Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This action is responsive to application filed on 8/29/2019. Claims 1, 10 and 19 are independents. Claims 1-27 are currently pending.

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Claims are amended as follows:
1. (Currently Amended) A computer-implemented method for prioritizing remediations in systems of an enterprise, the method being executed by one or more processors and comprising:
	providing, by a security platform, graph data defining a graph that is representative of an enterprise network, the graph comprising nodes and edges between nodes, a set of nodes representing respective assets within the enterprise network, each edge representing at least a portion of one or more lateral movement paths between assets in the enterprise network;
	determining, for each asset, a contribution value indicating a contribution of a respective asset to operation of [[the]]a process;
	determining two or more lateral movements paths between a first asset and a second asset within the graph;
	providing, for each lateral movement path, a lateral movement path value representative of a difficulty in traversing a respective lateral movement path within the enterprise network;

	prioritizing the two or more remediations based on contribution values of assets, lateral movement path values of paths, and one of lateral movement complexity values of respective segments of paths and costs of respective remediations.

10. (Currently Amended) A non-transitory computer-readable storage medium coupled to one or more processors and having instructions stored thereon which, when executed by the one or more processors, cause the one or more processors to perform operations for prioritizing remediations in systems of an enterprise, the operations comprising:
	providing, by a security platform, graph data defining a graph that is representative of an enterprise network, the graph comprising nodes and edges between nodes, a set of nodes representing respective assets within the enterprise network, each edge representing at least a portion of one or more lateral movement paths between assets in the enterprise network;
	determining, for each asset, a contribution value indicating a contribution of a respective asset to operation of [[the]]a process;
	determining two or more lateral movements paths between a first asset and a second asset within the graph;
	providing, for each lateral movement path, a lateral movement path value representative of a difficulty in traversing a respective lateral movement path within the enterprise network;
	identifying a set of remediations based on two or more remediations defined for one or more vulnerabilities associated with issues identified for respective assets, each remediation mitigating a cyber-security risk within the enterprise network; and


19. (Currently Amended) A system, comprising:
	one or more computers; and
	a computer-readable storage device coupled to [[the]] a computing device and having instructions stored thereon which, when executed by the computing device, cause the computing device to perform operations for prioritizing remediations in systems of an enterprise, the operations comprising:
	providing, by a security platform, graph data defining a graph that is representative of an enterprise network, the graph comprising nodes and edges between nodes, a set of nodes representing respective assets within the enterprise network, each edge representing at least a portion of one or more lateral movement paths between assets in the enterprise network;
	determining, for each asset, a contribution value indicating a contribution of a respective asset to operation of [[the]]a process;
	determining two or more lateral movements paths between a first asset and a second asset within the graph;
	providing, for each lateral movement path, a lateral movement path value representative of a difficulty in traversing a respective lateral movement path within the enterprise network;
	identifying a set of remediations based on two or more remediations defined for one or more vulnerabilities associated with issues identified for respective assets, each remediation mitigating a cyber-security risk within the enterprise network; and
	prioritizing the two or more remediations based on contribution values of assets, lateral movement path values of paths, and one of lateral movement complexity values of respective segments of paths and costs of respective remediations.

Allowable Subject Matter
Claims 1-27 are allowed.
The following is an examiner’s statement for allowance:
JOSEPH DURAIRAJ et al. (US 20170032130 A1) discloses a method for pre-cognitive information and event management (SIEM). The pre-cognitive SIEM may include using trained classifiers to detect an anomaly in input events, and generating a predictive attack graph based on the detected anomaly in the input events. The predictive attack graph may provide an indication of different paths that can be taken from an asset that is related to the detected anomaly to compromise other selected assets in a network of the asset, and the other selected assets may be selected based on a ranking criterion and a complexity criterion. A rank list and a complexity list may be generated. The rank list, the complexity list, a depth of the predictive attack graph, and a weighted value may be used to generate a score that provides an indication of a number of assets that can be compromised and a difficulty of exploiting vulnerabilities related to services of the assets that can be compromised.
Shu et al. (US 10956566 B2) discloses a method that provides an automatic causality tracking system that meets real-time analysis needs. It solves causality tracking for cybersecurity, preferably as three sub-tasks: backward tracking, forward tracking, and path-finding. Given a set of threat indicators, the first sub-task yields the system elements (e.g., entities such as processes, files, network sockets, and the like) that contribute information to a set of threat indicators backward in time. The second sub-task yields system elements forward in time. Given two sets of threat indicators, the third sub-task yields shortest paths between them, e.g., how the two sets of indicators are connected to one another. The system enables efficient multi-point traversal analysis with respect to a set of potential compromise points, and using data from real information flows.
Crabtree et al. (US 20200358804 A1) discloses a method for network cybersecurity analysis that uses user and entity behavioral analysis combined with network topology information to provide improved cybersecurity. The system and method involve gathering network entity information, establishing baseline behaviors for each entity, and monitoring each entity for behavioral anomalies that might indicate cybersecurity concerns. Further, the system and method involve incorporating network topology information into the analysis by generating a model of the network, annotating the model with risk and criticality information for each entity in the model and with a vulnerability level between entities, and using the model to evaluate cybersecurity risks to the network. Risks and vulnerabilities associated with user entities may be represented, in part or in whole, by the behavioral analyses and monitoring of those user entities.
The prior arts of record either taken alone or in combination neither anticipates nor renders obvious the claimed subject matter of the instant application that is taken as a whole including the particular features incorporated in each independent claims:
“determining two or more lateral movements paths between a first asset and a second asset within the graph;
providing, for each lateral movement path, a lateral movement path value representative of a difficulty in traversing a respective lateral movement path within the enterprise network;
identifying a set of remediations based on two or more remediations defined for one or more vulnerabilities associated with issues identified for respective assets, each remediation mitigating a cyber-security risk within the enterprise network; and
prioritizing the two or more remediations based on contribution values of assets, lateral movement path values of paths, and one of lateral movement complexity values of respective segments of paths and costs of respective remediations”, in combination with other features in the independent claims.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”



Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHU CHUN GAO whose telephone number is (571)270-5999. The examiner can normally be reached on Monday - Thursday 6:00-4:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, KRISTINE KINCAID can be reached on 571-272-4063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/SHU CHUN GAO/Examiner, Art Unit 2437 
                                                                                                                                                                                                     /ALI S ABYANEH/Primary Examiner, Art Unit 2437