By Joseph Marks, Bloomberg BNA
Comb through records of intellectual property disputes in the cybersecurity market and one name comes up again and again.
Finjan Holdings Inc. has sued a who’s-who of cybersecurity companies for patent infringement, including four of the 10 largest pure-play cybersecurity companies in the business. The Silicon Valley-based company, valued at $40.5 million, has open infringement cases against seven other companies, including some of the biggest in the business: Symantec Corp., valued at $12.9 billion, Palo Alto Networks Inc., valued at $11.6 billion, FireEye Inc., valued at $3 billion, and Sophos Group PLC, valued at $1 billion.
The legal battling is playing out against the backdrop of massive growth in the cybersecurity market which reached $75 billion in 2015, according to research from Gartner, Inc. A Bloomberg BNA analysis of validity challenges among all pure-play cybersecurity companies valued at more than $1 billion shows Finjan in the center of a web of administrative battles.
Finjan, a cybersecurity intellectual property licensing company, won a $40 million jury award in 2015 against Blue Coat Systems Inc., a network security company that Symantec bought this week for $4.65 billion. Another Finjan infringement case against the Blue Coat Systems is still pending. Finjan has settled numerous other lawsuits for licensing payouts.
Defendants in those cases have accused Finjan of playing fast and loose with infringement claims and waiting too long to sue. In a 2014 court filing, Palo Alto Networks said Finjan “asserted a parade of overbroad, outdated patents” against it.
Defendants have responded by challenging the validity of Finjan’s patents.
Troll or not?
It would be tempting to lump Finjan in with other litigious patent licensing companies that have plagued the broader tech industry. But, in the case of Finjan, the story’s not so simple.
In the most extreme cases, these companies—called non-practicing entities or “patent trolls” by their detractors — have amassed large patent portfolios, many of which are weak or vaguely written.
They’ve used those patents to extract licensing fees from a variety of companies by holding the threat of much more costly litigation over their heads.
Indeed, while Finjan does sell cybersecurity products, including a secure mobile browser, roughly 90 percent of the company’s revenue comes from patent licensing, according to Chief Executive Phil Hartstein.
Hartstein, who joined Finjan in 2013 and helped take the company public, is a veteran of IP Navigation Group LLC, which is among the best known, and most controversial, non-practicing entities.
There are fundamental distinctions, however, between Finjan and the broader set of NPEs that have historically plagued the tech industry.
To begin with, Finjan spent more than a decade developing and selling cybersecurity hardware to corporate clients before selling off its hardware business in 2009 and focusing on licensing the companies’ patents, many of them developed during the early days of Internet security.
The vast majority of the company’s 27 U.S.-issued patents were developed in house with the exception of a handful the company received as part of a larger business acquisition.
A Resilient Patent Portfolio
Finjan’s patents have also proved quite resilient.
Defendants in Finjan lawsuits have tried to invalidate 16 of the company’s patents before the Patent Trial and Appeal Board, a fast track administrative body created by the 2011 America Invents Act.
So far, the PTAB has declined to review 12 of those patents and agreed to review four. The administrative proceedings are ongoing, so it’s not clear if any of Finjan’s patent claims will be invalidated.
As Hartstein describes it, Finjan was an early innovator in the cybersecurity marketplace, responsible for basic security building blocks that later companies piggybacked on.
“What we seek in licensing is a fair royalty for the contribution Finjan made in the industry that date back to the late ‘90s,” he told Bloomberg BNA. “That’s a tough claim to lay. We’ve faced validity challenges and we continue to demonstrate our patents are valuable.”
Hartstein divides the cybersecurity industry between innovators and challengers, some of whom have done the hard work of developing their own intellectual property and some of whom haven’t. In addition to the patent validity challenges [known as inter partes review] that other companies have filed against Finjan at the PTAB, the company has filed three IPRs of its own, two against FireEye patents and one against Sophos.
In both FireEye proceedings, the PTAB ruled that over half of the patents’ claims were un-patentable. The Sophos proceeding is ongoing.
“Some of those companies have strong patent portfolios and some don’t,” Hartstein said of the current slate of cybersecurity leaders. “Philosophically, we have a dispute with FireEye. We believe they should not have been entitled in claims of two of their early patents.”
FireEye declined to comment.
Why so Many Lawsuits?
Given the demonstrated resilience of Finjan’s patents, it’s unclear why so many major cybersecurity companies have resisted paying licensing fees.
Hartstein attributes this to the creation of the PTAB forum to review patent validity and a series of court decisions over the past several years that have tended to favor patent defendants. The most significant of these was the Supreme Court’s 2014 ruling in Alice Corp. vs. CLS Bank International, which made it significantly more difficult to patent software.
“I think what you saw in corporations was an inability to filter out what was real and what wasn’t…[a conception] that all claims are meritless,” he said of licensees’ reaction to those changes. “That moved even further into a presumption of ‘let’s force someone to prove it in court.’ And once you go to court, now you’re emotionally intertwined in whatever entrenched positions you have.”
Cybersecurity is also a relatively young and fast developing industry where a licensing culture has been slower to develop, said Gus Hurwitz, a University of Nebraska law professor who focuses on cybersecurity issues.
“There aren’t a huge number of firms operating in cyberspace,” Hurwitz said. “Most are relatively large and might have not historically sought patents in [information technology] or not have thought there was patentable subject matter here.”
Growth of Cybersecurity Patent Licensing
As the cybersecurity sector continues to grow, licensing could become much more common, Hurwitz said.
Companies rarely disclose the dollar value of patent licensing deals and often don’t disclose the existence of the deals themselves, making it difficult to assess the current state of patent licensing among cybersecurity companies. A strong indicator, though, is the amount of litigation that results when accused infringers refuse to pay for a license.
In addition to the Finjan cases, the cybersecurity company Fortinet Inc. has an open infringement case against Sophos and has settled infringement cases against FireEye, Palo Alto Networks and other cybersecurity companies. Intellectual Ventures LLC, one of the largest and most litigious licensing firms, has open infringement cases against Symantec and Trend Micro Inc.
The trend overall in cybersecurity is toward more licensing and more patent litigation, largely driven by the growth of the market, said Tom Kellermann, chief executive of Strategic Cyber Ventures, a venture capital and private equity outfit for early stage cybersecurity companies.
The growth of patent litigation in cybersecurity is great enough that Kellermann’s firm analyzes the solidity of a company’s intellectual property standing nearly as much as the quality of its security products and services when deciding whether to invest, he said.
“The patent troll community realizing the explosive, exponential growth of the cybersecurity market has now turned their guns upon that community,” said Kellermann, who was formerly chief cybersecurity officer at Trend Micro.
Kellermann and Strategic Cyber Ventures Chief Technology Officer Ann Barron-DiCamillo expressed concern the uptick in litigation would damage the overall state of computer security.
“Essentially what happens with smaller companies is they’re taking money away from innovation to focus it on IP [licensing and litigation],” Barron-DiCamillo said. “Something like that has negative consequences to the growth of a company and their ability to further innovate.”
Cannot Grow by Licensing Alone
As for Finjan, one of the company’s chief goals now is to build up its non-licensing business by investing more in product development, cybersecurity consulting and investing in early stage cybersecurity firms. That’s because licensing, even when it’s lucrative, doesn’t provide predictable income and that can make investors nervous, Hartstein said. There’s no way to forecast, for instance, precisely when another company will agree to a license or settle a lawsuit, he said.
“Investors are looking for the fundamentals of a business,” he said, “and we don’t have a lot to look at outside of our licensing business.”
To contact the reporter on this story: Joseph Marks at email@example.com
To contact the editor responsible for this story: Mike Wilczek at firstname.lastname@example.org
To read more articles log in.