Lateral Movement
Detects and analyzes lateral movement patterns across your network infrastructure. This workflow identifies unauthorized access attempts, privilege escalation, and suspicious network traversal that may indicate advanced persistent threats or compromised credentials.
Fluency's AI monitors network traffic, authentication events, and system access patterns to detect lateral movement attempts. The system analyzes user behavior, network connections, and privilege changes to identify suspicious patterns that may indicate an attacker moving through your infrastructure.
AI Analysis vs Splunk SPL-Based Detection
See how advanced AI-driven security analysis compares to traditional SPL-based detection in key areas of context, logic, and output quality.
| Feature / Capability | AI Analysis | Splunk SPL-Based Detection |
|---|---|---|
| IP to location logic | Accurate with human-readable locations (Barcelona → Opfikon) and real-world travel distance | Based on iplocation, sometimes inaccurate or outdated; no city-to-city distance context |
| Device context awareness | The AI recognize the second IP is from a known AVD endpoint, and distinguish cloud-hosted vs. personal device | SPL treats IPs as flat values; doesn’t infer context from device names unless explicitly encoded in a lookup |
| User role logic | Knows the user is a subcontractor marked ONLY REMOTE, making virtual desktop infrastructure login expected. | SPL cannot infer or evaluate user roles without joining external HR or identity data. |
| Session analysis | The AI considered whether logins belong to the same session or different contexts (VDI vs. local) | SPL can’t link session context unless it’s engineered manually (e.g., through token IDs, session IDs) |
| False positive suppression logic | Advises suppression based on trusted IP/device combinations, remote work patterns, and device type | Requires custom correlation searches, lookups, or external context ingestion |
| ML signal interpretation | Distinguishes why the alert triggered (ML_NEW_USER, ML_NEW_GEO_ISP) and de-risks based on identity validation | SPL will just flag those risks; human/AI interpretation must be layered on top |
| Analyst judgment | Emulates how a human SOC analyst would reason through intent, identity, and environment | SPL doesn’t support nuanced intent modeling without external logic or ML/UEBA tooling |
| Output quality | Clear, contextual, explainable narrative with defensive recommendations | SPL produces tabular alerts and risk scores; lacks explanation without additional dashboards or notes |