Declaration of Phil Hartstein - Reexam 90/013,016
`
`IN THE UNITED STATES PATENT AND TRADEMARK OFFICE
`
`: Confirmation No.:
`
`9521
`
`Group Art Unit:
`
`3992
`
`Examiner:
`
`Adam L. Basehoar
`
`Attorney Docket No.: FINREXM0005
`
`::
`
`;:
`
`::
`
`Control Number: 90/013,016
`
`Patent No.:
`
`7,647,633
`
`Inventors:
`
`Ederyet al.
`
`Issued:
`
`June 12, 2010
`
`Title:
`
`MALICIOUS MOBILE
`CODE RUNTIME
`MONITORING SYSTEM
`AND METIIODS
`
`
`Mail Stop Ex Parte Reexam
`Attn: Central Reexamination Unit
`Commissioner for Patents
`United States Patent & Trademark Office
`P.O. Box 1450
`Alexandria, VA 22313-1450
`
`§
`DECLARATION OF PHIL HARSTEIN PURSUANTTO 37 C.F.R.
`
`DearSir:
`
`I, Phil Hartstein, make the following declaration under penalty of perjury:
`1.
`I make this Declaration based upon my ownpersonal knowledge, information, and belief,
`and I would and could competently testify to the matters set forth herein if called upon to do
`
`SO.
`
`2.
`
`Iam the current President of Finjan Holdings,Inc. (“Finjan”).
`
`I have been President of
`
`Finjan since April 2013.
`3. As part of my position as Finjan’s PresidentI oversee the direction and managementof
`Finjan’s assets, future investments,litigation, and licensing activity. This has required meto
`study Finjan’s history and to become acquainted withFinjan’s technology.
`
`Patent OwnerFinjan,Inc.
`IPR2015-01974 - Ex. 2011, p. 1
`
`Patent Owner Finjan, Inc.
`IPR2015-01974 - Ex. 2011, p. 1
`
`

`

`Declaration of Phil Hartstein - Reexam 90/013,016
`
`. Finjan has invested considerable time, effort and resourcesto secureit’s invention with US
`
`an Foreign patents, Finjan has invested over 65 million dollars in research and development
`
`of its technology.
`
`_ The total revenue to date for Finajan’s licensing and enforcementactivities ofits patent
`
`portfolio, including the ‘633 patent, is more than $145 million.
`
`Finjan has consistently been praised forits pioneering technology. For example, IDC
`
`reported that:
`
`the inventor of proactive content behavior inspection, protects
`Finjan Software,
`organizations using its Next Generation of Vital Security Appliance Series of products
`that provide day-zero defense against new, previously unknown attacks byleveraging
`its proprietary application-level behaviorblocking technology.
`
`(Exhibit 1 at 55-56)
`. Finjas wasthefinalist in two of SC Magazine’s 2007 Awards, Best Security Company and
`Best Security Solution for Government — Finjan Vital Security Web Appliance. (Exhibit 3).
`Finjan was the winner of the Winner of Excellence in Anti-Malware and Winner of
`Excellence in Gatetways in the Info Security Products Guide — Product Excellence Awards
`2007. (Exhibit 4), SC Magainzerated the Finjan Vital Security NG-6100 5 out of'5 stars.
`(Exhibit 5). PC Pro stated that the Finjan Vital Security NG-1 100 appliance “is one ofthe
`best solutions available.” (Exhibit 6). Finjan Vial Security Web Appliance was the winner
`of eWEEK’s Seventh Annual Excellence Award in the Network Datastream Protection
`
`category. (Exhibit 7). Named in the top ten Most Interesting Products exhibited at RSA
`2009 by eWEEK. (Exhibit 8). CRN.com review praised Finjan’s Vital Security Web
`appliance because “Finjan’s Vital Security can make a difference in organizations concerned
`about security and compliance.” (Exhibit 9). SC Magaine gave the Finjan Vital Security
`NG-8000 5 out of 5 starts. (Exhibit 10), SC Magazinc commented that the Finjan Vital
`Security Web Appliance Series was“[jJust about the most comprehensive productof its kind
`
`[they have] tested.” (Exhibit 29).
`
`Patent OwnerFinjan,Inc.
`IPR2015-01974 - Ex. 2011, p. 2
`
`Patent Owner Finjan, Inc.
`IPR2015-01974 - Ex. 2011, p. 2
`
`

`

`Declaration of Phil Hartstein - Reexam 90/013,016
`
`8. The ‘633 patent’s technologyitself received specitic industry praise.
`
`Anarticle by
`
`InformationWeek described the Finjan Vital Security 6100 appliance as taking “signature
`based protection to the next level by actually executing the code ofthe site you'revisiting in
`
`a sandbox in real time.” (Exhibit 2).
`
`In July 2005, Microsoft Corporation obtained a license to Finjan’s computer security patents.
`(Exhibit 12) (Exhibit 1 at 13). This included the application that was to becomethe ‘633
`Patent, Microsoft obtained a license to Finjan’s technology in orderto advance their security
`
`innovation just after entering the computer security market. At the time Microsoft obtained a
`license to Finjan’s patents Microsoft had nearly no market share in the computer security
`space and washeading to compete against large well established companies.
`(Exhibit 13).
`Microsoft saw the value of licensing Finjan’s technologyto help give them a boost and now
`
`Microsoft is one of the more dominant players with Microsoft Security Essentials product.
`
`(Exhibit 14). A Microsoft spokespersonstated that “Finjan has done someinteresting
`
`1
`
`Oo
`
`product innovation in the security space.” (Exhibit 12).
`OnJune6, 2005 Finjanfiled a complaint of infringement against Secure Computing Corp.
`(“Secure Computing”) asserting that Secure Computing infringed U.S. Patents No.
`6,092,194, No. 6,804,780, and No. 7,058,822. (Exhibit 15 at 2). This case proceeded to a
`jury trial where Secure Computing asserted that U.S. Patents No. 5,623,600 and No.
`5,983,348 by inventor Shuang Ji (“Ji”) were priorart to the Finjan Patents. (Exhibit 16 at 39).
`The jury disagreed and found all the Finjan patents not invalid by the asserted prior art.
`(Exhibit 17), Secure Computing was also foundto infringe Finjan’s patents, including their
`sandboxing technology, and awarded damages on Secure Computing revenue of $65.75
`
`1
`
`—
`
`million. (Exhibit 17).
`. On August 18, 2009 the district court in the Secure case enhanced Finjan’s jury verdict. The
`court bases its reasoning for enhancing damages partly on a finding that “Finjan’s patents
`were copied deliberately” and “Finjan patents represented a technology that [Secure] wished
`to compete with and emulate in the market.” (Exhibit 18 at 28). Secure Computing even
`
`Patent OwnerFinjan,Inc.
`IPR2015-01974 - Ex. 2011, p. 3
`
`Patent Owner Finjan, Inc.
`IPR2015-01974 - Ex. 2011, p. 3
`
`

`

`Declaration of Phil Hartstein - Reexam 90/013,016
`
`namedthis copyingin their code andcalled it “Finjan Buster” or “Finjan Killer.” (Exhibit 19
`
`at 7). Finjan was also awarded a permancntinjunction against Secure Computing for
`
`infringing Finjan’s sandboxing technology. (Exhibit 18 at 1)
`
`12.
`
`In November2009, Finjan licensed its patents to M86 Security
`
`13.
`
`In March 2012, Finjan licensed its patents to Trustwave Security, Inc.
`
`14.
`
`15.
`
`In April 2012, Finjan licensed its patents to WebrootInc.
`In November 2012, McAfee, Inc./Intel Security (“Intel Security”) took a license to Tinjan’s
`
`patent portfolio. When Intel Security took the license to T'injan’s patents, the permanent
`injunction that had been levied against Secure Computing (whichintel Security purchased in
`2008) was dissolved. (see Exhibit 18 for the permanent injunction against Secure Computing
`
`which included Finjan’s sandboxing technology).
`. Finjan had millions of dollars in sales with products that incorporated the ‘633 technology.
`(Exhibit 20 at 20). Indeed, Finjan hadsales of $6.5 million in 2001, $6.1 million in 2002,
`$9.3 million in 2003, $12.9 million in 2004, $16.4 million in 2005, and $19.7 million in
`2006, (Exhibit 21 at 11) (Exhibit 22 at 9) (Exhibit 23 at 15). During this time Finjan had
`incorporated its patented sandboxing technology into its Vital Security product linc, (Exhibit
`
`24).
`_ In total, Finjan has licensed its network and computer security patents to Microsoft, M86
`Security, Trustwave, Intel Security and Webroot. Finjan had millions of dollars in sales of
`the ‘633 technology. Finjan’s competitor Secure Computing was found to have copied
`Finjan’s technology. Finjan’s enjoyed much industry praise for its sandboxing technology.
`
`Patent OwnerFinjan,Inc.
`IPR2015-01974 - Ex. 2011, p. 4
`
`Patent Owner Finjan, Inc.
`IPR2015-01974 - Ex. 2011, p. 4
`
`

`

`Declaration of Phil Hartstein - Reexam 90/013,016
`
`i hereby declare thatallstatements made herets-olmyawnknowledge arc trae and thet all
`statuinents made ott Infornmtion andbelied are believedta betrue; anut furtherthal these
`
`aiglaments were made with the laieiwiedgethar willfil false starententsacdthelike so made are.
`
`punishableby fineor imprisonment, of both, under Seetion LON) of Tule 18 oftheUnitedStates
`Codd, arvt that such willful false statements may jeopardize lhe validity ofthe patent and any
`
`roexamingtion certian
`
`Patent OwnerFinjan,Inc.
`IPR2015-01974 - Ex. 2011, p. 5
`
`Patent Owner Finjan, Inc.
`IPR2015-01974 - Ex. 2011, p. 5
`
`

`

`Exhibit 1 - Declaration of Hartstein - Reexam 90/013,016
`
`
`MARKET ANALYSIS
`
`
`winfelcece
`
`Worldwide Secure Caonlent Management 2009—2009
`Forecast Update and 2004 Vendor Shares: Spyware, Spam,
`and Malictaus Cote Cantinué te Wreak Havoc
`Brat &. Burke
`Rose Ryn
`
`
`IDC OPINION
`
`
`
`
`
`Thiet
`eye e revieian of JOG 834082 published in Gatober 2008. The: antl dite:
`
`secure nonlent management (SCM) market grew to 24 9 hillion.in 2004, up from $3.5
`
`Gilde the: preview’ vear, an. extacndinary DOW growit tony 2008 to-2004, Additional
`findings hased-on HDG's:tesearch ere sdmmarized teipve:
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`any
`&oeaycal
`-a3
`aydo
`=]
`eat
`oH
`
`
`
`EE
`
`
`
`The tidtivatiog. af haters and the saphstioation af ihreale: have dramatically.
`
`the number 7 driving force banind the glopal-snem
`tangea. Fineneal gainis
`epnemic,
`the outtreak oof. "phishing ssanis. and the eyplosive growth cof
`Bayware.
`
`
`ths. priority list of comporeate asocrity concecm,
`‘move: up.
`to.
`Spyware: gantinues:
`
`Spyware iS Now -annsiderad to be the second-greatest: threatto enterprise stehargrk
`
`Secuflty, according te IDCs 206
`ise Security Survey: IDCchetieves more
`than. three-quanters-of all corporate machitias: afe infected with ve rous: forts of
`Spyware,
`
`
`Spam contin yee to cing netvorks, servers, end inboxes with: unwented-and adien
`alfensive -conterit.. The convenience and efficietioy Bf
`email Have heer
`“ieamatically teduced bythe extremely rapid giswih.in the volume ot inachoited:
`Sommercial-emeail. IDE believes the number-of spam tiessages Bent daily wil
`
`
`
`“glrigat double ave
`the next few veers. ipbregsi sg Aree 23 tiiliaa in 260dAS
`
`
`
`billig ine 2008 (gee. Wonnwite Ema Usage 2004-2008 Farscast! Spam Today,
`
`Other Content Tomarrow, MOC #84782;August 200d).
`
`imeluding:
`Ertail pipelines consnue. tebe atavotie targel formalicious: attacks,
`ApOIAS; Visesof
`
`
`shety. avid tended thraaisa, Moredver tedent incidents. have
`athlgved widespread! propagation at ites -significanilly faster thar befow. The
`ge of spamming tectinigues te cihstibute malicious: 6 nails and vituses bas also:
`
`
`ine Based the speed: with which these adacks can cause significant damage. AS
`
`a.fésult, prapagation timas for malicious eral vitises-have Grapped trem bouts
`to minules,
`
`There is. a growing demand for-seluti¢ns: that protec againstiefination leaks ger
`‘and vidlallong of governtient and: industry regulations. Thede sdkitions mane,
`secursfencrypt, (Her, snd: block souteelnd -content ‘cartdined ‘in emai,
`instant
`Taassagng (Mi, peer to peer [P2PL, filkiangers, Web. postings. aud-other {pes of
`Measacing trate.
`
`
`
`
`
`
`
`lien biManiction: Novara2005. (GG adane2. VolumeA aby Bendre ©
`
`CONFIDENTIAL.
`
`FINJAN-BC 047425
`
`Patent OwnerFinjan,Inc.
`IPR2015-01974 - Ex. 2011, p. 6
`
`Patent Owner Finjan, Inc.
`IPR2015-01974 - Ex. 2011, p. 6
`
`

`

`Exhibit 1 - Declaration of Hartstein - Reexam 90/013,016
`
`
`
` _TABLEOF CONTENTS
`
`
`
`
`“Ate THis Stady
`Methoddlogyt... eee
`Secure Content Management Market Definition ..
`EMECURIVE: SUNITIATYs.cc:eccseetuivaensesdereseedseeoveeiiens
`te
`
` Wyoe
`
`od
`
`Situation Overview.
`
`Hot-frents in the Secure Content Management Market
`Spyware: Motivated by Fmancal Gain
`
`Spam: Threat on the Rise Again...
`
`Outbound Content Compliance: Infrmation Leakage and Da
`Enterprise RightsManagement Gaits Traction...
`
`MidrogoR Continues to Expdid lis Secuiiity Aigenal..
`WebFiltering. NeLonger Justa Productivity Tack,
`
`Performance of Leading Vetidors si2004 wo. ungsuskeccie.
`wet
`Vendor Performance by Market Seqmierit:
`wd
`PAOUIVIT US iseca Sere nape te ed encieg woe
`
`Messacing Security
`Web Fitteting
`we V ia
`AUISYWEG co) eek cee he oy Ape ea es one mages Mapas Apeeaen Sageve AyRD aca! lees Mean lag cats pelea
`
`Pigtection “OBAeete
` TrGOILad
`
`&%
`
`1 4
`
`Raters DUtdok!6Soo oeAa
`
`
`
`Forecast and: Assumptions .....
`WUCfc ccs teres
`By Plattarttic., ceca ui
`By GedgAaphic Rayidn
`.,,
`By Cperating Environment.
`Key Forecast Assumptions:
`
`
`
`
`
`
`
`.sential Guidanée
`Verdot Profiles ..cci..
`Symantec Corp...
`RCABE INGco...
`Trend Micra Wie.
`Cotmulet Associates
`34
`SurhOGards wecessseeee
`
`Websense.
`
`Boptios.....
`
`Cleatewitticcerics.
`Messagel-abs ..
`Tuirbleweed Communications:
`F-SBeutte cnccuiciacunnessiencsss
`Secure Computing, «..
`WeEWOSKEt occurs
`CipherTrust [tie seencaces eee
`‘Aladdin Boewledge Systems w.,...
`
`:
`
`
`
`.
`
`:
`
`saenedaneibnntvs
`
`dite
`
`#48083
`
`S2003 12RC
`
`CONFIDENTIAL
`
`FINJAN-BC 017426
`
`Patent OwnerFinjan,Inc.
`IPR2015-01974 - Ex. 2011, p. 7
`
`Patent Owner Finjan, Inc.
`IPR2015-01974 - Ex. 2011, p. 7
`
`

`

`Exhibit 1 - Declaration of Hartstein - Reexam 90/013,016
`
`
`
`
`
`
`
`Finjan Sottware:..
`
`Bigs. Coat Syste:
`
`Berd meal cc. cs
`
`SIGABS. wos cect eee
`
`Strategic Directors... 0.
`St Berman Software...
`
`SABTICEDE coe eee ee
`
`Claudmark......
`
`
`Prooipoint..
`
`
`
`
`
`
`Internet Security Systems thafaebeugetee: . wiles Hpteebe lateg bende eweene peel
`
`
`BSi i seer ini ertadiaes
`69
`
`FageTimne Conimunicatons 3
`4
`
`HMOGIG cei cen
`
`
`Mail-Fliters Ine...
`
`
`MaiiFroontier. ...
`
`
`vaibeestis
`Mifapaintinc..
`
`Werwork Appliance. Inc...
`
`Bint rigSt wits. occ pec cecge ap eves
`lronPert: Systenis.
`
`Kespersky Lab...
`
`Microsoft Coie,
`
`Pandas Software:
`
`Tenebril ne..;
`
`Tablis int...
`
`SOMWACL Te. cccsness
`
`RRR MBER CD LEZE SURES NSLS SSUES a Steen remem eerie
`Roalated RESPAlGhaiin cisessaincce cedeetecca vided naababicneis iateneabdee Sapendicconieed nips beeeeridetiv Abbie emdiite Geupid aes ids riedgesming devia 2D
`MOTGdODE ccccscscise eterna eared ac pate ote agGb Lane bbeUh Ahh p Qed Wid cee bg! Hed dGSteLISge Zaid Whee sgtaiiee nant ta AE
`
`
`
`2005106
`
`#34023
`
`CONFIDENTIAL
`
`FINJAN-BS 017427
`
`Patent OwnerFinjan,Inc.
`IPR2015-01974 - Ex. 2011, p. 8
`
`Patent Owner Finjan, Inc.
`IPR2015-01974 - Ex. 2011, p. 8
`
`

`

`Exhibit 1 - Declaration of Hartstein - Reexam 90/013,016
`
`
`hist or tapees
`:
`
`
`
`
`nD -
`.
`-
`.
`_ co
`
`4.
`NVoridwade Secuie Contant Management Product Revenue byVendor 200sand 200d... ec &
`
`AWorlehwide Antivirus Produat Reesnue by Vendor, 9003and 200d:
`2
`
`3. Worldwide Messaging Securiix Produtl Rewsnue by Venddr, 2003 and POU..
`4 Worldwide Web Fitering Product Reverieby Vendor, ZOOS Bd 2IG4se crenneetnsesgencetgsenereascns, TF
`5 Worldwide AntiSpyware Product Revenueby Veridar 2008 and S004. ces scene TE
`Lg
`AMforiiwite SecuContentManagement Product Revenue sySegment 2003-2008+. 2. cnc BE
`2
`‘Weorldvede Secure Conteh Management Prouu tt Revenueoy Plathort), 200832009.eZ
`® Woridwide Serure Content Managerment Product Revenueoy Region. 203-2006ewe BI
`
`
`Ravenue by Operating Envir
`9 Worldwide Setire Content Management Product
`PODSPOTcel cesses esas snnecnm ceans ions atepcaguess
`cnysnis
`qualenanetyscivenaieys pueeesanensoesten gst
`BE
`1G Key Forecast Assumptions forthe Worldwide Serre Canterd:Management
`Ket
`
`
`SOOORAED eee
`coins
`ae iga
`
` Co
`
`#aRORS:
`
`Se0b8 1S
`
`CONFIDENTIAL
`
`FINJAN-BO 047428
`
`Patent OwnerFinjan,Inc.
`IPR2015-01974 - Ex. 2011, p. 9
`
`Patent Owner Finjan, Inc.
`IPR2015-01974 - Ex. 2011, p. 9
`
`

`

`Exhibit 1 - Declaration of Hartstein - Reexam 90/013,016
`
`
` eenn BR
`
`pvc cbitinastive dara ctecies T4
`= Top §3ecure Coiieht Management Software Vendors. BOOeecc sieoe
`3.
`“Top SecureContent Managenient Apphanite Vendats) 2008)asia ciithenmtsniaie entice TE
`4
`Top § Secure.Content Managenient Hosted Service Vencors,.2005..
`
`
`‘Top S Web Fiteing Software Vendors
`
`“Top'a WebFiltering ApplianceVendors...
`BSecuritysChallanges Organizataris hace overthe hoePEMGAHEsocere semenete
`
`5
`&
`
` e 3re 9° Day
`
`#40238
`
`CONFIDENTIAL
`
`FINJAN-BS 017429
`
`Patent OwnerFinjan,Inc.
`IPR2015-01974 - Ex. 2011, p. 10
`
`Patent Owner Finjan, Inc.
`IPR2015-01974 - Ex. 2011, p. 10
`
`

`

`Exhibit 1 - Declaration of Hartstein - Reexam 90/013,016
`
`IN THIS STUDY
`
`‘Thid-study-is 4 sevision-of IOC! #24022. The vendor. market shate grid foresaata tae
`been fevised:in liGht-of ew informafian.
`‘This study exaniines: thé:.seaure cantest
`Management market for the period 2002-2000, wilh vander’ revenue trande and
`
`Markel -growlh Jorcasts. Wordwide market sizing Ig provided for 2004,
`from: 2003: Activesyear growth forecast forcinis market is: shawn for 2605
`
`
`vendor compatiive analysia: wih vender cayeriaesancd.matkat shares at whe lead iQ
`venders,
`13 provided for 2004. This study aise includes..praties of eading venders and:
`
`idefitifies thechamicrensiice that vahdots wil need to. be successtul ithe dLtate. THE
`
`decurmentuppates the forscact: puidlishedl in Workiwide Secure Content Management
`2003-2009 Forecast. The Emeigence of GQuibound Content Camoltance (IbC
`#23078, Maret! 20083.
`
`Methodology
`
`See ihe cLeam: More section fer & description of the Jormeoasting and analysis
`methodsibay ampioved iq this study.
`
`in addition, please note the following:
`
`Gl. The snfsrmation ooptaired incinis: study was serves frome the ING Software
`Market Forecaster database as af August 18.2005.
`
`JAY.
`
`oAnumbersin rig document may not be exact dusto ru nating.
`
`EY (For omors information on IDG's sofware defintians and methodelagy, se 18G's
`
`pisaos
`
`4
`
`Gefinition
`
`SCM includes policy-based content secunty setutens eesiqned. to: secure, metitor,
`filter..aind: block threats Tory riesaaging and Web traffic, SCM: gratesty aguiist
`’NBSUnd threats Such as. seem, fraudulent emails, wrnses, warns, Toland spyware.
`ang offensive material SOMsolutions re asp: deanghed te profact against autour
`ihieals Sich as:
`-<oritidental, date. cusiomer ecards,
`iitellectual property,
`ated’
`offensive panterit leaving an organzetion. SOM solutions play@key ileicétipying
`with government and-industyy cgulations as well as enforcing comporaie policies:
`SOM, aa Superset cf thtee speelfic productareas:
`
`Arttivirus software Weritifies andor eliminates tatriful sottware and Macs.
`Anivinus sottware scarts: hath drives; arial’ altachments, Toppy disks. Wee.
`pages, and sther woes of slectionic traffic (6.9...
`instank Messaging-and shett
`WS Gada;
`
`Thessage seniice [SMS{) ter any knows or potential Viriises:. ral
`Hojans, o speware.
`
`Soitware Texononiy. 2005 (OC 432854) February 2005), Secure Content Management Market
`
`ems inc
`
`#34003,
`
`CONFIDENTIAL
`
`FINJAN-BC 047430
`
`Patent OwnerFinjan,Inc.
`IPR2015-01974 - Ex. 2011, p. 11
`
`Patent Owner Finjan, Inc.
`IPR2015-01974 - Ex. 2011, p. 11
`
`

`

`Exhibit 1 - Declaration of Hartstein - Reexam 90/013,016
`
`Bi Webtiltering sofware is used-to-sereeh and exclude fromaocess. or availability:
`Web pages that ara daamed objectionable of not-busihess related, Web filtering:
`if uiserd-hy corporations to anfarcecamarata intemet use-paticies-as well as: hy
`echockvand utiversities and home compulecowners Horparental controls],
`
`Messaging security. sclware is used-to manta, Tiler and/or block inessages
`
`fran differnt, fessagingApplications (e.g.; email IM: SMS. and P2R) containing:
`
`80am, COMPSAY confidentiai
`information, aid objectonable content: Messaging
`
`Senunty is-alsey uped by ceneie industries toeniores compliance wilh einvaty
`raQuiations jeg. HIPAA. Granim-Leach-Biiley [LB and SEC) by monitoring
`electronic riessages: tar complianceViolations, The market algo. includes secure:
`tanerypted :emel
`
`SCM vendots. énjayed anather strong year ef growth in 2004 oMajay virus-andavorn
`Guibtesiks, Continued inctedses iv Span, corpbtate ‘déatllines. for campianses with
`
`Gouennent and industry requlations. dndthe epilogue growth OFspyware aubtad jhe
`nee ful SCM secuity salulivas. Ves and. wars OflPe to He tie most genus
`threat facing “corpurallons today; put-epyware Aas tepidly: climbed. the pricry list of
`enilerpriseseounty iiveats- and howracks ae-the sectrid-tnoshserosa thréat Yecing:
`curhd-aliong today.
`
`Soywark fas became doth a secudiy and systert.maregement nightirare. 1G
`beliéves More thay thige-quarters of alt corporsié machines are-intectad wih Venous
`forms OF Spyware. Theft of confidential
`information, iass of employee productivity,
`
`
`a
`splon-of itge arioutts cl tandwidth, damage te corporate deskiaas, ard 3
`spike-in ihe. sumberhelp deshcalls related to apywate ereforcing corperations ct alt
`sizes te take action.
`
` Executive Summary
`
`Sean has oimbed back up the paodty lst of (T-managers.and-secunty depariments,
`
`ghratike as the thirdgreatest teat tc enierprise secunty.
`Eriail phishing: attaaks:
`fare nowdaily cecunences for any organization, and especially forthe largest financial
`
`
`
`instilations: arel.
`their sustariansThe purevdlume. of spank cantiies ia merease ata
`rapid pase. Spam clogs networks, sepyers..and inboxes. wilh Unwanted and oftsr
`offénsive content. The poave
`@ and efficienoy of email have been drarnatically
`
`ieguced by thevextrarialy-rapld GrowthInthe volume: of .ngedicifed commercialemal,
`Al Wereaging amaunt ofspar i being sent bys bomat of 2ombis riachines, Infact,
`IDG. believes: the inajsrity of spam senttoday onginates.from: zombierach ings
`Remobely conisiled: by spanwners.
`
`Atk anrenjing threat te carkerate secudty comesfer inskle ihe arganizaton? The
`“sider teed? of teosted enipioyses daliberately ar inadve tently Cistibubiitg. Sensis
`information is quickly Hecorting a major eanged-in. manyorganialians, The growing
`
`awarenase of Outbound content compliance (OCC) was coanty catalyzed oy a
`
`
`ries of cofdorale scandals in which eustomeér, fecords; canfidential. information, and
`
`intellectualproperty were leaked. Asthe vast malariy of thoes cases demonstrate.
`such breaches.2re olteanot the result of malicious. wrengdoing but rather eirboyess
`
`who unknowingly pulthairy companies at risk
`
`Tem
`
`#5d023.
`
`Q20gs Oe
`
`CONFIDENTIAL
`
`FINUJAN-BC 017431
`
`Patent OwnerFinjan,Inc.
`IPR2015-01974 - Ex. 2011, p. 12
`
`Patent Owner Finjan, Inc.
`IPR2015-01974 - Ex. 2011, p. 12
`
`

`

`Exhibit 1 - Declaration of Hartstein - Reexam 90/013,016
`
`SITUATION OVERVIEW
`
`Hot Trends in the Secure Content
`Management Market
`
`Viuse end: yiorms continue to. be the most seriaus ihreatfacing corperations today,
`bul spyware has vanidly climbed the priority list of entemrise security threste. and sow
`ranks as the second iost. serous threat Factrig. corporations. today das shown tr
`Figure 1).
`
`
`Threats te Enterprise Security
`
`Trojans, viruses, worn
`and other malicigus coeds
`Spyware
`
`Spam
`Hackers
`
`
`
`
`
`leguiatery riandates
`
`Employee error (unintentional)
`
`Appiication vidnerabilities
`Wireless LANS
`
`ae
`
`Deployment of newtechnoiogy
`
`$
`
`Cyberterrotisnt
`Sabotageby current employeeor |
`business partnier
`4
`§
`Gasual intruders.
`j
`Mobiledevines:
`Saboiage by formeremployes or |,
`business partner
`Business partner drrar funinisniiosal)
`
`Competitor espionage
`Inability to meet. goverment
`
`4
`
`2
`
`3
`(Mean score}
`
`4
`
`5
`
`Baie: TC's Sateyniay Secunty Surveys 3005
`
`CROSS
`
`#34023,
`
`2
`
`CONFIDENTIAL
`
`FISJAN-BG 047432
`
`Patent OwnerFinjan,Inc.
`IPR2015-01974 - Ex. 2011, p. 13
`
`Patent Owner Finjan, Inc.
`IPR2015-01974 - Ex. 2011, p. 13
`
`

`

`Exhibit 1 - Declaration of Hartstein - Reexam 90/013,016
`
`Suyware: Motivated ByPraanctal Gari
`
`ywate is tow. considered tobe.the secend-egreaiest thigat to enterprise network
`security angeredng to IOC's 2008Enierorise Security Sanagp, uo-frem fourth in aot:
`
`Spywaie has quickh: become both & secudhy and: system. management nightmare,
`iDC bejeves: more thanaiiree-quanera of all corporate macnines are infected with
`vations forme of spyware: Theft: of confidential
`infemistion,
`loss: of enipleyee
`prodlinivity,. censumpton of darge -ammunts, of bandwidth,-dariagea [6 semoran
`deskiops.nde spike Incite. number hel desk calls related 16. spyware are forcing
`COMO ates ofall ‘sizes to fake action,
`‘Gur survey fesulis.
`inciagte that G4% of
`ciganizations have implemented antisnyware.
`
`Although: the consequenses.bf spyware Trey be ag Inter as: ARAGHINg adversing:
`POPUBE.Bpyware Hasthe poteniial ter ds signihcant damage to he machine and.alsc:
`® ine entire network. fifascthe-abllity tetaptures vdriealy all-caniine activity. Fron.
`janlioring all keystrokes, email anogaing, and. scanning fileson Wiehard dive io
`centire: system ur dagisity. settings: “spyware.
`is. Dots.
`a. phyackeand anteforise
`
`
`security threat. Such activities canv-lead: da identity Inet, dete. gecruptier, and:
`F
`ingly; thelt.<# company trade secrets: Hackers are alsa using: keylsggers te
`
`
`
`ie’ aeceunt information,
`iogin names, and passwords With a ew oa nt
`
`information,
`ihe hacker is then able: to obtain aweallty of personal date, including
`bans information, additonal passwords, ahd creditoad nuimbers..
`
`
`than. traditional viruses, andthe tnativatierr af-a
`Spyware is far more: saphistisated.
`Spwware. woiler is drastically dMlerent [rom that of awitus. wrilet, Spyware. is nal being
`
`seated by the younger generation of schipt. kiddies who crecte aiuseR, Seeking:
`Rersqjal pride or notonety, Soywere: wolers, Mole virus writers, ame mohvaced by
`profit and financial gain, The evolution fronmischievous: habby te a money-making,
`
`srivinal venture bas altacied < naw breed of sephisticated packets and organized
`crime, Hackers are how much lass comcermd with cesitoying systeme-and knock,
`Sul Web sites. They realize thatdey cangenerate money froang-stealing confidential
`
`perioral information and corporatedata: and selling Hto speinare of these tycived:
`in organizedorine and fraud JDC believes shesuetetaven Mmodvarion wil cause Ine
`
`numeerofattachs to iiceasain sophistication, frequency and severity.
`
`SianThreat-on the Rise Agaitt
`
`Span has ahiee: again climbed Hack up theprioritylist’of IT managers. Spam moved
`:
`Cae te a fullblowa (T
`nightmare in 2002: As many organizations:
`
`implemented antigpant: echndlegies durii¢ 2005 and 2004, spany stared ta slide
`
`pack dewr the: prionty list
`in many ITdepartments. In tact.in IDG's 2004 oriempesa
`Secunty Survey, spaar fell te Bight >place ‘on. Ha Estat. mast satiqus threats to
`enteronsé seeurity This decline was quidely. reversed, and ssarc is once again
`
`-Sonsidered:a. major security Gweal, sensing as the thitd-grealest threat to enterprise
`senurity in 2005,
`
`Syke
`
`HSAOSS.
`
`eonsake
`
`
`
`1
`
`
`
`|
`
`1
`i
`i
`dq
`
`{
`1.
`
`CONFIDENTIAL
`
`FINUAN-BC 017433
`
`Patent OwnerFinjan,Inc.
`IPR2015-01974 - Ex. 2011, p. 14
`
`Patent Owner Finjan, Inc.
`IPR2015-01974 - Ex. 2011, p. 14
`
`

`

`Exhibit 1 - Declaration of Hartstein - Reexam 90/013,016
`
`iDC helevesthere ore several fanlors diving itetied resurgenee atspark
`
`:
`
`Y -Esrail phishing. allacks are nowdaily ovcurrenoes far any organizalion, and
`pspecally for tre iargest: tnaticial isihulens and their customers.
`rhe recent
`
`Sine Jb ema phisting-allaicks: has. createdasetae of urgencysat
`insuitutions, large Intemeé: serviceproviders (ISPs), Security techadiogy providers,
`law. enforcement: agerities,
`arid even university resedech
`labs. These
`
`“organizavans. dre-now working together ho cegreearctechnolagy solitians and
`
`Rest practices
`far curbing phishing attecks. Untlemiad authentic
`y RIB Aards:
`
`
`
`
`
`and new antighishing ablubons are widely adtpied, however. phishing. will
`BOHtINEto bea POAUIAY identity tel tedtic. FinaticalInsights, an IOS company,
`
`éstimates that global financial inetiiitions lost R400 milion or mors in 2004 ie te
`ohisking schentes. (DC: belipees thak- mote sophisticated: atlackers:: oftenfran
`
`organized -ciime, avdl
`inéreasingly usethishing. techniques:
`te obtain: permonet
`information to. perpetisie identiy iheft. The ‘numberof ohighing scams. i
`rocketing. and 1c believes the gaphistication and-scale:of online fraads and.
`identity thetts will continue ta increase ala rapid page. Antispam technologies
`ace: playing a Key raie in the detection of phishing through URL anedfor emisil
`content fering.
`
`I “The pure vilume of sham: ocntinvesid increase ala rapid pace. “Soam: cortinues
`to leg” networks, Servers, end Irbexes. with: unwanted and ofter cfensie
`
`
`
`
`gontent. Tie. convenignce and -dfficiency of a
`have beet
`tramatically
`
`fedused Bytne éxtemely: fadid inetease itcibée. volumeof gasaltited cammecial
`email. IDG bellaves ihe number at spam messages: sent daily wil eimost- double
`over the next fran years, increasing from 23 baker in 200d io 42 bilkeny:
`in 2008
`tsee Mroridwine fin f Ligage 2008-2008Forecast: Spam:Today, Olher Content
`Fomoarow, JOG 824782, August 20D4Une tieinig torrents of spa marereducing
`amas usefyindss by forcing users and IT staft-to-expeand: adgitional time and:
`energy ia dently and ddieté spamand prevent spark fon Causing arntat the
`form -of viruses. wormre,.and:offensive. content
`ISPS and. antiggam solation
` $s
`venders
`reported that spairrcurredily teprésenis 45-80% of siiabound Internet
`etal, way up from2002 levels closerto 74-30%,
`
`ingreasing atount of spam is being seat by <a: bal nebwork of zombie
`TI An:
`Machines. Indsdh (DC believes that the Majority of gpantsent today ouginates
`Nori zombie macrines. remotely conivelied By speirimens. The main’ challenge
`with-stopping span from bot networks is thal the spam originates front thoisands:
`
`
`of different:
`tetwacks: and Paditiongl ONS Slacklists used by some. antishatr
`
`programs.offer litte protection. High-profile warns such as Sabig. MyDoom, ard
`‘bagi¢- alt contained malicious code that alkwedranplé allackets fo jake over
`wfecied machines. IDC heleves. zombie machines will conlinue to. ghw-as ie
`preferred distribution too! for spammers:Moreover, we belleve zombie mazhinas
`will
`lnsreasing be: used fo sand phishing. scams, Spread viruses: download
`nernogtaphy, and steal personal information:
`
`fF) Tré-use of spamming, tachnigues to. distribute malinions emails ane viruses has
`alse increasedthe.sGesd wittl whichthese attacks can Cause significant ‘damage:
`AS a Yesult, pidsagalisn times fer malicious. efneil Viruses Have-dropped tram
`hoursda minuhes.
`,
`
`GAS
`
`#34023.
`
`Ei
`
`
`
`CONFIDENTIAL
`
`FINJAN-BC 047434
`
`Patent OwnerFinjan,Inc.
`IPR2015-01974 - Ex. 2011, p. 15
`
`Patent Owner Finjan, Inc.
`IPR2015-01974 - Ex. 2011, p. 15
`
`

`

`Exhibit 1 - Declaration of Hartstein - Reexam 90/013,016
`
`
`
`GutbaundCantent Compliance: Infarmation £eakage and Bata
`hitection
`
`information seourity Sabitons: have faaged cm acicteeaning- asierial
`Histerioally,
`lhreais le-sorporatenetworks and endocinis. Viruses, hackers: worte, troians; apatty
`blended threats, and. mosh racentiy, spyware. rave wreaked havoc on comorete
`networks-ang users alike, Inturn. eitersrises have depoyed anvexpanding ajay of
`securiby seiutions.such-a6. frewall, antivirus antisham, intrasion. deiection/praventias,
`sind antispyware to protec! the corporate perimeter frominhound threats. Todey, en
`‘emerging threattocomporstesecurily comes from diside the organization. The insider
`
`threat of trusted. employees deliberatety. or
`inadverteritly. distinuting sensitive
`information is quichy becoming amajer concern in many crganizations. This concent
`fids-created. a new marital,whieh IDG has tened anthound contest compliance,
`
`thal monitor, secereencrypt, Hter and hiock. oussqund
`OCG iieludes solutions.
`‘Sofient contaited it: amail.instant messaging, P2P, Me-Wrarisiers. Webpostings; and
`other types: ofmessaging tralfic, DOC sqlutions slay-a key role in enlarcing comorate
`gaverande, which iecdéfiiad ty IDE 26 4 combination of somplying with both
`
`asterrel tequintory tequitements.and intetial camoraie padinies and bestpractices:
`These solutions help aigarization protect agaitist the fallowitig:
`
` Viglations:oF govemmeniand industry tegulatians (HICAA; Gramn-Laach- Biiley,
`Satharies-Oxley, and: se on}
`a Violation of cépotate email policy aad-best practices
`
`Lasslleakane if imeliéstual property
`
`& Lossfeakage 6f confidential or customer intarriation
`
`Bl
`
`inappropriate pantent
`
`
`The. growing awarenessof guthound content compliance was. recentlycatalyzedbye
`series.of éorporate scandals-in whieh customer records; contidential information, and
` those cases denionstrae,
`intileciual praperty were leaked: As the wast majorly oF
`
`
`such breaches are atte: hak the
`téseltofmalicions wrorigdaing:-but rather arpogeas
`whe unknowingly nut their companies at risk: This-nay oGaut as-eipioyees send out
`email Messages tial Contain flies Gr content theyvare net aware ue conticental,
`
`ther example: ie canpioyees delivering confidential ea to thelr Web-based
`amaiiboxes, ar copyingthes: te mobile devices, and ius exposing there untrusted.
`enviconnenis. IDG belive ‘ente