interesting event is one or more of a malware written to the disk, a malicious process, and an entity that is trying to exfiltrate sensitive data (Reed ¶665, 683, 687: teaches that “interesting events” include malware detected on disk (via anti-malware/file integrity monitoring), malicious processes (via anomaly and code/process monitoring), and entities attempting to exfiltrate sensitive data (via impact analysis graphs and access privilege alerts).).
Regarding Claim 5
Reed discloses:
The non-transitory computer readable medium of claim 1, wherein the scanning of the cloud server is triggered by the generated notification (Reed ¶664–665, 659–660, 670–671: teaches that notifications (e.g., alerts of anomalies) may trigger a snapshot of compute assets which constitutes an agentless scan of the cloud server. Thus, it anticipates the limitation that scanning of the cloud server may be triggered by a generated notification.).
Regarding Claim 6
Reed discloses:
The non-transitory computer readable medium of claim 1, wherein the remediation includes a remediation of new security issues (Reed ¶620 and 623: teaches that remediation operations include remediating new security issues, such as providing remediation guidance after exploits, and managing the installation of security patches in response to newly discovered vulnerabilities.).
Regarding Claim 7
Reed discloses:
The non-transitory computer readable of claim 1, wherein the policy update includes a policy update that prevents future security issues (Reed ¶567–568, 571–572: teaches that policy updates may include updates intended to prevent future security issues, such as automatically enforcing encryption of sensitive data (PII/PHI) at storage time, rejecting code that violates defined security standards, and implementing zero trust enforcement policies to block potential vulnerabilities before they arise..).
Regarding Claim 8
Claim 8 is directed to a method corresponding to the computer readable instruction in claim 1. Claim 8 is similar in scope to claim 1 and is therefore rejected under similar rationale.
Regarding Claim 9
Claim 9 is directed to a method corresponding to the computer readable instruction in claim 2. Claim 9 is similar in scope to claim 2 and is therefore rejected under similar rationale.
Regarding Claim 10
Claim 10 is directed to a method corresponding to the computer readable instruction in claim 3. Claim 10 is similar in scope to claim 3 and is therefore rejected under similar rationale.
Regarding Claim 11
Claim 11 is directed to a method corresponding to the computer readable instruction in claim 4. Claim 11 is similar in scope to claim 4 and is therefore rejected under similar rationale.
Regarding Claim 12
Claim 12 is directed to a method corresponding to the computer readable instruction in claim 5. Claim 12 is similar in scope to claim 5 and is therefore rejected under similar rationale.
Regarding Claim 13
Claim 13 is directed to a method corresponding to the computer readable instruction in claim 6. Claim 13 is similar in scope to claim 6 and is therefore rejected under similar rationale.
Regarding Claim 14
Claim 14 is directed to a method corresponding to the computer readable instruction in claim 7. Claim 14 is similar in scope to claim 7 and is therefore rejected under similar rationale.
Regarding Claim 15
Claim 15 is directed to a system corresponding to the computer readable instruction in claim 1. Claim 15 is similar in scope to claim 1 and is therefore rejected under similar rationale.
Regarding Claim 16
Claim 16 is directed to a system corresponding to the computer readable instruction in claim 2. Claim 16 is similar in scope to claim 2 and is therefore rejected under similar rationale.
Regarding Claim 17
Claim 17 is directed to a system corresponding to the computer readable instruction in claim 3. Claim 17 is similar in scope to claim 3 and is therefore rejected under similar rationale.
Regarding Claim 18
Claim 18 is directed to a system corresponding to the computer readable instruction in claim 4. Claim 18 is similar in scope to claim 4 and is therefore rejected under similar rationale.
Regarding Claim 19
Claim 19 is directed to a system corresponding to the computer readable instruction in claim 5. Claim 19 is similar in scope to claim 5 and is therefore rejected under similar rationale.
Regarding Claim 20
Claim 20 is directed to a system corresponding to the computer readable instruction in claim 6. Claim 20 is similar in scope to claim 6 and is therefore rejected under similar rationale.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
HERZBERG (US 20230164164 A1) - teaches applying a unified security policy across multiple cloud environments by matching cloud object attributes to nodes in a security graph. Policies applied to one object propagate to connected objects across environments. Non-compliance triggers mitigation, such as alerts or automated code modifications.
Niv US 20220159025 A1 - describes a system that watches network activity for cloud-based entities, groups their connections, and learns what normal behavior looks like. If unusual activity is detected, such as malware spreading or data being stolen, it flags the incident, generates a report, and can take steps to mitigate the issue.
McConnell US 20210399939 A1 - about a management network that oversees an end-user network with contact center servers and agents. The processors in the management network collect data from the servers, check that data against logical directives (rules and conditions set by the end-user network), and then tell the servers what actions to take: such as changing an agent’s state, adjusting schedules, or reassigning queues. It also covers secure communication methods (like VPNs), third-party cloud servers, and even robotic process automation for logging in and executing operations.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAAD ABDULLAH whose telephone number is 571-272-1531. The examiner can normally be reached on Monday-Friday 9am-5pm EST. If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, LYNN FIELD can be reached on 571-272-2092.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800- 786-9199 (IN USA OR CANADA) or 571-272-1000.
/SAAD AHMAD ABDULLAH/Examiner, Art Unit 2431
/LYNN D FEILD/Supervisory Patent Examiner, Art Unit 2431