Case 1:18-cv-01519-MN Document 1 Filed 10/01/18 Page 1 of 72 PageID #: 1
`
`IN THE UNITED STATES DISTRICT COURT
`FOR THE DISTRICT OF DELAWARE
`
`FINJAN, INC., a Delaware Corporation,
`
`Plaintiff,
`
` v.
`
`RAPID7, INC., a Delaware Corporation
`and RAPID7 LLC, a Delaware Limited
`Liability Company,
`
`Defendants.
`
`)
`)
`)
`)
`)
`)
`)
`)
`)
`)
`)
`
`C.A. No.
`
`JURY TRIAL DEMANDED
`
`COMPLAINT FOR PATENT INFRINGEMENT
`
`Plaintiff Finjan, Inc. (“Finjan”) files this Complaint for Patent Infringement and Demand
`
`for Jury Trial against Rapid7, Inc. and Rapid7 LLC (collectively, “Defendants” or “Rapid7”) and
`
`alleges as follows:
`
`THE PARTIES
`
`1.
`
`Finjan is a Delaware Corporation with its principal place of business at 2000
`
`University Avenue, Suite 600, E. Palo Alto, California 94303.
`
`2.
`
`Rapid7, Inc. is a Delaware Corporation with its principal place of business at 100
`
`Summer Street, Boston, Massachusetts.
`
`3.
`
`Rapid7 LLC is a Delaware limited liability company and a wholly-owned
`
`subsidiary of Rapid7, Inc. with its principal place of business at 100 Summer Street, Boston,
`
`Massachusetts.
`
`JURISDICTION AND VENUE
`
`4.
`
`This action arises under the Patent Act, 35 U.S.C. § 101 et seq. This Court has
`
`original jurisdiction over this controversy pursuant to 28 U.S.C. §§ 1331 and 1338.
`
`

`

`Case 1:18-cv-01519-MN Document 1 Filed 10/01/18 Page 2 of 72 PageID #: 2
`
`5.
`
`Venue is proper in this Court pursuant to 28 U.S.C. §§ 1391(b) and (c) and
`
`1400(b).
`
`6.
`
`This Court has personal jurisdiction over Defendants. Defendants are organized
`
`under the laws of Delaware. In addition, the Court has personal jurisdiction over Defendants
`
`because Defendants have established minimum contacts with the forum and the exercise of
`
`jurisdiction would not offend traditional notions of fair play and substantial justice.
`
`FINJAN’S INNOVATIONS
`
`7.
`
`Finjan was founded in 1997 as a wholly-owned subsidiary of Finjan Software
`
`Ltd., an Israeli corporation. In 1998, Finjan moved its headquarters to San Jose, California.
`
`Finjan was a pioneer in developing proactive security technologies capable of detecting
`
`previously unknown and emerging online security threats, recognized today under the umbrella
`
`term “malware.” These technologies protect networks and endpoints by identifying suspicious
`
`patterns and behaviors of content delivered over the Internet. The United States Patent and
`
`Trademark Office (“USPTO”) has awarded Finjan, and Finjan continues to prosecute, numerous
`
`patents covering innovations in the United States and around the world resulting directly from
`
`Finjan’s more than decades-long research and development efforts, supported by a dozen
`
`inventors and over $65 million in R&D investments.
`
`8.
`
`Finjan built and sold software, including application program interfaces (APIs)
`
`and appliances for network security, using its patented technologies. Finjan’s licensing partners
`
`continue to support these products and related customers. At its height, Finjan employed nearly
`
`150 employees around the world, building and selling security products and operating the
`
`Malicious Code Research Center, through which it frequently published research regarding
`
`network security and current threats on the Internet. Finjan’s pioneering approach to online
`
`2
`
`

`

`Case 1:18-cv-01519-MN Document 1 Filed 10/01/18 Page 3 of 72 PageID #: 3
`
`security drew equity investments from two major software and technology companies, the first in
`
`2005 followed by the second in 2006. Finjan generated millions of dollars in product sales and
`
`related services and support revenues through 2009, when it spun off certain hardware and
`
`technology assets in a merger. Pursuant to this merger, Finjan was bound to a non-compete and
`
`confidentiality agreement, under which it could not make or sell a competing product or disclose
`
`the existence of the non-compete clause. Finjan became a publicly traded company in June
`
`2013, capitalized with $30 million. After Finjan’s obligations under the non-compete and
`
`confidentiality agreement expired in March 2015, Finjan re-entered the development and
`
`production sector of secure mobile products for the consumer market.
`
`FINJAN’S ASSERTED PATENTS
`
`9.
`
`On July 5, 2011, the USPTO issued to Moshe Rubin, Moshe Matitya, Artem
`
`Melnick, Shlomo Touboul, Alexander Yermakov and Amit Shaked U.S. Patent No. 7,975,305
`
`(“the ‘305 Patent”), titled METHOD AND SYSTEM FOR ADAPTIVE RULE-BASED
`
`CONTENT SCANNERS FOR DESKTOP COMPUTERS. A true and correct copy of the ‘305
`
`Patent is attached to this Complaint as Exhibit 1 and is incorporated by reference herein.
`
`10.
`
`All rights, title, and interest in the ‘305 Patent have been assigned to Finjan, who
`
`is the sole owner of the ‘305 Patent. Finjan has been the sole owner of the ‘305 Patent since its
`
`issuance.
`
`11.
`
`The ‘305 Patent is generally directed towards network security and, in particular,
`
`rule based scanning of web-based content for exploits. One of the ways this is accomplished is
`
`by using parser and analyzer rules to describe computer exploits as patterns of types of tokens.
`
`Additionally, the system provides a way to keep these rules updated. The ‘305 Patent discloses
`
`and specifically claims inventive concepts that represent significant improvements over
`
`3
`
`

`

`Case 1:18-cv-01519-MN Document 1 Filed 10/01/18 Page 4 of 72 PageID #: 4
`
`conventional network security technology that was available at the time of filing of the ‘305
`
`Patent and are more than just generic software components performing conventional activities.
`
`12.
`
`On July 17, 2012, the USPTO issued to Moshe Rubin, Moshe Matitya, Artem
`
`Melnick, Shlomo Touboul, Alexander Yermakov and Amit Shaked U.S. Patent No. 8,225,408
`
`(“the ‘408 Patent”), titled METHOD AND SYSTEM FOR ADAPTIVE RULE-BASED
`
`CONTENT SCANNERS. A true and correct copy of the ‘408 Patent is attached to this
`
`Complaint as Exhibit 2 and is incorporated by reference herein.
`
`13.
`
`All rights, title, and interest in the ‘408 Patent have been assigned to Finjan, who
`
`is the sole owner of the ‘408 Patent. Finjan has been the sole owner of the ‘408 Patent since its
`
`issuance.
`
`14.
`
`The ‘408 Patent is generally directed towards network security and, in particular,
`
`rule based scanning of web-based content for a variety of exploits written in different
`
`programming languages. One of the ways this is accomplished is by expressing the exploits as
`
`patterns of tokens. Additionally, the disclosed system provides a way to analyze these exploits
`
`by using a parse tree. The ‘408 Patent discloses and specifically claims inventive concepts that
`
`represent significant improvements over conventional network security technology that was
`
`available at the time of filing of the ‘408 Patent and are more than just generic software
`
`components performing conventional activities
`
`15.
`
`On July 13, 2010, the USPTO issued to David Gruzman and Yuval Ben-Itzhak
`
`U.S. Patent No. 7,757,289 (“the ‘289 Patent”), titled SYSTEM AND METHOD FOR
`
`INSPECTING DYNAMICALLY GENERATED EXECUTABLE CODE. A true and correct
`
`copy of the ‘289 Patent is attached to this Complaint as Exhibit 3 and is incorporated by
`
`reference herein.
`
`4
`
`

`

`Case 1:18-cv-01519-MN Document 1 Filed 10/01/18 Page 5 of 72 PageID #: 5
`
`16.
`
`All rights, title, and interest in the ‘289 Patent have been assigned to Finjan, who
`
`is the sole owner of the ‘289 Patent. Finjan has been the sole owner of the ‘289 Patent since its
`
`issuance.
`
`17.
`
`The ‘289 Patent is generally directed towards a system and method for inspecting
`
`dynamically generated executable code. The claims generally cover receiving content with an
`
`original call function and replacing the original call function with a substitute call function, and
`
`then determining whether it is safe to invoke the original call function. The ‘289 Patent discloses
`
`and specifically claims inventive concepts that represent significant improvements over
`
`conventional network security technology that was available at the time of filing of the ‘289
`
`Patent and are more than just generic software components performing conventional activities.
`
`18.
`
`On November 3, 2009, the USPTO issued to Yuval Ben-Itzhak U.S. Patent No.
`
`7,613,918 (“the ‘918 Patent”), titled SYSTEM AND METHOD FOR ENFORCING A
`
`SECURITY CONTEXT ON A DOWNLOADABLE. A true and correct copy of the ‘918 Patent
`
`is attached to this Complaint as Exhibit 4 and is incorporated by reference herein.
`
`19.
`
`All rights, title, and interest in the ‘918 Patent have been assigned to Finjan, who
`
`is the sole owner of the ‘918 Patent. Finjan has been the sole owner of the ‘918 Patent since its
`
`issuance.
`
`20.
`
`The ‘918 Patent is generally directed towards a system and method for enforcing
`
`a security context on a Downloadable. One way this is accomplished is by making use of
`
`security contexts that are associated within certain user/group computer accounts when deriving
`
`a profile for code received from the Internet. The ‘918 Patent discloses and specifically claims
`
`inventive concepts that represent significant improvements over conventional network security
`
`5
`
`

`

`Case 1:18-cv-01519-MN Document 1 Filed 10/01/18 Page 6 of 72 PageID #: 6
`
`technology that was available at the time of filing of the ‘918 Patent and are more than just
`
`generic software components performing conventional activities.
`
`21.
`
`On December 13, 2011, the USPTO issued to Yigal Mordechai Edery, Nimrod
`
`Itzhak Vered, David R. Kroll and Shlomo Touboul U.S. Patent No. 8,079,086 (“the ‘086
`
`Patent”), titled MALICIOUS MOBILE CODE RUNTIME MONITORING SYSTEM AND
`
`METHODS. A true and correct copy of the ‘086 Patent is attached to this Complaint as Exhibit
`
`5 and is incorporated by reference herein.
`
`22.
`
`All rights, title, and interest in the ‘086 Patent have been assigned to Finjan, who
`
`is the sole owner of the ‘086 Patent. Finjan has been the sole owner of the ‘086 Patent since its
`
`issuance.
`
`23.
`
`The ‘086 Patent is generally directed towards computer networks and, more
`
`particularly, provides a system that protects devices connected to the Internet from undesirable
`
`operations from web-based content. One of the ways this is accomplished is by creating a profile
`
`of the web-based content and sending these profiles and corresponding web-content to another
`
`computer for appropriate action. The ‘086 Patent discloses and specifically claims inventive
`
`concepts that represent significant improvements over conventional network security technology
`
`that was available at the time of filing of the ‘086 Patent and are more than just generic software
`
`components performing conventional activities.
`
`24.
`
`On March 20, 2012, the USPTO issued to David Gruzman and Yuval Ben-Itzhak
`
`U.S. Patent No. 8,141,154 (“the ‘154 Patent”), titled SYSTEM AND METHOD FOR
`
`INSPECTING DYNAMICALLY GENERATED EXECUTABLE CODE. A true and correct
`
`copy of the ‘154 Patent is attached to this Complaint as Exhibit 6 and is incorporated by
`
`reference herein.
`
`6
`
`

`

`Case 1:18-cv-01519-MN Document 1 Filed 10/01/18 Page 7 of 72 PageID #: 7
`
`25.
`
`All rights, title, and interest in the ‘154 Patent have been assigned to Finjan, who
`
`is the sole owner of the ‘154 Patent. Finjan has been the sole owner of the ‘154 Patent since its
`
`issuance.
`
`26.
`
`The ‘154 Patent is generally directed towards a gateway computer protecting a
`
`client computer from dynamically generated malicious content. One of the ways this is
`
`accomplished is by using a content processor to process a first function and invoke a second
`
`function if a security computer indicates that it is safe to invoke the second function. The ‘154
`
`Patent discloses and specifically claims inventive concepts that represent significant
`
`improvements over conventional network security technology that was available at the time of
`
`filing of the ‘154 Patent and are more than just generic software components performing
`
`conventional activities.
`
`27.
`
`On March 18, 2014, the USPTO issued to Yigal Mordechai Edery, Nimrod Itzhak
`
`Vered, David R. Kroll, and Shlomo Touboul U.S. Patent No. 8,677,494 (“the ‘494 Patent”),
`
`titled MALICIOUS MOBILE CODE RUNTIME MONITORING SYSTEM AND METHODS.
`
`A true and correct copy of the ‘494 Patent is attached to this Complaint as Exhibit 7 and is
`
`incorporated by reference herein.
`
`28.
`
`All rights, title, and interest in the ‘494 Patent have been assigned to Finjan, who
`
`is the sole owner of the ‘494 Patent. Finjan has been the sole owner of the ‘494 Patent since its
`
`issuance.
`
`29.
`
`The ‘494 Patent is generally directed towards a method and system for deriving
`
`security profiles and storing the security profiles. One of the ways this is accomplished is by
`
`deriving a security profile for a downloadable, which includes a list of suspicious computer
`
`operations, and storing the security profile in a database. The ‘494 Patent discloses and
`
`7
`
`

`

`Case 1:18-cv-01519-MN Document 1 Filed 10/01/18 Page 8 of 72 PageID #: 8
`
`specifically claims inventive concepts that represent significant improvements over conventional
`
`network security technology that was available at the time of filing of the ‘494 Patent and are
`
`more than just generic software components performing conventional activities.
`
`FINJAN’S NOTICE OF INFRINGEMENT TO DEFENDANTS
`
`30.
`
`Defendants are well aware of Finjan’s patents, including the Asserted Patents, and
`
`have continued their infringing activity, despite this knowledge, for years. Finjan gave written
`
`notice to Defendants of their infringement of Finjan’s patents by letter dated March 23, 2016,
`
`which specifically identified Finjan’s ‘305, ‘086, and ‘494 Patents. This letter also identified
`
`many of Defendants’ infringing products, including that Defendants’ Nexpose products infringed
`
`Finjan’s ‘086 and ‘494 Patents. Finjan also included an exemplary infringement claim chart with
`
`its March 23, 2016 letter showing how Defendants’ AppSpider product infringes Finjan’s ‘305
`
`Patent. The AppSpider product works with and contributes to many of Defendants’ other
`
`accused products, including InsightAppSec.
`
`31.
`
`Finjan met in person with Defendants on or about May 11, 2016. During this
`
`meeting Finjan explained how Defendants’ products infringe Finjan’s Patents, including how
`
`Defendants’ Nexpose products infringe Finjan’s ‘086 and ‘494 Patents and how the AppSpider
`
`product infringes the ‘305 Patent.
`
`32.
`
`From on or about May 11, 2016, through on or about January 4, 2018, Finjan
`
`attempted to engage in good faith negotiations with Defendants regarding their ongoing
`
`infringement of Finjan’s patent portfolio. For example, Finjan contacted Defendants on or about
`
`May 24, 2016, to follow up on the parties’ initial meeting. Finjan also informed Defendants on
`
`or about May 24, 2016, that a third-party competitor of Defendants had recently taken a license
`
`to Finjan’s Patents, including the Asserted Patents here. Finjan contacted Defendants again on or
`
`8
`
`

`

`Case 1:18-cv-01519-MN Document 1 Filed 10/01/18 Page 9 of 72 PageID #: 9
`
`about August 1, 2016, and multiple times in or around September 2016. But Defendants largely
`
`ignored Finjan’s repeated requests to engage in good faith licensing discussions.
`
`33.
`
`On or about January 4, 2018, Finjan sent another letter to Defendants that
`
`expressly reminded Defendants that their Nexpose products infringed the ‘494 Patent, and that
`
`their AppSpider product continued to infringe the ‘305 Patent.
`
`34.
`
`Finjan gave Defendants a PowerPoint presentation on or about February 8, 2018,
`
`during which Finjan described to Defendants how their Nexpose, Metasploit, InsightVM,
`
`InsightAppSec, and AppSpider products variously infringed Finjan’s patents, including at least
`
`Finjan’s ‘494, ‘305, ‘408, ‘289, ‘154, ‘918, and ‘086 Patents. An excerpt from Finjan’s
`
`PowerPoint presentation to Defendants is copied below, and is just one image out of the dozens
`
`of pages in the February 8, 2018 PowerPoint presentation:
`
`9
`
`

`

`Case 1:18-cv-01519-MN Document 1 Filed 10/01/18 Page 10 of 72 PageID #: 10
`
`35.
`
`Finjan’s PowerPoint presentation to Defendants on or about February 8, 2018 also
`
`identified every patent Finjan owns by number, including their approximate expiration dates.
`
`36.
`
`Following up on its PowerPoint presentation, on or about February 12, 2018,
`
`Finjan emailed representative claim charts to Defendants showing how Defendants’ Nexpose
`
`products infringed Finjan’s ‘494 Patent (and another Finjan Patent, U.S. 6,154,844).
`
`37.
`
`Thus, despite Finjan’s best efforts to inform Defendants that their products
`
`infringe Finjan’s patents and to engage Defendants in good-faith licensing discussions,
`
`Defendants refused to take a license to Finjan’s patents. As shown above, Defendants knew that
`
`they infringed the Asserted Patents well before Finjan filed this action, and Defendants acted
`
`egregiously and willfully in that they continued to infringe Finjan’s patents and, on information
`
`and belief, took no action to avoid infringement. Instead, Defendants continued to develop
`
`additional technologies and products that infringe the Asserted Patents. As such, Defendants
`
`have continued to willfully, wantonly, and deliberately engage in acts of infringement of the
`
`Finjan Patents.
`
`DEFENDANTS’ INFRINGING PRODUCTS AND TECHNOLOGIES
`
`38.
`
`Defendants are closely related companies that operate as a single business entity
`
`directed and controlled by Rapid7, Inc., making, using, selling, offering for sale, and importing
`
`into the United States and this District infringing products and services that utilize InsightIDR,
`
`InsightVM (Nexpose), InsightAppSec, AppSpider, Metasploit and Komand technologies,
`
`including Rapid7 Insight Platform products (collectively, the “Accused Products”).
`
`39.
`
`Defendants represent themselves to be one entity with respect to the Accused
`
`Products in their annual reports submitted to the United States Securities and Exchange
`
`Commission (Form 10-K). See, Ex. 8 (Rapid7 2017 Annual Report) at 2-8.
`
`10
`
`

`

`Case 1:18-cv-01519-MN Document 1 Filed 10/01/18 Page 11 of 72 PageID #: 11
`
`40.
`
`Both Rapid7, Inc. and Rapid7 LLC share the same principal place of business and
`
`many of the same corporate executives and directors.
`
`41.
`
`Defendants’ products are all interrelated through the Rapid7 Insight Platform.
`
`The Rapid7 Insight Platform integrates Defendants’ detection and analytic technologies across
`
`various product offerings, briefly described below.
`
`Ex. 9 (rapid7-product-brochure.pdf).
`
`11
`
`

`

`Case 1:18-cv-01519-MN Document 1 Filed 10/01/18 Page 12 of 72 PageID #: 12
`
`Ex. 10 (Rapid7 Insight Platform Security) at 3.
`
`InsightIDR
`
`42.
`
`InsightIDR receives data from a network’s endpoints, cloud and virtual services,
`
`and utilizes a combination of scanning technology, machine learning, live threat feeds, and a
`
`library of behavioral threat analytics in order to scan and monitor network events for both new
`
`and existing threats. InsightIDR is commonly deployed along with Rapid7’s InsightVM.
`
`12
`
`

`

`Case 1:18-cv-01519-MN Document 1 Filed 10/01/18 Page 13 of 72 PageID #: 13
`
`Ex. 11 (https://insightidr.help.rapid7.com/docs).
`
`InsightVM (Nexpose)
`
`43.
`
`InsightVM (Nexpose) receives data from a network’s endpoints, cloud and virtual
`
`services, and utilizes a combination of scanning technology, live threat feeds, and a library of
`
`threat analytics in order to scan and monitor the network for both new and existing
`
`vulnerabilities. InsightVM uses RealRisk to assign a risk score to each detected threat.
`
`13
`
`

`

`Case 1:18-cv-01519-MN Document 1 Filed 10/01/18 Page 14 of 72 PageID #: 14
`
`Exs. 12, 46.
`
`InsightAppSec and AppSpider
`
`44.
`
`InsightAppSec crawls and assesses web applications to detect SQL Injection,
`
`XSS, and CSRF threats. InsightAppSec normalizes network traffic and uses scan engines (cloud
`
`or on-premise) to detect threats, which includes scans for over 90 different known attack types.
`
`InsightAppSec works alongside AppSpider to detect and generate a summary of vulnerabilities,
`
`which Defendants’ other Accused Products also use.
`
`Ex. 13 (https://blog.rapid7.com/2018/06/14/new-insightappsec-releases-compliance-reports-and-
`the-appsec-toolkit/).
`
`Metasploit
`
`45. Metasploit is a penetration testing software that utilizes a database of exploits.
`
`Metasploit allows simulation of real-world attacks on the network so that further cybersecurity
`
`measures can be implemented.
`
`14
`
`

`

`Case 1:18-cv-01519-MN Document 1 Filed 10/01/18 Page 15 of 72 PageID #: 15
`
`Ex. 14 (https://metasploit.help.rapid7.com/docs/vulnerability-scanning-with-nexpose).
`
`Komand
`
`46.
`
`Komand connects existing cybersecurity tools to a library of plugins in order to
`
`integrate, orchestrate and automate workflows in order to efficiently detect and contain malicious
`
`malware, domains, and other threat indicators.
`
`DEFENDANTS’ WILLFUL INFRINGEMENT OF FINJAN’S PATENTS
`
`47.
`
`Defendants have been and are infringing, and continue to infringe, the ‘305, ‘408,
`
`‘289, ‘918, ‘086, ‘154, ‘494 Patents (collectively, the “Asserted Patents”) in this Judicial District
`
`and elsewhere in the United States by, among other things, making, using, importing, selling, and
`
`offering for sale the Defendants’ products and services that utilize InsightIDR, InsightVM
`
`(Nexpose), Metasploit and Komand technologies, including Rapid7 Insight Platform products
`
`(collectively, the “Accused Products”).
`
`48.
`
`In addition to directly infringing the Asserted Patents under 35 U.S.C. § 271(a),
`
`either literally or under the doctrine of equivalents, or both, Defendants indirectly infringe the
`
`‘305, ‘408, ‘289, ‘918, ‘086 and ‘494 Patents by instructing, directing, and requiring others,
`
`including their customers, purchasers, users, and developers, to perform all or some of the steps
`
`of the method claims, either literally or under the doctrine of equivalents, or both, of the ‘305,
`
`‘408, ‘289, ‘918, ‘086 and ‘494 Patents.
`
`15
`
`

`

`Case 1:18-cv-01519-MN Document 1 Filed 10/01/18 Page 16 of 72 PageID #: 16
`
`COUNT I
`(Direct Infringement of the ‘494 Patent pursuant to 35 U.S.C. § 271(a))
`Finjan repeats, realleges, and incorporates by reference, as if fully set forth herein,
`
`49.
`
`the allegations of the preceding paragraphs, as set forth above.
`
`50.
`
`Defendants infringed Claims 3-5, and 7-18 of the ‘494 Patent in violation of 35
`
`U.S.C. § 271(a).
`
`51.
`
`Defendants’ infringement is based upon literal infringement or, in the
`
`alternative, infringement under the doctrine of equivalents.
`
`52.
`
`Defendants’ acts of making, using, importing, selling, and offering for sale
`
`infringing products and services were without the permission, consent, authorization, or license
`
`of Finjan.
`
`53.
`
`Defendants’ infringement included, the manufacture, use, sale, importation and
`
`offer for sale of Defendants’ products and services that utilize InsightIDR, InsightVM
`
`(Nexpose), Metasploit and Komand technologies, including Rapid7 Insight Platform products
`
`(collectively, the “’494 Accused Products”).
`
`54.
`
`The ‘494 Accused Products practice the patented invention of the ‘494 Patent and
`
`infringed the ‘494 Patent because they make or use the system and perform the steps of deriving
`
`security profiles and storing the security profiles by, for example, deriving a security profile for a
`
`downloadable, which includes a list of suspicious computer operations, and storing the security
`
`profile in a database.
`
`55.
`
`To the extent the ‘494 Accused Products used a system that includes modules,
`
`components or software owned by third parties, the ‘494 Accused Products still infringed the
`
`‘494 Patent because Defendants are vicariously liable for the use of the patented system by
`
`controlling the entire system and deriving a benefit from the use of every element of the entire
`
`16
`
`

`

`Case 1:18-cv-01519-MN Document 1 Filed 10/01/18 Page 17 of 72 PageID #: 17
`
`system. Similarly, to the extent Defendants’ customers perform a step or steps of the patented
`
`method or the ‘494 Accused Products incorporate third parties’ modules, components or
`
`software that perform one or more patented steps, Defendants’ ‘494 Accused Products still
`
`infringed the ‘494 Patent because the ‘494 Accused Products condition receipt by the third
`
`parties of a benefit upon performance of a step or steps of the patented method and establish the
`
`manner or timing of that performance.
`
`56.
`
`For example, as shown below, the ‘494 Accused Products are computer-based
`
`systems that manage Downloadables with a receiver for receiving an incoming Downloadables
`
`(e.g., web applications and files) from network devices and scan and detect threats in the
`
`received Downloadables:
`
`Ex. 10 (Rapid7 Insight Platform Security) at 3.
`
`57.
`
`The Insight Agent and InsightIDR are receivers that receive incoming
`
`Downloadables from an endpoint.
`
`17
`
`

`

`Case 1:18-cv-01519-MN Document 1 Filed 10/01/18 Page 18 of 72 PageID #: 18
`
`https://www.rapid7.com/products/insightidr/features/endpoint-detection-and-visibility/
`
`58.
`
`The ‘494 Accused Products receive Downloadables in order to detect various
`
`threats and suspicious activity from received Downloadables across the network.
`
`https://insightidr.help.rapid7.com/docs/threats
`
`https://insightidr.help.rapid7.com/docs/alerts
`
`18
`
`

`

`Case 1:18-cv-01519-MN Document 1 Filed 10/01/18 Page 19 of 72 PageID #: 19
`
`59.
`
`The ‘494 Accused Products include various Downloadable scanners - Scan
`
`Engines - coupled to receivers (e.g., Nexpose, Insight Platform components, Insight Agents) that
`
`receive incoming Downloadables (e.g., web applications and files) from network devices and use
`
`various Scan Engines to scan them and detect threats and vulnerabilities to derive security profile
`
`data for the Downloadables.
`
`Ex. 15 (Nexpose API 1.1 and 1.2 Guide (v. 6.0)) at 14.
`
`60.
`
`The Downloadable scanners derive security profile data for the received
`
`Downloadables and compute it into risk scores for the Downloadables.
`
`19
`
`

`

`Case 1:18-cv-01519-MN Document 1 Filed 10/01/18 Page 20 of 72 PageID #: 20
`
`Ex. 16__ (https://www.rapid7.com/products/nexpose/features/).
`
`61.
`
`To derive the security data profile for the Downloadables, the Downloadable
`
`scanners utilize a library of suspicious operations that may be attempted by the Downloadables.
`
`20
`
`

`

`Case 1:18-cv-01519-MN Document 1 Filed 10/01/18 Page 21 of 72 PageID #: 21
`
`Ex. 17 (https://insightidr.help.rapid7.com/docs/new-features).
`
`Ex. 18 (https://www.rapid7.com/solutions/attacker-behavior-analytics/)
`
`62.
`
`Once vulnerabilities and threats are detected in Downloadables by Scan Engines,
`
`they are added to the Rapid7 database by the coupled database manager.
`
`21
`
`

`

`Case 1:18-cv-01519-MN Document 1 Filed 10/01/18 Page 22 of 72 PageID #: 22
`
`Ex. 19 (https://nexpose.help.rapid7.com/docs/working-with-vulnerabilities).
`
`63.
`
`Database managers coupled with the Downloadable scanners store the
`
`Downloadable security profiles in a database, which can be accessed at a later time.
`
`Ex. 20 (https://insightvm.help.rapid7.com/docs/welcome-to-help).
`
`64.
`
`Defendants’ infringement of the ‘494 Patent injured Finjan in an amount to be
`
`proven at trial, but not less than a reasonable royalty.
`
`65.
`
`Defendants have been long-aware of Finjan’s patents, including the ‘494 Patent,
`
`and continued their unauthorized infringing activity despite this knowledge. As discussed above,
`
`Finjan actively and diligently attempted to engage in good faith negotiations with Defendants for
`
`over two years regarding Defendants’ infringement of Finjan’s Asserted Patents. Even after
`
`being shown that their products infringe Finjan’s patents, including the ‘494 Patent, on
`
`information and belief Defendants made no effort to avoid infringement. Instead, Defendants
`
`continued to incorporate their infringing technology into additional products, such as those
`
`identified in this complaint. All of these actions demonstrate Defendants’ blatant and egregious
`
`disregard for Finjan’s patent rights.
`
`22
`
`

`

`Case 1:18-cv-01519-MN Document 1 Filed 10/01/18 Page 23 of 72 PageID #: 23
`
`66.
`
`Despite their knowledge of Finjan’s patent portfolio and Asserted Patents, and
`
`their specific knowledge of their own infringement, Defendants continued to sell the Accused
`
`Products in complete and reckless disregard of Finjan’s patent rights. As such, Defendant acted
`
`recklessly, willfully, wantonly, and deliberately engaged in acts of infringement of the ‘494
`
`Patent, justifying an award to Finjan of increased damages under 35 U.S.C. § 284, and attorneys’
`
`fees and costs incurred under 35 U.S.C. § 285.
`
`COUNT II
`(Indirect Infringement of the ‘494 Patent pursuant to 35 U.S.C. § 271(b))
`
`67.
`
`Finjan repeats, realleges, and incorporates by reference, as if fully set forth
`
`herein, the allegations of the preceding paragraphs, as set forth above.
`
`68.
`
`In addition to directly infringing the ‘494 Patent, Defendants knew or were
`
`willfully blind to the fact that they were inducing infringement of at least Claims 3-5 and 7-9 of
`
`the ‘494 Patent under 35 U.S.C. § 271(b) by instructing, directing and requiring their customers
`
`to perform the steps of the method claims of the ‘494 Patent, either literally or under the
`
`doctrine of equivalents.
`
`69.
`
`Additionally, Defendants knew or were willfully blind to the fact that they were
`
`inducing infringement of at least Claims 3-5 and 7-9 of the ‘494 Patent under 35 U.S.C.
`
`§ 271(b) by instructing, directing and requiring their customers to perform the steps of the
`
`method claims of the ‘494 Patent, either literally or under the doctrine of equivalents.
`
`70.
`
`To the extent one Defendant is deemed to direct and control the other Defendant
`
`to directly infringe the ‘494 Patent, the former Defendant is liable for inducing the latter
`
`Defendant to directly infringe the ‘494 Patent.
`
`71.
`
`Defendants knowingly and actively aided and abetted the direct infringement of
`
`the ‘494 Patent by instructing and encouraging their customers and developers to use the ‘494
`
`23
`
`

`

`Case 1:18-cv-01519-MN Document 1 Filed 10/01/18 Page 24 of 72 PageID #: 24
`
`Accused Products. Such instructions and encouragement included advising third parties to use
`
`the ‘494 Accused Products in an infringing manner, providing a mechanism through which
`
`third parties may infringe the ‘494 Patent, by advertising and promoting the use of the ‘494
`
`Accused Products in an infringing manner, and by distributing guidelines and instructions to
`
`third parties on how to use the ‘494 Accused Products in an infringing manner. See, e.g., Ex. 15
`
`(Nexpose API 1.1 and 1.2 Guide (v. 6.0)); Ex. 15
`
`(https://www.rapid7.com/docs/download/Nexpose_API_guide.pdf); Ex. 19
`
`(https://nexpose.help.rapid7.com/docs/working-with-vulnerabilities); Ex. 21
`
`(https://insightidr.help.rapid7.com/docs/threats); Ex. 14
`
`(https://metasploit.help.rapid7.com/docs/vulnerability-scanning-with-nexpose); Ex. 18
`
`(https://www.rapid7.com/solutions/attacker-behavior-analytics/); Ex. 22
`
`(https://nexpose.help.rapid7.com/docs/sending-custom-fingerprints-to-paired-scan-engines);
`
`Ex. 23 (https://blog.rapid7.com/2018/04/17/attacker-behavior-analytics-detects-unknown-
`
`threats/).
`
`COUNT III
`(Direct Infringement of the ‘305 Patent pursuant to 35 U.S.C. § 271(a))
`Finjan repeats, realleges, and incorporates by reference, as if fully set forth
`
`72.
`
`herein, the allegations of the preceding paragraphs, as set forth above.
`
`73.
`
`Defendants have infringed and continue to infringe Claims 1-25 of the ‘305
`
`Patent in violation of 35 U.S.C. § 271(a).
`
`74.
`
`Defendants’ infringement is based upon literal infringement or, in the
`
`alternative, infringement under the doctrine of equivalents.
`
`24
`
`

`

`Case 1:18-cv-01519-MN Document 1 Filed 10/01/18 Page 25 of 72 PageID #: 25
`
`75.
`
`Defendants’ acts of making, using, importing, selling, and offering for sale
`
`infringing products and services have been without the permission, consent, authorization or
`
`license of Finjan.
`
`76.
`
`Defendants’ infringement includes the manufacture, use, sale, importation and
`
`offer for sale of Defendants’ products and services that utilize InsightIDR, InsightVM
`
`(Nexpose), Metasploit and Komand technologies, including Rapid7 Insight Platform products
`
`(collectively, th