Cloud Security , Security Operations

Orca Security Sues Wiz for Allegedly Violating 2 Patents

Wiz Says 'Baseless Accusations' Follow Orca's Failed Attempts to Compete With Wiz
Orca Security Sues Wiz for Allegedly Violating 2 Patents

Orca Security has accused cloud security rival Wiz of violating two patents associated with securing virtual machines and virtual cloud assets at rest against cyberthreats.

See Also: Top 10 DSPM Requirements: Data Security Challenges in the Cloud Era

The Portland, Oregon-based vendor claims that Wiz implemented Orca's patented technology around analyzing snapshots of virtual disks and virtual machines at rest to detect vulnerabilities on protected virtual cloud assets, according to a complaint filed Wednesday. Orca's complaint accused Wiz of patent infringement across its portfolio, including in its CNAPP, CSPM, CIEM, DSPM, IaC scanning and CDR tools.

"Wiz has built its business on a simple business plan: copy Orca," Orca wrote in a 142-page filing with the U.S. District Court for the District of Delaware. "Wiz has embedded a number of revolutionary inventions developed and patented by Orca, passed those inventions off falsely as Wiz innovations, and forced Orca to compete against its own technological breakthroughs in the marketplace."

An Orca spokesperson declined to comment on the company's lawsuit against Wiz. A Wiz spokesperson told Information Security Media Group the company first learned of Orca's "baseless accusations" from the press. "Orca has tried to compete with Wiz on several fronts and failed," the spokesperson wrote in an emailed statement. "Now they are pursuing less innovative methods."

The lawsuit comes less than five months after Wiz became the most valuable venture-backed security company in the world by raising $300 million on a $10 billion valuation. Orca notched a more modest $1.8 billion valuation in October 2021 after raising $340 million, and in March 2023 it changed leaders. Chief Product Officer Gil Geron became CEO and Avi Shua became chief innovation officer (see: Wiz Raises $300M on $10B Valuation to Safeguard Cloud Data).

Following Closely in Orca's Footsteps

Orca claims the patent infringement is part of a broader effort by Wiz to represent Orca's innovation as its own. The company alleges that New York-based Wiz copies Orca's marketing imagery, messaging and even the coffee it uses at trade shows. In the legal realm, Wiz allegedly recruited away Orca's former patent attorney to copy the company's intellectual property and even the figures from Orca's patents.

"Wiz has built its business on a simple business plan: copy Orca."
– Orca Security in a June 12, 2023, U.S. District Court filing

The company alleges that Shua presented Orca's platform to Wiz's founders in May 2019 when they led Microsoft's cloud security group. The lawsuit claims that presentation prompted Wiz's founders to "launch a copycat competitor to Orca" by leaving their "lucrative careers" at Microsoft, building a clone of Orca's technology and competing directly with the company (see: Orca Promotes CPO Gil Geron to CEO to Drive Efficient Growth).

"Wiz's copying of Orca did not stop with the technology, but pervades Wiz's business as a whole," Orca wrote in the lawsuit. ""For example, at a multi-day security conference in London, Orca decided that it would break away from typical technology booths and sponsor a coffee booth … The following day, Wiz showed up with its own coffee machine. Just like Orca."

Orca claims its first patent applications were filed by a lawyer at a small boutique firm with less than 10 attorneys with whom Shua had worked directly and confidentially. Orca terminated the relationship in 2021 when it learned the same lawyer had worked with Wiz to file patents on overlapping technology. Wiz also recruited Orca's outside corporate counsel, who had seen the company's technology and business plans (see: Orca Security's Avi Shua on Making Cloud Safe for Government).

"Wiz has hired former Orca employees and worked with third parties to acquire Orca's confidential information relating to current and future product plans, marketing, sales, prospective customers, and prospective employees, and has used that confidential information in furtherance of its efforts to copy and to compete unfairly with Orca," Orca wrote in the lawsuit.

How Wiz Allegedly Infringed Upon Orca's Patents

This is not the first time Orca has attempted to go after Wiz in court. The company sued ex-Senior Sales Engineer Nicole Jacques in August 2022 and accused her of disclosing Orca's confidential and trade secret information and soliciting Orca's customers and prospective customers as an enterprise solutions engineer at Wiz. Orca voluntarily dismissed the lawsuit 16 days later, and Jacques still works at Wiz.

For the patent focused on securing virtual cloud assets, Orca alleges that multiple Wiz products infringe upon the company's computer-implemented method for inspecting data. Orca claims Wiz was aware it had infringed upon this patent since Wiz's patent prosecution counsel is the same lawyer who first filed the patent applications on behalf of Orca and used near-identical figures and descriptions in both filings.

For the patent focused on securing virtual machines, Orca alleges that multiple Wiz products infringe upon the company's patented method for securing virtual cloud assets against cyber vulnerabilities. Orca claims Wiz provides user guides, instructions, sales-related material and other documentation that instructs its customers on the operation of Wiz's platform in a manner that infringes on Orca's patent.

"Wiz has profited from and will continue to profit from the infringing activities. Orca has been and will continue to be damaged and irreparably harmed by Wiz's infringing activities," Orca said. "The harm to Orca from Wiz's ongoing infringing activity is irreparable, continuing, and not fully compensable by money damages, and will continue unless Wiz's infringing activities are enjoined."

About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.