DETAILED ACTION
This office action is in response to the application filed on 11/13/2019. Claims 1-20 are pending and are examined.	
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Allowable Subject Matter
Claims 1-20 are allowed.
The following is an examiner’s statement of reasons for allowance:

The closest prior arts made of records are, Kung et al. (U.S Pub No. 2018/0234459 A1, referred to as Kung), Shieh et al. (U.S Pub No. 2017/0134422 A1, referred to as Shieh) and Woolward et al. (U.S Pub No. 2017/0374032 A1, referred to as Woolward).

Kung discloses a method to prevent un-authorized accesses to data and resources available in workloads on an organization's or enterprise's computer network, various improvements to automated computer network security processes to enable them to enforce network security policies using native network security mechanisms to control communications to and/or from workload units of applications running on different nodes within hybrid computer network infrastructures having both traditional 

Shieh discloses methods and systems for diversifying coverage of a deception point by receiving, by a first enforcement point in a first data network segment, a first data packet addressed to a first workload in the first data network segment; forwarding the first data packet to the deception point using a first low-level security rule set, the deception point logging the first data packet to produce a first log, receiving, by a second enforcement point in a second data network segment, a second data packet addressed to a second workload in the second data network segment, forwarding the second data packet to the deception point using a second low-level security rule set, the deception point logging the second data packet to produce a second log, the deception point providing the first and second logs to a security director for analysis.

	Woolward discloses methods and systems for autonomously forwarding unauthorized access of critical application infrastructure in a network to a deception point by receiving a high-level security policy including a specification of the critical application infrastructure, prohibited behaviors, and an identification associated with the deception point, the specification including at least one of an application and a protocol; classifying each workload in the network; identifying the critical application infrastructure using the classification and specification of the critical application infrastructure; generating a low-level firewall rule set using the identified critical application infrastructure and the high-level security policy; and providing the low-level firewall rule 

However, regarding claims 1 and 14, the prior art of Kung, Shieh and Woolward when taken in the context of the claim as a whole do not disclose nor suggest, “distributing the segmentation rule and the deception rule to an enforcement module executing on a remote device and associated with at least one workload of the first group of workloads to cause the enforcement module to configure a traffic filter to allow the communications meeting the first criteria of the segmentation rule and to facilitate a deception service in response to communications meeting the second criteria of the deception rule; receiving from the workload, traffic flow data associated with communications meeting the second criteria of the deception rule; detecting if the traffic flow data is indicative of malicious behavior; and performing a remedial action in response to detecting the traffic flow data is indicative of the malicious behavior.”.

Regarding claims 8 and 19, the prior art of Kung, Shieh and Woolward
Claims 2-7 depend on claim 1, claims 9-13 depend on claim 8, claims 15-18 depend on claim 14 and claim20 depends on claim 19, and are of consequence allowed.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:  See PTO-892.  
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HASSAN SAADOUN whose telephone number is (571)272-8408. The examiner can normally be reached Mon-Fri 9:00-5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on 571-272-3685. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 





/HASSAN SAADOUN/Examiner, Art Unit 2435 

/JOSEPH P HIRL/Supervisory Patent Examiner, Art Unit 2435