Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 6/3/2021 has been entered. Claims 1 and 7 are amended. Claims 1-5 and 7-11 are pending. Claims 1-5 and 7-11 are pending.
 EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

Note: Please replace previously presented independent claims 1 and 7 with newly amended independent claims 1 and 7 listed below. 

1. (Currently amended) A system for cybersecurity analysis using user and entity behavioral analysis combined with network topology information, comprising: a computing device comprising a memory and a processor; a directed graph stored in the memory of the computing device, the directed graph comprising a representation of a computer network wherein: nodes of the directed graph represent entities comprising the computer network; and edges of the directed graph represent relationships between the entities of the computer network; and wherein network segmentation is used to reduce analogously with respect to access of the computer network; and representing all computing devices in a logical segment as a single entity in the directed graph; and a behavioral analysis engine comprising a plurality of programming instructions stored in the memory of, and operating on the processor of, the computing device, wherein the plurality of programming instructions, when operating on the processor, cause the computing device to: monitor the activity of a plurality of entities comprising the computer network; establish behavioral baseline data for each of the plurality of entities from the monitored activity over a defined period of time; associate the behavioral baseline data for each entity with the directed graph node for that entity; identify anomalous behavior of one of the plurality of entities by comparing monitored activity for that entity to the associated behavioral baseline data for that entity; and 2calculate a risk of the anomalous behavior using the directed graph by determining a relationship between the entity for which anomalous behavior has been identified and a different entity of the plurality of entities.

7. (Currently amended) A method for cybersecurity analysis using user and entity behavioral analysis combined with network topology information, comprising the steps of: storing a directed graph in the memory of a computing device, the directed graph comprising a representation of a computer network wherein: nodes of the directed graph represent entities comprising the computer network; and edges of the directed graph represent relationships between the entities of the computer network; and 3the number of nodes required to represent entities in the directed graph is reduced using network segmentation by: assigning computing devices in the computing network to logical segments by changing their configurations or by changing the computer network configurations wherein the analogously with respect to access of the computer network; and representing all computing devices in a logical segment as a single entity in the directed graph monitoring the activity of a plurality of entities comprising the computer network; establishing behavioral baseline data for each of the plurality of entities from the monitored activity over a defined period of time; associating the behavioral baseline data for each entity with the directed graph node for that entity; identifying anomalous behavior of one of the plurality of entities by comparing monitored activity for that entity to the associated behavioral baseline data for that entity; and calculating a risk of the anomalous behavior using the directed graph by determining a relationship between the entity for which anomalous behavior has been identified and a different entity of the plurality of entities.
Allowable Subject Matter
Claims 1-5 and 7-11 are allowed.
REASONS FOR ALLOWANCE 
Applicant’s invention is drawn to a process for providing device behavioral analysis in a computing network environment. 

The examiner finds applicant’s remarks made on 6/30/3021, for patentability over the prior art references, Hrastar (US Patent Publication No. 2004/0098610), Ben-Or et al. (US Patent No. 9,294,497) and Samuni et al. (US Patent Publication No. 2017/0013003), to be persuasive. Specifically, the examiner notes applicant’s persuasive remark(s) of, “However, color coding of devices with certain similarities is not equivalent to network segmentation wherein groups of devices are treated as a single logical entity, as in the claimed invention. While it can be argued that color coding is a form of assignment to a logical segment, Hrastar does not do it by changing either the device or network configurations within the directed graph, as required by the limitations of the 
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled "Comments on Statement of Reasons for Allowance".
Response to Arguments
Examiner’s Remarks - 35 USC § 103
	The examiner withdraws the rejection made under 35 USC § 103 in view of applicant’s claim amendments. 
Art Made of Record
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: Masch; Vladimir A. et al. (US Patent No. 5930762), Doyle; David Paul et al. (US Patent Publication No. 20100031156), Yao; Danfeng et al. (US Patent Publication No. 20140310808) and SASTURKAR; Amit et al. (US Patent Publication No. 20150033084).

Contact Information

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached on (571)272-3867.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/BRYAN F WRIGHT/               Examiner, Art Unit 2497