DETAILED ACTION
This Office Action is in response to an application filed on September 14, 2021, in which claims 1 through 20 are pending, and ready for examination.  

Acknowledgement is made of Applicant’s claim for domestic benefit as a Continuation of U.S. Application No. 17/069,415 filed on October 13, 2020, which claims domestic benefit as a Continuation of U.S. Application No. 16/525,415 filed on July 29, 2019, now U.S. Patent No. 10,841,325, which claims domestic benefit as a Continuation of U.S. Application No. 16/058,810 filed on August 8, 2018, now U.S. Patent No. 10,462,171, which claims domestic benefit from Provisional Application Nos. 62/550,439 filed on August 25, 2017, 62/545,917 filed on August 15, 2017, and 62/542,288 filed on August 8, 2017.  

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .  

Information Disclosure Statement
The information disclosure statement (IDS) submitted October 19, 2021 was filed before the mailing date of a first Office Action on the merits.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.  

Terminal Disclaimer
The terminal disclaimer filed on December 2, 2021 disclaiming the terminal portion of any patent granted on this application which would extend beyond the expiration date of U.S. Patent No. 10,462,171 has been reviewed and is accepted.  The terminal disclaimer has been recorded.  

EXAMINER’S AMENDMENT
An Examiner’s Amendment to the record appears below.  Should the changes and/or additions be unacceptable to Applicant, an amendment may be filed as provided by 37 CFR 1.312.  To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.  

Authorization for this Examiner’s Amendment was given by Thomas Yee, Reg. No. 57,013, on December 1, 2021.  

1. (Currently Amended) A computer-implemented method for protecting security of an elastic computer network, the elastic computer network comprising one or more endpoint devices and an enterprise network, the computer-implemented method comprising:
monitoring, by a central manager computing system, through each autonomous software agent of a plurality autonomous software agents operating on the one or more endpoint devices forming the elastic computer network, one or more network communications of a corresponding endpoint device to obtain 
receiving, by the central manger computing system, the endpoint data transmitted by each autonomous software agent through an electronic communications network, wherein the endpoint data is configured to allow the central manager computing system to identify network activity patterns, wherein the network activity patterns comprise network access behaviors or processor behaviors of the one or more endpoint devices, and wherein each autonomous software agent transmits the endpoint data based at least in part on the logical grouping of a corresponding endpoint device; 
analyzing and normalizing, by the central manager computing system, the endpoint data;
identifying, by the central manager computing system, one or more anomalous indicators on one or more endpoint devices based at least in part on the normalized endpoint data and the one or more logical groupings of the one or more endpoint devices; 
transmitting, by the central manager computing system, one or more alerts through the electronic communications network, the one or more alerts based on the one or more anomalous indicators;

receiving, by the central manager computing system from a user via the dynamic user interface, one or more user inputs, the one or more user inputs comprising commands for responding to the one or more anomalous indicators on the one or more endpoint devices; and
responding, by the central manager computing system, to the one or more anomalous indicators based at least in part on the one or more user inputs comprising commands for responding to the one or more anomalous indicators, wherein the responding comprises limiting one or more operating system processes or network communications of the one or more endpoint devices,
wherein at least one of the one or more endpoint devices is located outside of a network firewall of the enterprise network,
wherein the one or more endpoint devices and the central manager computing system comprise one or more electronic processors and one or more electronic data stores.  

 wherein the commands for responding to the one or more anomalous indicators are configured to prevent the identified network activity patterns from spreading to other systems or manipulating enterprise data.  

11. (Currently Amended) A computer-implemented method for protecting security of an elastic computer network, the elastic computer network comprising one or more endpoint devices and an enterprise network, the computer-implemented method comprising:
monitoring, by one or more manager computing system, through each software agent of a plurality software agents operating on the one or more endpoint devices forming the elastic computer network, one or more network communications of a corresponding endpoint device to obtain endpoint data, wherein the one or more endpoint devices comprise one or more cellphones, servers, virtual machines, laptops, tablets, desktop computers, Internet of Things (IoT) devices, wearable devices, or smart home devices, wherein the one or more endpoint devices are organized into one or more logical groupings;
receiving, by the one or more manger computing system, the endpoint data transmitted by each software agent through an electronic communications network, wherein the endpoint data is configured to allow the one or more manager 
analyzing and normalizing, by the one or more manager computing system, the endpoint data;
identifying, by the one or more manager computing system, one or more anomalous indicators on one or more endpoint devices based at least in part on the normalized endpoint data and the one or more logical groupings of the one or more endpoint devices; 
transmitting, by the one or more manager computing system, one or more alerts through the electronic communications network, the one or more alerts based on the one or more anomalous indicators;
generating, by the one or more manager computing system,  a continuously updated visualization mapping representation of one or more network characteristics related to security and network management functionalities, the generating the continuously updated visualization mapping representation based at least in part on the identification of the one or more anomalous indicators on the one or more endpoint devices, the visualization mapping representation configured for display to a user via a dynamic user interface;
receiving, by the one or more manager computing system from a user via the dynamic user interface, one or more user inputs, the one or more user inputs 
responding, by the one or more manager computing system, to the one or more anomalous indicators based at least in part on the one or more user inputs comprising commands for responding to the one or more anomalous indicators, wherein the responding comprises limiting one or more operating system processes or network communications of the one or more endpoint devices,
wherein at least one of the one or more endpoint devices is located outside of a network firewall of the enterprise network,
wherein the one or more endpoint devices and the one or more manager computing system comprise one or more electronic processors and one or more electronic data stores.  

12. (Currently Amended) The computer-implemented method for protecting security of the elastic computer network of Claim 11, wherein the commands for responding to the one or more anomalous indicators are configured to prevent the identified network activity patterns from spreading to other systems or manipulating enterprise data.  

Allowable Subject Matter
Claims 1-20 are allowed.  

The following is an Examiner’s statement of reasons for allowance:

With regard to independent claims 1 and 11, the closest prior art of record is Herz, et al., U.S. Pub. No. 2013/0091573.  The prior art of record does not disclose, or fairly teach in reasonable combination to one of ordinary skill in the art, “wherein at least one of the one or more endpoint devices is located outside of a network firewall of the enterprise network”, within the scope and context of the claimed invention.  

Claims 2-10 and 12-20 are each dependent upon either one of claims 1 or 11, and are therefore allowed under the same rationale.  

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”  

Additionally, the closest prior art has been supplied in the record.  

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:  
Baradaran, et al., U.S. Pub. No. 2017/0126718
Ghanea-Hercock, U.S. Pub. No. 2004/0255157
Desai, et al., U.S. Pub. No. 2003/0188189

Any inquiry concerning this communication or earlier communications from the examiner should be directed to J. Brant Murphy whose telephone number is (571)272-6433. The examiner can normally be reached Monday - Friday, 8am - 4pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on 571-272-3685. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/J. BRANT MURPHY/Primary Examiner, Art Unit 2435                                                                                                                                                                                                        
January 2, 2021