Cloud Security , Legislation & Litigation , Security Operations

Wiz Counters Orca Security's Patent Infringement Allegations

Wiz Hits Back With Counterclaims, Says Orca Copied Patented Cloud Security Features
Wiz Counters Orca Security's Patent Infringement Allegations

Wiz struck back at Orca Security's patent infringement lawsuit, alleging its cloud security rival resorted to copying Wiz's features and technologies because its own innovation was lagging.

See Also: Modern SaaS Security in an AI-driven World

The New York-based startup denied violating any of Orca's patents and said instead that Portland, Oregon-based Orca infringed upon patents related to holistic cloud security tools, attack path analysis, AI cybersecurity risk detection and the use of large language models for incident response. Wiz in a court filing this week also accused Orca of accessing and misusing its confidential materials.

"Wiz did not choose to bring this litigation, but faced with Orca's meritless claims, it is now forced to correct the record about Wiz's innovation, Orca's copying of Wiz, and Orca's use of Wiz's intellectual property," Wiz wrote in a 148-page filing Tuesday to the U.S. District Court for the District of Delaware. "Orca is improperly using Wiz’s inventions."

Orca said the court's recent rejection of Wiz's motion to dismiss speaks to the merit of Orca's original complaint, which was filed in July. "After the summary dismissal was denied, Wiz filed a counterclaim," Orca told Calcalist. "Orca intends to show that the patents Wiz is suing for are also based on Orca's intellectual property and technology, which Orca invented long before Wiz's patent date" (see: Orca Security Sues Wiz for Allegedly Violating 2 Patents).

Nearly a year ago, Orca filed a lawsuit accusing Wiz of violating two patents associated with securing virtual machines and virtual cloud assets at rest against cyberthreats. Wiz in its response challenged the validity and enforceability of Orca's patents, claiming they lack novelty. Wiz also alleged that Orca obtained Wiz's proprietary information without authorization and used it to bring baseless litigation.

"Orca has obtained non-public, proprietary information of Wiz without Wiz's authorization on multiple occasions and, rather than return or destroy that information, has used that information to bring baseless litigation targeting Wiz," the company said in its response.

Confidential Materials and Infringed Patents

Specifically, Wiz said Orca accessed and used its confidential materials without authorization, including documents meant for potential customers. The company also alleged that Orca copied Wiz's features and patented technologies - including cloud detection and response, "shift left" strategy tools, CIEM, data security posture management and AI security posture management - shortly after they were introduced.

"In its efforts to catch up to Wiz, Orca has repeatedly reviewed and kept Wiz confidential materials meant for potential and current customers," Wiz said in its response. "After Wiz showed its successful approach in the market, Orca has tried to compete by repeatedly copying features first debuted by Wiz. This includes adopting features patented by Wiz."

Wiz also alleged that Orca copied its infographics and marketing content on topics such as the Log4Shell vulnerability. Wiz claims Orca infringed on five patents that address capabilities such as determining the abnormal configuration of network objects in a cloud environment, using LLMs to generate queries and initiate incident response actions, and detecting cybersecurity risks in AI models.

"Rather than 'copying' the idea of serving coffee at a conference, Orca's copying has included adopting Wiz’s patented technology," Wiz said in its response. "Orca regularly copies Wiz’s features after they are released."

In its defense, Wiz said Orca cannot interpret patent claims based broadly on statements made during patent prosecution. The countersuit seeks an injunction against Orca to prevent further alleged patent infringements and misuse of confidential information. Wiz is also requesting monetary damages, enhanced damages for willful infringement, and compensation for attorneys' fees and costs.

About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.