Cloud Cybersecurity Solutions Under Siege From Patents, Again: Cybersecurity Companies Protect Customers From Malicious Attacks, But Can They Protect Themselves?

In yet another twist of competitor-based lawsuits involving cloud-based cybersecurity, relative newcomer CUPP Computing AS (a Norwegian company) and its American counterpart CUPP Cybersecurity filed a patent lawsuit against industry heavyweight Trend Micro in the U.S. District Court for the Northern District of Texas in May 2018. Trend Micro currently offers a wide range of cybersecurity services. Two such solutions include a Hybrid Cloud Security solution and a Network Security solution. These solutions utilize Trend Micro’s proprietary Mobile Security, Control Manager, XGen Security, Smart Protection Network, and Machine Learning technologies to provide a host of cloud and virtualization security protections. Since its founding in 2005, CUPP has focused its technology on disk and data security systems, architecture computing modules, and virus-scanning appliances. CUPP also develops and offers security software for a variety of devices connected and wireless. In its 81-page complaint against the award-winning cybersecurity incumbent, CUPP alleges that a number of Trend Micro’s solutions employing the XGen Security, Control Manager, Mobile Security, and Smart Protection technologies infringe eight of their 24 issued U.S. patents. Interestingly, all eight of CUPP’s asserted patents against Trend Micro name Shlomo Touboul—founder of Finjan and founder of Yoggie Security Systems which CUPP purchased in 2011—as an inventor, and all six of Finjan’s asserted patents against Symantec in a similar cybersecurity-related patent infringement lawsuit also name Touboul as inventor. It’s curious that Touboul is an inventor on patents held by two entities asserting patents against cybersecurity heavyweights.

Trend Micro, a Japan-based multinational cybersecurity and defense company founded 30 years ago in California, has long been recognized as a leader in software-based cybersecurity solutions for servers, cloud-computing environments, consumers, and businesses. Amazon AWS®, VMWare vCloud®, Microsoft Azure®, Oracle®, and vCloud Air®, for example, is a small but representative sample of the over 500,000 companies for whom Trend Micro provides cloud and virtualization security products. Trend Micro’s services and products have for years been consistently recognized by leading authorities in the cybersecurity industry, including: a 16-time PC Magazine Award Winner for its cybersecurity solutions, listed as a Software Magazine 2017 Top 500 Global Software Company, recognized as a Leader in Gartner’s Magic Quadrant for Endpoint Protection Platforms for 14 consecutive years, and named a Market Share Leader by IDC every year since 2009. Trend Micro was also recently ranked #31 in Cybercrime Magazine’s 2018 Cybersecurity 500 List recognizing the world’s hottest and most innovative cybersecurity companies. CUPP, on its website, presents itself as a “technology leader in the security domain for all portable devices and the Internet of Things.” CUPP, however, did not make Cybercrime Magazine’s 2018 Cybersecurity 500 List.

In its 81-page complaint, CUPP highlights its recognition as a pioneer in the development of cybersecurity products by referencing its small but formidable patent portfolio, which includes both foreign and domestic patents, and its multinational research and development team that includes experts from Norway, Israel, and the United States (Complaint, ¶8). Specifically, CUPP claims to have “pioneered the development of security products that enable a rich security stack without impacting performance” with inventions that cover software- and hardware-based “solutions to problems in the mobile device management, network security, DMZ security, and endpoint security” space (Complaint, ¶8). CUPP has lodged a detailed complaint, asserting infringement of eight of its U.S. patents granted between 2013 and 2017–the most recent grant being December 2017.

CUPP’s asserted patents generally relate to providing security services during power management mode, providing real time access monitoring of a removable media device, providing network security to mobile devices, and providing network and firewall production with dynamic address isolation to a device. As previously referenced, CUPP alleges infringement by a number of Trend Micro’s products and technologies aimed at providing antispyware, antispam, antivirus, antiphishing, and content & URL filtering capabilities to a range of customers, including individual “at-home” customers (e.g., via their Home products), enterprise companies (e.g., via their Worry-Free products), and small businesses (e.g., via their User Protection, Network Defense, and Hybrid Cloud Security products). These products utilize Trend Micro’s Mobile Security, Control Manager, XGen Security, Smart Protection Network, and Machine Learning technologies.

Specifically, as just one example, CUPP alleges that Trend Micro’s Hybrid Cloud Security solution powered by its XGen Security technology, which “delivers a blend of cross-generational threat defense techniques that have been optimized to protect physical, virtual, and cloud workloads” (Complaint, ¶37) infringes on the ‘164, ‘444, ‘079, and ‘272 patents. In particular, CUPP states that the Hybrid Cloud Security products include, among other infringing features, “security code (such as anti-malware and web threat protection), security policy (policies to ensure security of the mobile device accessing the enterprise network), and security data (such as that needed to protect corporate mobile devices) being configured based on policies implements by IT administrators in order to implement security features” (Complaint, ¶¶148-150, 170-172, 186-188, and 210-212). CUPP seeks a preliminary and permanent injunction preventing the continued direct and indirect infringement and inducement of infringement of its eight asserted patents, an entry of direct and indirect (but not willful) infringement of its eight asserted patents, an award of increased damages under U.S.C. § 284, an award of all costs and reasonable attorneys’ fees, and an accounting of all infringing sales and revenues, together with post judgment interest and prejudgment interest from the first date of the alleged infringement (Complaint, ¶¶A-F).

This case is still in its early stages, and Trend Micro has yet to file its Answer to the complaint. Interestingly, unlike other cases we have reported on (see posts on St. Luke, GEMSA, Blue Spike, Fidelity, Salesforce, and Amazon) wherein a sizeable portion of recent cloud patent lawsuits have been filed by non-practicing entities (i.e., patent trolls), CUPP is a competitor company that still manufactures and sells cybersecurity solutions and to date, has yet to file any additional lawsuits. This is not, however, the first time cloud-based cybersecurity companies have come under siege by competitors (see posts on Blue Coat Systems and Zscaler).

While this could be the first of many lawsuits filed by CUPP, it could also be the only, with its relatively small portfolio, the expansive network of other cybersecurity solutions, and the growing frequency of Alice-based patent invalidation. Although CUPP may be hoping for a large payout either by judgement or settlement, they may ultimately end up with their patent portfolio nearly cut in-half and the value of their intellectual property significantly diminished if their asserted patents are found invalid under Section 101 of the Patent Statute.

Regardless of the outcome in this case, the question still remains–while companies like Symantec and Trend Micro continue to protect their customers from malicious cloud-based cyber-attacks, can they protect themselves from the continued onslaught of competitor-based lawsuits? Trend Micro may have an “easier” time protecting its cybersecurity solutions and IP as it’s currently only facing patent infringement litigation on one front from CUPP. The task may prove more difficult for cybersecurity giant Symantec however, since in addition to playing defense in a patent infringement lawsuit against Finjan, it’s also playing offense by enforcing several of its own web security, threat prevention, and antivirus patents against other cybersecurity competitors like Zscaler.

By | 2018-05-29T22:58:24+00:00 May 29th, 2018|Cloud Security, Competitor Case, Software as a Service (SaaS)|Comments Off on Cloud Cybersecurity Solutions Under Siege From Patents, Again: Cybersecurity Companies Protect Customers From Malicious Attacks, But Can They Protect Themselves?

About the Author:

Jonathan Barnard
Jonathan focuses his practice on patent prosecution, intellectual property licensing and patent infringement defense strategy. He also handles patent portfolio lot analysis, early case and litigation risk assessment, claim charting for directed prosecution, cybercrime-related issues and post-Alice patent eligibility assessment issues.