DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claims 1-27 are presented for examination.

Priority
The claim for priority from US Provisional 62/774,516 filed on 3 December 2018 and US Provisional 62/829,696 filed on 5 April 2019 is duly noted.

Specification
The disclosure is objected to because of the following informalities: 
In [00107], line 5: “(816)” should read –(820)–.
Appropriate correction is required.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:


(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claim(s) 1, 4, 5, 7, 8, 10, 13, 14, 16, 17, 19, 22, 23, 25, and 26 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Hassanzadeh et al. (US 2017/0318050 A1 and Hassanzadeh hereinafter).
As to claims 1, 10, and 19, Hassanzadeh discloses a system and method for event correlation across heterogeneous operations, the system and method having:
providing, by a security platform, graph data defining a graph that is representative of an enterprise network, the graph comprising nodes and edges between nodes, a set of nodes representing respective assets within the enterprise network, and a node representing a process executed within a system of the enterprise, each edge representing at least a portion of one or more lateral paths between assets in the enterprise network (0049, lines 4-23; 0051, lines 11-19); 
determining, for each asset, a contribution value (i.e. importance of nodes) indicating a contribution of a respective asset to operation of the process (0055, lines 4-13); 
determining, for each asset, an impact value based on a total value of the process and a respective contribution value of the asset (0055, lines 19-24); 
implementing one or more remediations based on a set of impact values determined for the assets, each remediation mitigating a cyber-security risk within the enterprise network (0061, lines 5-22). 

As to claims 4, 13, and 22, Hassanzadeh discloses:
wherein each remediation is implemented for a respective vulnerability and remediates an issue of a respective asset (0061, lines 10-13, 15-18). 

As to claims 5, 14, and 23, Hassanzadeh discloses:
wherein the vulnerability affects multiple assets (0061, lines 15-22). 

As to claims 7, 16, and 25, Hassanzadeh discloses:
wherein each asset is identified as a target within the enterprise network, the target being selected based on a disruption occurring to the process in response to an attack on the target (0040, lines 19-25; 0045, lines 12-19). 

As to claims 8, 17, and 26, Hassanzadeh discloses:
wherein the disruption is based on one or more metrics (0045, lines 12-17). 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised 
Claims 9, 18, and 27 is/are rejected under 35 U.S.C. 103 as being unpatentable over Hassanzadeh.
As to claims 9, 18, and 27, Hassanzadeh does not explicitly disclose wherein the one or more metrics comprise loss of technical resources, physical losses, disruption in services, and financial losses. However Hassanzadeh discloses that an anomaly detection mechanism may observe an unusual occurrence of communication between computing devices, an unusual rate of events between computing devices in a particular timeframe, or another sort of anomaly (0045, lines 12-17). It would have been obvious to one of ordinary skill in the art before the effective filing date that an unusual occurrence of communication, unusual rate of events, or other anomaly would be considered a disruption of service. 

Claims 6, 15, and 24 is/are rejected under 35 U.S.C. 103 as being unpatentable over Hassanzadeh as applied to claims 1, 10, and 19 above, and further in view of Cohen et al. (US 2005/0193430 and Cohen hereinafter).
As to claims 6, 15, and 24, Hassanzadeh fails to specifically disclose:
wherein the graph is generated by a discovery service of the security platform, the discovery service detecting assets using one or more adaptors and respective asset discovery tools that generate an asset inventory and a network map of the enterprise network. 
Nonetheless, this feature is well known in the art and would have been an obvious modification of the teachings disclosed by Hassanzadeh, as taught by Cohen.

wherein the graph is generated by a discovery service of the security platform, the discovery service detecting assets using one or more adaptors and respective asset discovery tools that generate an asset inventory and a network map of the enterprise network (0069, lines 1-14). 
Given the teaching of Cohen, a person having ordinary skill in the art before the effective filing date of the claimed invention would have readily recognized the desirability and advantages of modifying the teachings of Hassanzadeh with the teachings of Cohen by generating an inventory and map of the network. Cohen recites motivation by disclosing that using a discovery service to generate an inventory and map of the network allows for vulnerabilities to be discovered and the network to be protected (0067). It is obvious that the teachings of Cohen would have improved the teachings of Hassanzadeh by generating an inventory and map of the network in order to discover vulnerabilities and protect the network.

	
Allowable Subject Matter
Claims 2, 3, 11, 12, 20, and 21 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Prior Art Made of Record
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Kibler et al. (US 2019/0052664 A1) discloses a system and method for assessing cybersecurity risk of computer network.
Laarakkers et al. (US 2011/0093956 A1) discloses a system and method for protecting a mobile device against a denial of service attack.
Ng et al. (US 2017/0085595 A1) discloses a system and method for inferential analysis using feedback for extracting and combining cyber risk information.
Roundy et al. (US Patent 9,256,739 B1) discloses a system and method for using event-correlation graphs to generate remediation procedures.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SARAH SU whose telephone number is (571)270-3835.  The examiner can normally be reached on 7:30 AM - 4:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on 571-272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact 

/SARAH SU/Primary Examiner, Art Unit 2431