Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in response to the Amendment filed on 02/18/2021.
Applicant submitted an amendment on 02/18/2021, amending claims 1, 8, 9,1011,15 and 21 and claim 7 is cancelled.  
Claims 1-6, and 8-21 have been examined and are pending in this application. Claims 1, 11 and 21are independent.


Allowable Subject Matter
5.	Claims 1-6 and 8-20 are allowed.
6.	The following is an examiner’s statements of reasons for allowance:
7. 	 The following references disclose the general subject matter recited in independent claim 1, 15 and 21.  

Ray et al. (US Pub. No: 2016/0173509 A1) provides Method for facilitating threat detection in an enterprise network for a computing device. Uses include but are not limited to a desktop computer, mobile computing device e.g. laptop computer and tablet, a cellular phone and a smart phone.

Gupta et al.  (US Pub. No: 2018/0048668 A1) provides for modeling a risk of security breaches to a network. Agents gather, from multiple sources across the network, analysis data that identifies observed characteristics of habitable nodes and opaque nodes. Using the analysis data a multi-layer risk model for the network is generated that comprises a first layer that models an inherent risk of security breaches to assets of the network based on the observed characteristics. The model also comprises a second layer that models a present state of the inherent risk to the assets caused by global and temporal events. The model also comprises a third layer that models a change to the risk of security breaches in response to potential mitigate actions. The model may be used to understand how risk of a security breach is distributed and interdependent upon the nodes of the network so as to allow the most valuable preventive measures to be taken. 

Reasons for Allowance 
8.	The following is an examiner’s statement of reasons for allowance:
The prior art of record neither teach nor render obvious the instant application claimed invention as a whole, in particular, the prior art fails to teach “… Cyber security is one of the most critical problems of our time. Notwithstanding enormous strides that researchers and practitioners have made in modeling and analyzing network traffic, attackers find newer and more effective methods for launching attacks, which means defenders must revisit the problem with a new perspective. While it is acknowledged that not all attacks can be detected and prevented, a system should be able to continue operating in the face of such an attack and provide its core services or missions even in a degraded manner. To build such a resilient system, it is important to be proactive in detecting and reasoning about emerging threats in an enterprise network and their potential effects on the organization, and then identify optimal actions to best defend against these risks”, as recited in claim 1,  “… instrumenting a compute instance in the enterprise network to detect one or more events and report a number of event vectors including the one or more events to the threat management facility; receiving an event stream of the number of event vectors from the compute instance at the threat management facility; monitoring the event stream and creating the entity model based on a baseline of event vectors for the entity in the event stream over an interval, wherein the interval is algorithmically determined; calculating a risk score for the compute instance based on a comparison of one or more of the event vectors in the event stream with the entity model for the entity; and adjusting a policy for the compute instance based on the risk score”, as recited in claim 15 and “…detect one or more events associated with the compute instance and to report an event vector including the one or more events to a remote resource; and a threat management facility, the threat management facility including a memory storing an entity model characterizing expected events for an entity, and the threat management facility configured to receive an event stream including the event vector, to monitor the event stream, to create the entity model based on a baseline of event vectors for the entity in the event stream over an algorithmically determined interval, to calculate a risk score for the compute instance based on a comparison of the event vector with the entity model, and to adjust a policy for the compute instance based on the risk score”, as recited in claim 21.

However, the above prior arts including the other references of the record either taken alone or in combination neither anticipates nor renders obvious the claimed subject matter of the instant application that is taken as a whole including the specific and particular features/steps recited in independent claims 1, 15 and 21. For this reason, the specific claim limitations recited in independent claim taken as whole are found to be novel and allowable.

9.	The dependent claims 2-6, 8-14 and 16-20 which are dependent on the above independent claims being further limiting to the independent claims 1, 15 and 21 definite and enabled by the specification are also allowed.

Conclusion
10.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABIY GETACHEW whose telephone number is (571)272-6932.  The examiner can normally be reached on Mon.-Fri. 9:00 AM - 5:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571) 272-3811.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






A.G.
April 15, 2021
/ABIY GETACHEW/Primary Examiner, Art Unit 2434