TL;DR - Cloud Security turf battle between Israel unicorns heats up - Orca is seeking an injunction against Wiz, which Orca claims copied its patent, stole its attorney, and is infringing.
Orca fights Wiz [0]
A battle between two Israeli unicorns in the cloud security market, Orca and Wiz, has reached the fighting stage (not quite as exciting as a cage-fight but at least a court-fight). Orca filed a patent infringement case (1:23-cv-00758-UNA) against Wiz, including an injunction to halt the sale of a product that allegedly infringes on one of Orca's patents, and is looking for damages.
One technique which both Orca and Wiz use is to perform security analyses of networked/cloud computer systems by means of offline examination of copies of the disks being used by the cloud servers under inspection. This is in contrast to the previous approach, which involved analysis of running processes and network traffic in an attempt to detect rogue processes and malware. With a disk snapshot in hand one can for instance 'sidescan' and look at the list of installed software - Python packages, Go modules, Ruby gems, Java archives, etc. and raise a flag upon encountering any that harbor known vulnerabilities. The disk can also be scanned for plaintext ssh keys and so on.
This approach is useful in several ways, for instance by not requiring run-time resources, and in any case has proved popular enough that both Orca and Wiz have made it to billion-dollar valuations.
On the offense: Orca Security, founded in 2019 by Check Point veterans Gil Geron (left) and Avi Shua (right).[1] Recently, Chief Product Officer Gil Geron became CEO and Avi Shua became chief innovation officer.
Playing defense: Wiz, co-founded in March 2020 by Adalom veterns Assaf Rappaport (from left), Ami Luttwak, Yinon Costica and Roy Reznik [2] .
The lawsuit was filed in the US Delaware District Court, and asserts that:
Orca began developing and selling its product before Wiz;
Wiz deliberately encroached on Orca's intellectual property to establish their own business;
Wiz employed identical litigation strategies and retained the same IP attorney.
The complaint reads in part:
Wiz has built its business on a simple business plan: copy Orca. This copying is
replete throughout Wiz’s business and has manifest in myriad ways. In its marketing, Wiz copies Orca’s imagery, its message, and even the coffee it uses at trade shows. In prosecuting patents, Wiz recruited away Orca’s former patent attorney to copy Orca’s intellectual property and even the figures from Orca’s patents. And, most importantly for this action, in its products and services, Wiz has embedded a number of revolutionary inventions developed and patented by Orca, passed those inventions off falsely as Wiz innovations, and forced Orca to compete against its own technological breakthroughs in the marketplace. Wiz’s conduct in this regard is illegal, unjust, and in violation of the United States patent laws. Orca thus brings this complaint to redress Wiz’s willful and deliberate infringement of Orca’s patents.
"Strikingly similar" patent applications filed by both companies (11,663,031 and 11,663,032 to Orca (Jan 2019) allegedly being similar to 11,374,982 to Wiz (Dec. 2020)) are referred to in the complaint. Orca claims that both applications were filed by the same attorney. Since you won't find any overlap between attorneys at Finnegan, Henderson and M&B IP Analysts, the two firms ostensibly representing Orca and Wiz, respectively, one may wonder whence the 'attorney poaching' accusation.
Orca patent applications:
Title | Number | Earliest Priority date | Attorney |
11,663,031 | 2019-01-28 | Finnegan, Henderson, Farabow, Garrett & Dunner, LLP | |
11,663,032 | 2019-01-28 | Finnegan, Henderson | |
US11693685B2 | 2019-01-28 | Finnegan, Henderson | |
US20220350931A1 | 2021-04-26 | Finnegan, Henderson | |
US20220374520A1 | 2021-04-26 | Finnegan, Henderson | |
US20220345483A1 | 2021-04-26 | Finnegan, Henderson |
The Wiz applications :
Title | Application Number | Earliest Priority Date | Attorneys |
11,374,982 | 2020-12-02 | M&B IP Analysts, LLC | |
20220394082A1 | 2020-12-02 | M&B IP Analysts, LLC | |
11671460 | 2020-12-02 | M&B IP Analysts, LLC | |
US20230123477A1 | 2021-10-18 | | |
US20230164174A1 | 2021-11-24 | | |
2021-11-24 | M&B IP Analysts, LLC | ||
Detecting vulnerabilities in virtual instances in a cloud environment utilizing infrastructure as code (priority from US17/820,433) | US20230069334A1 | 2022-08-17 | M&B IP Analysts, LLC |
US20230161869A1 | 2022-11-14 | M&B IP Analysts, LLC | |
US20230208862A1 | 2022-12-23 | M&B IP Analysts, LLC |
So how is 'attorney-poaching' happening if the Orca patents were filed by Finnegan, Henderson et al while the Wiz patents were filed by M&B? If you check the original provisional applications made by Orca at the USPTO Patent Center you will find M&B listed for the correspondence address!
So it appears that what happened (borne out in the complaint) is that Orca switched to Finnegan after the provisional filing but before the subsequent filing, when they caught wind that M&B were working with Wiz.
The complaint shows the following comparison of Fig. 3 from Orca's '031 with Fig. 6 from Wiz's '982 where there does appear to be rather more overlap than could happen by chance.
As for the actual overlap of the applications:
Claim 1 of 'Techniques for securing virtual cloud assets' ('031) reads:
1. A system for inspecting data, ... taking at least one snapshot copy of the virtual disks of the virtual machine at a point in time;...[and]
analyze the at least one snapshot to detect vulnerabilities, ...and report the detected vulnerabilities as alerts.
The first claim of 'Techniques for securing virtual machines by application use analysis' ('032) is similar but involves (as one might expect) analysis of which apps are installed on the VM, and reporting those that are on a blacklist of known-vulnerable apps.
These are both actually rather different from Wiz' Static analysis techniques for determining reachability properties of network and computing objects ('982) which involves methods for determining reachability of network objects ("1. A method determining reachability properties of security objects, comprising....")
The lawsuit alleges that Wiz copied the Orca concept after its disclosure: during a meeting in May 2019, Mr. Shua introduced the Orca platform to the founders of Wiz (formerly Microsoft Viz). Orca holds that the concept that Wiz subsequently embraced constituted theft of Orca's technology, although it's not clear if Wiz signed any sort of NDA covering this meeting. Orca claims that at the meeting Mr. Shua explained how he planned to revolutionize cloud security with the static analysis system described above (namely analyzing snapshots or copies of the disk images being used by an app and looking for vulnerabilities in the filesystem as opposed to running agents that attempt to monitor processes).
Within a few months, Wiz developed a system similar to Orca's, with the founders Rappaport, CTO Ami Lutwak, VP of Product Yinan Kostika, and VP R&D Roy Resnick leaving Microsoft and founding Wiz in March 2020 to directly compete with Orca. This isn't necessarily illegal especially if there was no NDA signed, and the court case hinges entirely on the question infringement. The point about the disclosure in the meeting may concern good vs. bad faith - if Wiz knew they were copying as well as filing their own patent application based on material that they gleaned from Shua, and they further knew that Orca's material was likely or certainly patent pending, then they'll have a hard time showing good faith.
In any case there's more lawyer-poaching involved - from the complaint:
In furtherance of its scheme to copy Orca, Wiz also recruited Orca’s outside corporate counsel to work for Wiz. That lawyer attended Orca’s Board of Director meetings and, as a result, was exposed to Orca’s highly confidential technology and business plans. Orca replaced its outside corporate counsel in November 2020 after it learned that Wiz had engaged the very same lawyer as its own corporate counsel. On information and belief, Wiz knew that the lawyer it hired was Orca’s outside corporate counsel and Wiz hired him to assist Wiz in its attempts to copy Orca.
A previous suit brought by Orca in 2022 targeted ex-Senior Sales Engineer Nicole Jacques, accusing her of disclosing Orca trade secrets, and soliciting Orca customers and prospects. Orca voluntarily dismissed the lawsuit subsequently.
Various Infringement Charges
Orca alleges that Wiz knowingly infringed and is infringing the patents for offline analysis, this knowledge being based not only on Orca's (published) applications but by dint of Wiz having retained the same lawyer who first filed Orca's provisionals to file similar applications for Wiz.
As for the Orca patents concerning securing virtual machines, Orca claims infringement of their methods for securing virtual cloud assets, and holds that Wiz provides documentation describing the operation of Wiz's platform and that this description elucidates a method that infringes the Orca patents.
Stay tuned for the fallout - both in the battle of the unicorns and also in the white shoe world of boutique IP firms.