This GigaOm Research Reprint Expires Apr 20, 2024

GigaOm Radar for Network Observabilityv3.0

1. Summary

Network observability is a category of solutions that go beyond device-centric network monitoring to provide truly relevant, end-to-end visibility and intelligence for all the traffic in your network, whether on-premises, in the cloud, or anywhere else. Representing a step beyond network performance monitoring, network observability guarantees visibility and distinguishes itself with actionable insights. These insights shift many low-level activities—such as troubleshooting or traffic analysis—from engineers to the network observability tool.

Observability solutions are less about specialization and more about consolidating a comprehensive experience in a single tool. This convergence brings numerous advantages, including a better user experience, lower costs than those incurred when deploying multiple tools, adaptability for complex IT environments, future-proofing, and cohesiveness across IT departments. Network observability is a key ingredient for ensuring that your modern, critical infrastructure achieves the required uptime and availability.

While businesses of all sizes can benefit from the end-to-end visibility offered by network observability solutions, those with large, complex networks are likely to see the most improvement. These can be companies with proprietary networks, for which IT plays a supporting role—such as retail or manufacturing—or businesses that sell network services, such as communication service providers. We explore these categories in more depth in the following section.

This report looks at key vendors in the emerging network observability space and aims to equip IT decision-makers with the required information to select suitable providers according to their specific needs. We analyze the vendors on a set of key criteria and evaluation metrics, described in depth in the GigaOm report, “Key Criteria Report for Evaluating Network Observability Solutions.”

How to Read this Report

This GigaOm report is one of a series of documents that helps IT organizations assess competing solutions in the context of well-defined features and criteria. For a fuller understanding, consider reviewing the following reports:

Key Criteria report: A detailed market sector analysis that assesses the impact that key product features and criteria have on top-line solution characteristics—such as scalability, performance, and TCO—that drive purchase decisions.

GigaOm Radar report: A forward-looking analysis that plots the relative value and progression of vendor solutions along multiple axes based on strategy and execution. The Radar report includes a breakdown of each vendor’s offering in the sector.

2. Market Categories and Deployment Types

To better understand the market and vendor positioning, we assess how well network observability solutions are positioned to serve specific market segments (Table 1) and deployment models (Table 2).

Network observability tools are necessary and effective across all types of networks, but they are particularly important in complex IT environments. By taking into consideration the size of the network, its geographical spread, the security requirements, and whether IT is a supporting or a central function, we identified the following market categories that can benefit from network observability:

  • Cloud service provider (CSP): These are infrastructure as a service (IaaS) providers who operate a global network of data centers and serve customers worldwide. These providers often have private networks connecting their data centers and work with communication service providers.
  • Edge/content delivery network (CDN): Edge service providers operate a highly distributed global network, often containing hundreds of points of presence (PoPs) across all continents. Their main offering is to lower latencies for end users, which means they heavily depend on observability solutions for performance assurance.
  • Communication service providers/telcos: These are carriers, internet service providers (ISPs), and network service providers (NSPs) that offer network services and often have a very complex national and international physical infrastructure serving both enterprise and consumer customers.
  • Public sector: These types of networks have comprehensive security requirements and can span local authorities (local councils, emergency services), national public institutions (government, national defense agencies), and international entities (such as the European Council).
  • Small-to-medium business (SMB): Solutions in this category are those that meet the needs of midsized businesses, which operate a network (physical or virtual) that supports their workforce. These solutions also can serve individual departments or lines of business within a large enterprise.
  • Large enterprise: Usually adopted for large or business-critical projects, solutions in this category have a strong focus on flexibility, performance, data services, and features that improve security and data protection. Scalability is another big differentiator, as is the ability to use the same service in different environments.

Table 1. Vendor Positioning: Market Segment

Market Segment

CSP Edge/CDN Telco Public Sector SMB Large Enterprise
OpenText (Micro Focus)
Park Place Technologies
3 Exceptional: Outstanding focus and execution
2 Capable: Good but with room for improvement
2 Limited: Lacking in execution and use cases
2 Not applicable or absent

Network observability tools can be delivered using any of four deployment models:

  • Physical appliance: The tool requires one or more specialized hardware units to be installed on the customer’s network. This approach typically offers the least deployment flexibility (you must physically attach the appliance to your infrastructure) but the highest degree of control and security.
  • Virtual appliance: This software tool can be deployed in public clouds, private clouds, or other on-premises infrastructure. It gives you greater control, while still allowing solid deployment flexibility. The tool’s performance, however, depends on whatever infrastructure the software is running on, as well as connectivity to the rest of the network.
  • Public cloud image: The observability tool is available in public cloud marketplaces and can run within the cloud environment.
  • SaaS: The tool can be accessed directly through a web portal with no additional installation. The tool is hosted and managed by the vendor and delivers the benefits of the solution as a service. This is often the simplest and easiest way to leverage network observability. The downside is that it may not meet the security requirements or complex customization needs of some customers.

Additionally, observability tools can leverage network probes or agents to collect data that can be deployed as:

  • Physical appliance: some solutions require dedicated physical appliances to be installed on them to tap network data. Typically this offers packet-level visibility into the network traffic, but it is hard to deploy and manage.
  • Virtual appliance: some network probes can be installed on generic all-purpose hardware or virtual machines rather than on dedicated physical appliances. These can be more easily deployed and decommissioned compared to their physical appliance counterparts.
  • Agent-based: an agent-based solution means that a piece of software is installed on relevant appliances or endpoints, such as end-user devices, to collect network data. These can take the form of an extended Berkeley Packet Filter (eBPF) host agent, synthetics private agents, or domain name system (DNS) probes.
  • Agentless: an agentless model uses network flow data such as Netflow, Sflow, IPFIX, Jflow, Cflow, or protocols such as simple network management protocol (SNMP) and API to collect network data.

Table 2. Vendor Positioning: Deployment Model: Solution Deployment and Network Probe Deployment

Solution Deployment

Network Probe Deployment

Physical Appliance Virtual Appliance Public Cloud Image SaaS Physical Appliance Virtual Appliance Agent Agentless
OpenText (Micro Focus)
Park Place Technologies
3 Exceptional: Outstanding focus and execution
2 Capable: Good but with room for improvement
2 Limited: Lacking in execution and use cases
2 Not applicable or absent

3. Key Criteria Comparison

Building on the findings from the GigaOm report, “Key Criteria for Evaluating Network Observability Solutions,” Tables 3, 4, and summarize how each vendor included in this research performs in the areas we consider differentiating and critical in this sector.

  • Key criteria: Solution capabilities
  • Evaluation metrics: Non-functional requirements
  • Use cases: Support for common types of networks

The objective is to give the reader a snapshot of the technical capabilities of available solutions, define the perimeter of the market landscape, and gauge the potential impact on the business.

Table 3. Key Criteria Comparison

Key Criteria

Dynamic Discovery & Mapping Visualization Validation Traffic Analysis Troubleshooting & Optimization Security Observability Application & Layer 7 Monitoring Microservices & Containers Business intelligence
Accedian 2 2 3 3 3 2 3 2 2
Auvik 3 2 2 2 1 2 1 0 0
Broadcom 3 2 3 3 3 3 3 3 2
InfoVista 2 2 2 2 3 0 3 2 2
Kentik 3 3 0 3 2 3 3 2 3
LiveAction 3 2 2 3 2 3 2 2 2
LogicMonitor 2 2 3 3 2 2 3 1 1
ManageEngine 3 3 3 2 3 2 3 2 2
MantisNet 1 0 0 1 2 3 2 3 0
Motadata 2 2 1 2 2 2 1 2 0
NETSCOUT 3 2 1 3 2 3 3 3 2
OpenText (Micro Focus) 2 3 3 2 3 2 2 1 2
Paessler 1 2 1 1 1 2 2 1 1
Park Place Technologies 2 2 3 2 2 2 2 0 1
Plixer 3 2 1 3 2 3 2 0 0
Progress 2 3 2 2 2 3 3 1 2
SolarWinds 3 2 3 2 3 2 3 3 1
3 Exceptional: Outstanding focus and execution
2 Capable: Good but with room for improvement
2 Limited: Lacking in execution and use cases
2 Not applicable or absent

Table 4. Evaluation Metrics Comparison

Evaluation Metrics

NetDevOps Suitability NetSecOps Suitability Automation Scalability Flexibility Ease of Use & Usability Solution & Partner Ecosystem TCO
Accedian 2 2 2 3 2 2 2 2
Auvik 1 1 2 2 2 3 2 3
Broadcom 2 3 3 3 2 3 3 2
InfoVista 1 0 2 2 2 2 2 2
Kentik 3 3 2 3 2 3 2 2
LiveAction 1 2 2 2 3 2 3 2
LogicMonitor 2 2 3 3 2 2 3 2
ManageEngine 2 2 2 2 3 2 2 3
MantisNet 2 2 1 2 2 2 2 2
Motadata 1 1 3 2 2 2 2 2
NETSCOUT 1 3 2 3 2 1 3 1
OpenText (Micro Focus) 3 2 3 3 2 2 2 2
Paessler 1 2 1 2 2 1 3 2
Park Place Technologies 1 1 2 2 3 3 2 2
Plixer 2 3 2 2 2 2 2 2
Progress 1 3 3 2 2 2 2 2
SolarWinds 3 2 2 3 2 2 3 2
3 Exceptional: Outstanding focus and execution
2 Capable: Good but with room for improvement
2 Limited: Lacking in execution and use cases
2 Not applicable or absent

Table 5. Use Cases Comparison

Use Cases

Data Center, LAN, & Campus WAN & Internet Virtualized Networks: Cloud & Edge Wi-Fi & Wireless Cellular & Radio Networks Data Center, LAN, & Campus
OpenText (Micro Focus)
Park Place Technologies
3 Exceptional: Outstanding focus and execution
2 Capable: Good but with room for improvement
2 Limited: Lacking in execution and use cases
2 Not applicable or absent

By combining the information provided in the tables above, the reader can develop a clear understanding of the technical solutions available in the market.

4. GigaOm Radar

This report synthesizes the analysis of key criteria and their impact on evaluation metrics to inform the GigaOm Radar graphic in Figure 1. The resulting chart is a forward-looking perspective on all the vendors in this report, based on their products’ technical capabilities and feature sets.

The GigaOm Radar plots vendor solutions across a series of concentric rings, with those set closer to the center judged to be of higher overall value. The chart characterizes each vendor on two axes—balancing Maturity versus Innovation, and Feature Play versus Platform Play—while providing an arrow that projects each solution’s evolution over the coming 12 to 18 months.

Figure 1. GigaOm Radar for Network Observability

As you can see in the Radar chart in Figure 1, most vendors are in the Maturity half, which represents the incremental developments from the network performance monitoring space, while vendors in the Innovation half have developed functions that are new in the space. We also expect an agglomeration in the top-right Maturity/Platform Play quadrant as the end-to-end network observability capabilities naturally land vendors on the Platform side.

On the Feature Play side, we have positioned Auvik, Infovista, Paessler, and Plixer in the Maturity quadrant, and Kentik and MantisNet in the Innovation quadrant. All these vendors have carved out a unique depth in which they focus, either by looking at specific market segments, deliberately excluding features, working with partners for extended capabilities, or completely rethinking the observability space.

The Platform Play side has a much higher concentration of Leaders, as most of these players have ranked high across a broader range of metrics described in the report. Maturity/Platform Play solutions include Accedian, LiveAction, LogicMonitor, ManageEngine, Motadata, NETSCOUT, OpenText, Park Place Technologies, Progress, and SolarWinds.

In the Innovation/Platform Play quadrant, we feature Broadcom and LogicMonitor, which both have strong AIOps offerings. Other players in the report are also starting to develop and deploy AIOps capabilities in production, so this feature may not continue to be a differentiator in future iterations of the report.

Looking at Outperformers, OpenText has recently entered the observability space after its acquisition of Micro Focus; integrations and development following the acquisition place OpenText more towards the Platform Play axis. The rest of the Outperformers include Accedian, Auvik, Kentik, Plixer, and SolarWinds, which all have comprehensive development pipelines and have made considerable feature releases since the last iteration of this report. Conversely, Forward Movers such as Motadata, Paessler, Park Place Technologies, and Progress have had fewer feature releases or platform integrations than in our last report.

Inside the GigaOm Radar

The GigaOm Radar weighs each vendor’s execution, roadmap, and ability to innovate to plot solutions along two axes, each set as opposing pairs. On the Y axis, Maturity recognizes solution stability, strength of ecosystem, and a conservative stance, while Innovation highlights technical innovation and a more aggressive approach. On the X axis, Feature Play connotes a narrow focus on niche or cutting-edge functionality, while Platform Play displays a broader platform focus and commitment to a comprehensive feature set.

The closer to center a solution sits, the better its execution and value, with top performers occupying the inner Leaders circle. The centermost circle is almost always empty, reserved for highly mature and consolidated markets that lack space for further innovation.

The GigaOm Radar offers a forward-looking assessment, plotting the current and projected position of each solution over a 12- to 18-month window. Arrows indicate travel based on strategy and pace of innovation, with vendors designated as Forward Movers, Fast Movers, or Outperformers based on their rate of progression.

Note that the Radar excludes vendor market share as a metric. The focus is on forward-looking analysis that emphasizes the value of innovation and differentiation over incumbent market position.

5. Vendor Insights


Accedian Skylight delivers high-performance network and user-experience monitoring across virtualized, cloud, software-defined, and physical network infrastructures as well as service and application chains. Skylight provides end-to-end network and application performance visibility and control over user experience.

Accedian network observability is achieved with the following products:

  • Skylight Performance Analytics (SaaS deployment) is the main tool for viewing and analyzing network performance data.
  • Skylight Orchestrator (physical and virtual deployment) is Accedian’s solution for managing sensor deployments.
  • Skylight software and hardware sensors (physical and virtual deployment) are designed for capturing all network traffic between users and infrastructure (north-south) and between virtualized infrastructure resources (east-west).

The platform ranks high on both the application and Layer 7 monitoring and traffic analysis key criteria. It uses sensors to monitor real-user experience and generate synthetic data orchestrated from a single solution. The Skylight sensor agents provide active test traffic from Layers 2 through 7. The sensor agents can generate performance data on Layer 2 Ethernet, Layer 3 IP, Layer 4, and Layer 7 protocols. The Skylight “capture sensor” provides lightweight passive analysis of network traffic from Layer 2 to Layer 7 on physical, virtualized, and cloud infrastructures. The capture sensor collects network traffic between users and infrastructure (north-south) and between virtualized infrastructure resources (east-west).

The Skylight platform is highly scalable, able to monitor multinational networks, and cater to the complex network of CSPs or businesses with highly distributed networks. Skylight passive sensors support 13 Gbps of the maximum throughput of a single instance with Layer 4 deep packet inspection (DPI) enabled. While Layer 7’s DPI maximum throughput is 10 Gbps, the maximum number of active/synthetic monitoring flows per second is 250,000.

Accedian ranks high on the traffic analysis criterion because Skylight performance analytics leverages ML to conduct network traffic analysis. It provides predictive analysis to identify performance-related issues such as latency, jitter, congestion, and dropped packets. It can also be used to support threat investigation and detect malicious behavior.

Skylight also ranks high on the validation key criterion, having developed intent-based assurance features, which support baseline performance to ensure the network fulfills business needs and outcomes. Baseline performance metrics can be used pre- and post-configuration change and validate that change management is done successfully. The solution couples baseline data and metadata, which allows Skylight to create a contextual relationship between service fulfillment and configuration.

The newly released Skylight Interceptor NDR (network detection and response) leverages the Skylight Analytics sensors deployed throughout the network on-premises, in the cloud, and in virtual and hybrid environments to support threat detection, threat hunting and forensics, and response use cases. Using Skylight sensors enables Skylight NDR to analyze both east-west and north-south traffic and identify threats that evade perimeter security solutions like firewalls and VPNs.

Strengths: Accedian’s offerings can deliver excellent scalability using its orchestration tool, and it has good security visibility as well as continued development of AI and ML integration.

Challenges: Accedian’s network observability has limited Wi-Fi and wireless monitoring capabilities. Similarly, the solution’s SaaS-only deployment model is not suitable for organizations that require other types of deployment models.


Auvik’s Network Management (ANM) solution has well-developed capabilities for monitoring SMB infrastructure that spans from on-premises equipment to outsourced infrastructure in the cloud and at the edge. ANM also includes automation features that continually scan for network changes and update network documentation, back up device configurations, and alert on network activities.

Delivered in a SaaS model, Auvik supports functions such as network topology mapping, network traffic visualization, network performance monitoring, network configuration backups, syslog management, and netflow traffic analysis to provide Layer 7 monitoring.

Auvik can discover and map new network appliances and services automatically as they are added. Moreover, Auvik integrates asset management capabilities such as detecting and capturing full details for every device on the network, including make and model, serial number, IP address, and the physical switchport the device is connected to. Auvik pulls lifecycle data from supported devices to show whether they are on current or expired support contracts, whether there are more up-to-date software versions available, whether the devices are eligible to receive critical security updates, and whether or not the devices are still available for purchase.

For validation, Auvik scans network devices for configuration changes every hour, backing up the latest configurations automatically. The configuration backups are available for a side-by-side comparison review. Auvik can easily restore configurations using a restore button or, alternatively, allow for export so the configuration can be applied to a new device. While this approach falls short of achieving true validation, Auvik has the opportunity to correlate network performance changes with configuration changes.

Auvik extracts flow data and uses ML and traffic classification to highlight which applications or protocols are using the bulk of the network’s bandwidth, allowing users to investigate network traffic spikes retroactively or in real-time. Customers can identify applications in use, application category, device names, and geolocation.

Strengths: Auvik has a strong offering for mid-market customers with a good level of end-to-end network observability. Its developed traffic analysis capabilities and SaaS-based offering make it an attractive option in the network observability market.

Challenges: Auvik ranks lower on criteria such as security observability and troubleshooting. While the lack of security observability is a deliberate choice, the vendor can continue improving its automation capabilities, including self-healing and auto-remediation.


Combining AppNeta’s and DX NetOps’ capabilities, Broadcom Software’s experience-driven NetOps solution expands traditional operational visibility beyond the network edge and out to ISP, SaaS, and cloud provider networks. With these solutions, enterprises can leverage end-user experience metrics to track and optimize end-to-end network performance.

DX NetOps is Broadcom’s main network observability tool, which can be used across traditional and software-defined architectures, with strong capabilities for network fault detection, performance, flow, configuration management, log analysis, and AI insights. DX NetOps is further enhanced by Broadcom’s AIOps solution, which leverages AI and ML for full-stack correlations, predictions, and algorithmic analysis of alarms, metrics, logs, and topologies.

AppNeta offers SaaS-based network and end-user experience monitoring that provides insights into network performance from the end-user perspective across infrastructures that customers do not own, such as the internet, middle mile, cloud, and SaaS environments. AppNeta’s proprietary TruPath technology provides granular insight into the network delivery paths through any network by using packet-train dispersion.

Broadcom brings user experience metrics into the network operations center (NOC) for a better understanding of the network delivery performance impact on applications and users. By correlating network path metrics with network device performance, root cause and network path health are surfaced for the operations teams to get a better perspective of user experience impact.

Broadcom’s network observability offering is a very good candidate for carriers, system integrators, managed service providers (MSPs), and large enterprises. Broadcom also boasts an excellent partner ecosystem, leveraging industry-leading vendors for comprehensive visibility across all network segments.

Broadcom scores high on most of the key criteria described in the report, including dynamic discovery, traffic analysis, and troubleshooting. For validation, Brodcom uses AppNeta’s near real-time end-user experience to validate performance from controllers against the actual network delivery performance, validate overlay performance, identify patterns in performance over time, and identify problematic transports or service providers using deviation from normal baselines and projections.

Strengths: With AI at the core of its offering, Broadcom’s capabilities rank high on a wide range of key criteria, including validation, traffic analysis, troubleshooting, security observability, and monitoring of application and Layer 7 resources.

Challenges: Broadcom needs to continue the integration between its existing DX NetOps solution and the recently acquired capabilities from AppNeta to deliver a seamless user experience.


Infovista’s Ativa observability solution suite provides automated assurance for network operations teams, with extensive troubleshooting capabilities. The solution is suitable for communication service providers because it offers end-to-end mobile and fixed network monitoring. It correlates network resources and infrastructure performance to the services running on top, and customer experience delivered by using service modeling, multisource data correlation and analysis, and automation. Ativa supports physical, virtual, and hybrid networks and covers all domains from radio access network (RAN) to transport, fixed access, core, IT networks, and cloud infrastructure.

Infovista ranks high on the troubleshooting key criterion, with the Ativa Automated Ops module providing auto-remediation capabilities. These include threshold cross alerts based on manual rules or ML-based anomaly detection, a policy engine that triggers automation flows based on rules, a workflow engine that runs root-cause analysis (RCA) and service impact analysis (SIA) automatically, and a zero-touch configurator (ZTC) connected to the network management station (NMS) system to apply actions such as configuration changes, restarts, and resets based on the identified root cause.

Ativa solutions processes multiple data sources including operational support system or OSS (PM/CM/FM), RAN call traces, and probe PCAPs (which derive their name from “packet capture”), enabling visibility and correlation of network performance with quality of service and experience across domains. 360° assurance solutions provide a horizontal and vertical approach to assurance, coupled with automation for end-to-end RCA, customer-impact analysis, and other automated actions through API integration with CSP’s ecosystems, such as trouble-ticketing, element managers, and orchestrators.

The Ativa Optimize module is focused on RAN optimization and provides features such as subscriber visualization and device location, correlation of subscriber experience with device performance and network quality, and identification and analysis of overshooting cells (percentage, coverage, impact on dropped calls), using geo-location at bin-level and automated tilt recommendation, alongside other features. The Smart CapEx solution pack provides reports on network utilization, bottlenecks, and impact on quality of experience (QoE) for current networks and future predictions based on network trends and traffic growth estimations. For core and transport domains, Ativa can detect network inefficiencies by observing the service quality against the target SLA, traffic behavior and anomalies down to protocol level and xNF interfaces. It can also correlate xNF performance issues with device, transport and infrastructure bottlenecks, and trigger scale-up actions to adjust traffic to required capacity whenever possible.

Ativa provides multitenancy capabilities so that CSPs can deliver individual data to their enterprise customers, as well as compare current KPIs against contracted SLAs. This process can apply to both fixed—voice over internet protocol (VoIP) and software-defined wide area network (SD-WAN)—and mobile services (including 5G slicing).

Strengths: Infovista offers a very strong RAN observability offering for mobile network operators (MNOs). It has extensive troubleshooting and optimization capabilities, along with well-defined ML-based analysis features.

Challenges: For use cases outside of MNOs and communications service providers, Infovista’s solution capabilities are limited compared to other vendors, especially with regard to security observability.


The Kentik network observability solution provides comprehensive observability of networks across infrastructures including data centers, private and public clouds, WAN and SD-WAN edge, CDNs, ISPs, and the various service provider networks on the internet. The Kentik offerings are provided in a unified, intuitive map and topology view that shows intra- and inter-infrastructure traffic flows and provides real-time and historical traffic, performance, and health information for immediate assessment, issue identification, and troubleshooting. The solution is fully delivered as SaaS but can also be deployed physically within the customer’s control if needed to support compliance requirements. In this case, the solution is managed by Kentik and delivered in a similar SaaS fashion.

Kentik’s network observability solution supports monitoring for very large networks. It includes excellent security monitoring capabilities from its broad partner ecosystem as well as built-in threat-intelligence data that can correlate with customer-supplied data.

Kentik ranks high on visualization for intuitive and easy-to-navigate network representations, with a granular level of detail across third-party infrastructures. Kentik enables the analysis of traffic paths throughout cloud virtual network constructs with trace-route and path views, including all nodes and test result metrics. This functionality lets you see all nodes, links, and paths along a route and quickly zero in on performance issues.

Another differentiating feature in Kentik’s solution is the visibility over network spending. Customers can input their connectivity service provider’s pricing model into Kentik and, based on the amount of traffic, Kentik can provide spending estimates. This information allows enterprises to forecast OpEx spending for network usage and scenario-based budget planning.

Kentik provides advanced insights with autodetection of anomalies and emerging issues, using built-in diagnosis and potential RCA with a combination of semantically enriched algorithmic learning. The solution uses AI to generate and surface emerging network events for proactive diagnostics, helping to battle brewing performance issues, network attacks, and/or traffic anomalies. Kentik can also generate synthetic traffic that can help with digital experience monitoring and proactive troubleshooting, allowing network administrators to zoom into specific tests and learn details about the traffic’s path or application response times from anywhere in the global agent network.

For dynamic discovery and mapping, Kentik can identify and visualize cloud networking elements and their associated context, Kubernetes nodes, pods, and connections, as well as CDN PoPs, internet applications, and upstream connectivity providers. While these capabilities are extensive, Kentik’s solution also lets customers add devices through the API, which the solution then automatically discovers.

Kentik also ranks high on NetDevOps, providing integrations with infrastructure as code (IaC) tools such as Terraform, and a full Python software development kit (SDK). It can write API calls from writing queries in the solution’s interface. Kentik Labs, a division that manages several open source projects, also includes tooling that facilitates integration with third-party tools and eBPF-based Kubernetes observability.

Strengths: Kentik is easy to use and delivers very good visualization, planning tools, and security observability. It also offers tailored experiences for different market categories.

Challenges: Kentik has deliberately chosen to limit its capabilities around network validation and has limited on-premises network asset discovery.


LiveAction’s observability solution is mainly composed of LiveNX and LiveWire. LiveNX offers visibility into the network, including SD-WAN, data centers, edge locations, and web-based applications. LiveNX supports a server node architecture, with each virtual or physical node supporting 1,000 devices and 150,000 flows per second. Customers can add multiple nodes to scale horizontally.

LiveWire provides local packet analysis for deep performance views. This real-time and detailed telemetry is seamlessly fused into LiveNX’s integrated view. LiveWire simultaneously provides the ability to drill down into deep-packet forensic analysis when necessary.

The solution supports ML-based features such as application utilization baselining, performance baselining, and anomaly prioritizations. It learns the usage patterns of the top network applications, baselines them on a per-device/per-direction basis, and detects anomalies when the usage and performance deviates from learned normal behavior. Top anomalies and insights can be quickly understood in context per app, per site, and per device. This allows contextually relevant drill-down to anomaly details.

In early 2022, LiveAction released ThreatEye, an NDR SaaS solution for enterprise threat detection and encrypted traffic analysis. ThreatEye can track, classify, and characterize network traffic without requiring network traffic decryption. ThreatEye’s deep packet dynamics (DPD) is agnostic with respect to packet contents and used to create a historical inventory of traits and behaviors for profiling and fingerprinting, which can help with end-user privacy and save on computation power for packet payload decryption.

LiveAction can validate network design and intent by integrating with prominent SD-WAN vendors. It allows clients to view and analyze the results of dynamic changes to traffic patterns in the context of the full end-to-end network. LivaNX can also create, push, and validate QoS policies in real-time.

Strengths: LiveAction can monitor large networks across different types of infrastructure. The solution ranks high for traffic analysis, dynamic discovery, and security observability.

Challenges: LiveAction can further improve its observability solution by implementing self-healing capabilities and developing NetDevOps capabilities beyond the availability of APIs.


LogicMonitor’s SaaS-based observability platform offers extensive infrastructure monitoring and provides comprehensive visibility into dynamic IT environments from data centers to public clouds. Data correlation capabilities within the platform provide insights for intelligent troubleshooting and predicting bottlenecks. LogicMonitor’s agentless infrastructure monitoring delivers an extensible solution with over 2,000 integrations, customizable dashboards, and automated discovery.

LogicMonitor’s modular observability solution allows customers to select products to match their requirements; products include LM Infrastructure Monitoring, LM Cloud, LM Container Monitoring, LM Logs, and LM Application Performance Monitoring.

LM Intelligence contains the vendor’s AIOps capabilities that can be used for dynamic thresholds, anomaly detection, forecasting, RCA, and unbalanced service detection. For a given alert condition, LM Intelligence can correlate data points among various metrics, traffic flows, config changes, logs, and topology. Future LM Intelligence developments will include metric-to-metric correlations and metric/log/tracing correlation for the application.

LogicMonitor ranks high on the NetDevOps key criterion, with ongoing continuous developments around integrations with continuous integration/continuous development (CI/CD) and IaC tools such as Ansible, Terraform, and StackStorm.

LogicMonitor offers end-to-end network visibility to IT departments in medium and large enterprises, and caters to MSPs as well. The LogicMonitor solution features a well-developed network discovery function by which collectors use its NetScan feature to discover network devices. NetScans can be executed via internet control message protocol (ICMP). Native algorithms provide automatic tech-stack discovery via protocols such as WMI, Perfmon, SNMP/SSH, JDBC, HTTP/S, PowerShell, and Groovy APIs for virtual infrastructure.

Another strength of the LogicMonitor solution is its ability to perform network validation. The platform can detect configuration changes and automatically identify the associated impact on network performance metrics. The LM Config feature in LogicMonitor allows customers to centrally monitor all their configurations and raise alerts if there are differences from previous baselines or versions. These configuration change alerts can be correlated with other performance or availability-related alerts along with any logs from that source at the time of the alert.

Strengths: The platform has strong capabilities in multiple criteria, including validation, application and Layer 7 monitoring, and traffic analysis.

Challenges: LogicMonitor has room to improve its support for security observability. Security monitoring is not built into the platform, though users can ingest logs from network devices as well as security insights from other platforms to route them through LogicMonitor’s alerting system.


ManageEngine OpManager Plus is a comprehensive network observability solution that helps monitor and manage network devices and virtual infrastructure as well as network traffic, configuration changes, security appliances, and applications. OpManager Plus can be deployed in physical appliances, virtual appliances, as SaaS (Site24x7), or as a public cloud image.

A distinguishing aspect of the ManageEngine solution is its visualization capabilities. The platform goes beyond topological and geographical maps to provide 3D server room and virtual device views. The vendor ranks high on application and Layer 7 monitoring, offering features such as monitoring the health, availability, and performance of monolithic applications and distributed applications built using serverless functions and microservices. In addition, the solution provides application-to-application network performance visibility and monitoring of Layer 7 applications such as Layer 7 load balancers and web application firewalls.

Besides the comprehensive OpManager Plus platform, ManageEngine also offers dedicated, stand-alone solutions for network performance monitoring, network traffic management, network configuration, change management, and application performance management. ManageEngine also has a separate network performance monitoring solution tailor-made for MSPs.

ManageEngine’s Network Configuration Manager achieves a high degree of validation. Using Network Configuration Manager to push configuration changes through “confligets” (configuration scripts), deviations can be identified using compliance rules and corrective actions can be taken. The system is not yet compatible with third-party applications.

For dynamic discovery, OpManager can discover new locations, physical appliances, and virtual appliances, and update network visualizations such as Layer 2 topology maps, inventory, and reports. For troubleshooting, ManageEngine offers workflows that help IT teams automate routine tasks based on predefined conditions. These workflow actions include stopping processes to bring down CPU usage or restarting devices. Workflows can be scheduled for routine maintenance or executed automatically based on user-defined conditions.

Strengths: ManageEngine offers a comprehensive end-to-end monitoring solution, with unique visualization capabilities and extensive application and Layer 7 monitoring.

Challenges: ManageEngine could further develop its observability solution by developing container network monitoring features.


Commercially available since 2020, MantisNet Containerized Visibility Fabric (CVF) is a network observability solution that provides visibility into networking infrastructure from the core to the edge. MantisNet CVF provides deep, full-stack visibility into all events and enables users to correlate the resulting metadata across multiple systems and infrastructure components.

A significant caveat is that MantisNet doesn’t currently offer a turnkey network observability solution. MantisNet CVF collects, processes, and publishes network data into open message buses. From there, customers typically ingest MantisNet metadata into their existing applications, open source tools, or analytic workflows for visualization, analysis, and workflow automation to meet the rest of our key criteria. MantisNet’s roadmap includes developing features and functions for automation, visualization, reporting, alerts, and UI dashboard tools to deliver a full-stack network observability solution for enterprise IT.

The CVF solution consists of a single binary image that can be instantiated as agents or controllers. Agents—lightweight, event-driven, network sensors—are installed one per node and programmed to capture or filter traffic and monitor the environment for specific events and changes to physical and virtual resources. Controller instances are installed one per cluster and provide administrative, configuration, and provisioning control over the agents installed in that cluster.

MantisNet customers can deploy the solution via SaaS or use an enterprise licensing model; virtual and physical appliance instances are also available.

The MantisNet solution provides comprehensive, continuous, real-time, non-disruptive visibility into all events and traffic—across links, processes, flows, containers, applications, microservices, and users. It is typically deployed in an automated, dynamic manner with orchestration and automation tools (Kubernetes) to scale on-demand as resources, processes, and applications are being provisioned and deprovisioned. Furthermore, the solution is open and composable, so that new functions can be added and distributed as needed.

Strengths: MantisNet continues building its observability solution based on an innovative architecture, getting traction with MNOs, internet of things (IoT) vendors, and infrastructure technology providers.

Challenges: Currently, the vendor does not offer a full-stack observability platform for enterprise IT; it is missing out-of-the-box visualization, platform automation, and traffic analysis.


Motadata has consolidated its network observability features within its AIOps product, bringing ML-based insights and automation engines to an end-to-end infrastructure visibility platform.

Motadata is a unified observability platform for the network, infrastructure, and application stack that enables organizations to gather actionable insights at scale. Motadata leverages ML algorithms for anomaly detection, forecasting, and capacity planning. It is also able to reduce mean time to respond (MTTR) by limiting noise from alerts and generating tickets with more context.

The vendor has a very strong opportunity to develop mature AIOps features by leveraging its existing automation engine—consisting of script and workflow builders—and its ML-based analytics engine that extracts actionable insights to create features such as intelligent self-healing and auto-remediation.

The platform ranks high on the application and Layer 7 monitoring key criterion, with strong capabilities around DevOps-oriented monitoring via service maps, synthetic data, and code-level tracing. The tool can integrate into the DevOps teams’ CI/CD pipeline.

The platform can automate network configuration management for configuration changes, backups, and restores. These are mature features that provide the capabilities of asset management software. However, the platform isn’t able to achieve validation, which entails correlating configuration with network performance impact and offering automated remediation.

Despite being able to ingest security logs, the platform doesn’t provide security analytics or more advanced features such as NDR. The solution can be deployed only as a virtual appliance, as the vendor doesn’t offer a SaaS or on-premises deployment model.

Strengths: As part of its AIOps product, Motadata has well-developed troubleshooting capabilities and can support network automation. These features will be further enhanced with the vendor’s auto-root cause analysis developments.

Challenges: Motadata can develop more monitoring capabilities around application and Layer 7 monitoring and visualization and offer a SaaS deployment model.


NETSCOUT is a key player in the network observability space, with established solutions developed over 30 years of working with some of the largest network operators in the world. NETSCOUT’s network observability suite, nGenius, is a mature and well-rounded solution. NETSCOUT tailors its solution based on varied industry requirements—for carriers, public sector, finance, healthcare, or MSPs. nGenius is highly scalable and supports a good selection of data sources, making it a versatile tool for large enterprises with complex networks and for CSPs. In terms of deployment, NETSCOUT offers its flagship product, nGeniusONE, as an on-premises solution featuring the nGeniusONE server unit. NETSCOUT also provides network visibility as a managed service with its nGeniusVaaS (visibility as a service) offering.

A key aspect of NETSCOUT’s solutions is its patented Adaptive Session Intelligence (ASI) technology, which performs real-time data mining of user and application traffic at the network source. The ASI metadata includes key traffic and performance indicators and Layer 4 through 7 problem indicators for the discovered applications and servers without installing device agents. NETSCOUT’s ASI technology is pre-integrated with over 1,000 applications, providing application monitoring for voice, video, web/URL-based, server-based, SaaS, unified communications as a service (UCaaS), and custom applications.

NETSCOUT ranks high on the traffic analysis key criterion with its Omnis Analytics product, which uses ML to detect business impact by correlating KPIs with network performance and performing outlier detection. At the time of writing, Omnis Automation is currently available for Wi-Fi, 5G, multiple-access edge computing (MEC), and voice networks. The product will be available for other types of networks such as local area network (LAN), wide area network (WAN), cloud, and edge in future releases.

In 2021, NETSCOUT expanded its capabilities to include application monitoring via the nGeniusPULSE product. Using synthetic testing, nGeniusPULSE can monitor the performance of SaaS applications and remote users using an active, synthetic testing solution for instrumentation at remote edges. It performs tests including business transaction, network SLA, VoIP, full meeting lifecycle, Wi-Fi, and infrastructure performance management. nGenius PULSE is integrated with ISNG/vSTREAM and nGeniusONE and can capture packets on synthetic transactions for smart data triage.

The vendor ranks high on traffic security, the Omnis Cyber Intelligence solution supporting use cases such as verification of zero-trust policies, retrospective analysis using new threat intelligence against historical metadata and packets, threat hunting, and threat blocking via integrations with security service providers. NETSCOUT Arbor Sightline can gather and analyze multiple versions of NetFlow to identify baseline behavior and detect anomalies, also providing data associated with attacks, such as source address, target addresses, and protocols used, which can be used for automated attack mitigation.

NETSCOUT supports the monitoring of containers and microservices-based applications using packet-level monitoring, smart data, metrics, and measurements correlated with application monitoring data.

Strengths: NETSCOUT offers mature, industry-specific solutions that have been developed over decades. These solutions have excellent scalability, visibility, and troubleshooting capabilities.

Challenges: NETSCOUT’s suite of network observability products makes it a complex solution that can require additional support from the vendor or third parties to successfully deploy. nGeniusVaaS is designed to address these challenges.

OpenText (previously Micro Focus)

Having acquired Micro Focus in 2023, OpenText entered the network observability space with its Network Operations Management (NOM) solution, which is a mature and well-featured tool that provides management for enterprise networks, integrating capabilities to monitor fault, performance, configuration, and compliance of physical, virtual, wireless, and software-defined network (SDN) infrastructure. NOM scales up to 80,000 discovered nodes, including up to one million discovered interfaces per global domain.

NOM’s dynamic Spiral Discovery continuously gathers a wealth of information about your network inventory, ascertains the relationships between devices, such as subnets, VLANs, and virtual resource pools, and it asynchronously updates connectivity maps between devices.

NOM shows operators how device configuration changes might be impacting network performance (which happens frequently) to allow for faster MTTR of problems introduced by network changes. Automated configuration changes can then be deployed by NOM to remediate the problems found.

The NOM Causal Engine dynamically assesses the root causes of network faults leveraging analytics against polled data, SNMP traps, and real-time topology data from Spiral Discovery, reducing the volume and noise of incidents up to 50%. Any time the state poller sends updated state values for an object, the causal engine reanalyzes status, conclusions, and incidents, and updates this information if needed. The NOM Causal Engine defines root cause in terms of symptoms, using a set of rules to define relationships for fault and performance, (thresholding) symptoms, and root causes. Sources of symptom information include SNMP traps and the monitoring information from the state poller, including an object’s state.

The NOM Causal Engine is a mature feature that can generate notifications about problems. Notifications include sending conclusions, correlation, or suppression of incidents; closing incidents that are no longer valid; creating parent-child relationships between incidents that are all related to one problem; and creating parent-child relationships between incidents that are correlated using the custom correlation configuration.

The Causal Engine actively solicits symptoms during analysis and reacts dynamically to topology changes. It uses three stages to help determine and display root cause incidents and their related conclusions:

  1. Condition listener: Collects symptoms from NOM processes and services
  2. Hypothesis engine: Analyzes these symptoms to determine relationships until a root cause is reached
  3. Blackboard: Updates a device’s status and posts any related incidents, based on the information sent by the hypothesis engine

For validation, the solution can examine a configuration’s fitness for purpose before deployment by automatically assessing pre-change conditions to validate a change and determine whether it should proceed or not, deploy the configuration change, and then automatically assess post-change conditions to determine whether or not an automated rollback action should be triggered. NOM provides real-time compliance analysis of any changes to network device configurations detected, network device running state diagnostics and network OS patch levels, and includes automated remediation features regardless of whether those changes were automatically deployed by NOM or by third-party tools.

NOM provides real-time security and compliance monitoring to ensure adherence to standards, along with monthly updated security vulnerability compliance policy content to help quickly identify vulnerability issues and secure and prevent threats to the network. If there are network failures or security threats detected, automated configuration change, automated provisioning, and automated upgrade capabilities are available for administrators to use to recover or proactively manage the network infrastructure.

Strengths: OpenText’s Casual Engine is a differentiating feature that offers robust capabilities for troubleshooting and validation. The solution also ranks high for the visualization key criteria and NetDevOps evaluation metric.

Challenges: OpenText could improve NOM’s capabilities for natively monitoring and analyzing application traffic, including microservices, containers, third-party web services and Layer 7 appliances.


Paessler offers an all-in-one solution for infrastructure monitoring: PRTG. It provides low-level visibility into all corners of the infrastructure, from network and applications to cloud, hardware, databases, and services. It has a consistent and comprehensive interface and can visualize data in several different modes, including its signature sunburst map. The solution ranks well on flexibility due to its highly customizable sensors, dashboards, licensing models, and available APIs.

PRTG ranks lower on a few key criteria due to the lack of out-of-the-box features for configuration validation, automated troubleshooting, and security visibility. The tool presents all the information required to diagnose and identify issues, but it relies on the engineer’s expertise for remediation rather than providing actionable insights and intelligent suggestions.

Despite the lack of these extended observability features, PRTG has carved out its speciality and is looking to provide its customers with automation and insights through several partnerships. Paessler has a very good partner ecosystem, collaborating with IP Fabric to provide validation and with ScriptRunner for automation workflows, for example.

In terms of deployment, PRTG can be installed either as a virtual appliance, using a physical probe, or as a web-hosted application. As a virtual appliance, PRTG can be installed in a cloud environment. A physical PRTG probe requires a local machine on-premises. The hosted version simply requires a user to log into the web portal while Paessler manages the PRTG server.

Strengths: PRTG offers excellent visibility over network data sources and has great flexibility in terms of APIs, customizable sensors, and licensing models.

Challenges: While it supplies good information about the network, the out-of-the-box capabilities available to be measured against key criteria are comparatively limited.

Park Place Technologies

Park Place Technologies’ network observability platform, Entuity, is a comprehensive network performance and analytics software solution built on a unified architecture that is highly scalable and configurable. Entuity uses a distributed multiple-server architecture that acts as one system to scale from tens to hundreds of thousands of devices.

The platform has strong troubleshooting capabilities provided by Entutiy’s Event Management System (EMS). Automated actions can be defined based on conditions and specific workflows, configured either by network administrators or out of the box, which can process and correlate events to consolidate the number of actionable incidents.

The Entuity Configuration Management and Monitoring System allows users to create and automatically push configuration settings to thousands of monitored devices and ports. This system provides validation capabilities when working in conjunction with its event management system to streamline workflows, as configuration management tasks can be executed as EMS actions. For example, the two features can work together to detect and automatically shut down a port that has been flapping for more than a defined amount of time, or to enable backup circuits for a period of high utilization on a WAN. It also monitors existing configurations to provide backup, restore, golden image functions, change detection, management, and policy compliance.

ML is used to evaluate long term drift in monitored metrics. This capability can be used both interactively and in the form of planning reports that warn when upward drift indicates the need for intervention before service degradation is encountered.

The pattern of observed outages or loss of reachability is combined with the dynamically updated routing patterns to identify the point of failure and to elevate it over the symptomatic failures that are noticed at the same point in time.

Metrics such as bandwidth, CPU, memory, and storage volume utilization are used in conjunction with spare port capacity in the LAN switch fabric to report on both current and projected concerns for planning purposes.

For installation, Park Place Technologies provides ISO images of the Entuity server, allowing it to be easily installed on both virtual and physical servers. In turn, Entuity can be run in an on-premises environment or in a private or public cloud. Once deployed, users can access the fully instrumented solution via a web browser portal. While there is no SaaS version available, a managed option is available through its services team.

Strengths: By combining its event and configuration management systems, Entuity achieves strong troubleshooting and validation capabilities. The solution also provides good traffic analysis use cases.

Challenges: At the time of writing, Entuity is not available via SaaS. The vendor could also further develop its capabilities for native security observability and microservices and container networking.


Plixer offers two network observability solutions: Plixer Network Intelligence and Plixer Security Intelligence Platform. Both solutions are based on a similar set of core capabilities: ingestion of telemetry (such as NetFlow, IPFIX, SNMP, and traffic analysis), device discovery, visualization, and investigative workflows. The two products are differentiated based on the ML models available with each solution and can be deployed together to provide a unified network and security observability solution.

Plixer’s differentiating features are its traffic analysis capabilities, which are “clear box,” offering detection transparency and visualization of ML models. Traffic analysis can support threshold-based analytic algorithms, supervised ML, unsupervised ML, and deep learning. These features are combined with user customizable detection sensitivity thresholds, baselined seasonality, customizable modeling dimensions, encrypted traffic analytics (ETA), and threat intelligence feed integration. This array of detection techniques also allows Plixer to identify potential “poisoning” attacks on ML learning.

Plixer continuously ingests and analyzes a broad range of hybrid IT infrastructure data sources from multiple domains, including NetFlow, IPFIX, SNMP, SD-WANs, Active Directory, LDAP, RADIUS, and dynamic host configuration protocol (DHCP). This process provides comprehensive Layer 2 to Layer 7 visibility and context for RCA without the need to deploy and maintain packet processing technologies.

For troubleshooting, Plixer provides prioritized alert monitoring and filtering, event correlation for incident noise suppression, alert visualization timelines to assist with RCA, and dashboard drilldowns. These are supported by various detection techniques. The dashboard UI is designed to highlight alerts by priority and focus the user workflow. Plixer provides out-of-the-box bidirectional integration for remediation with tools such as Microsoft Defender, ServiceNow, and Tenable, as well as a programmatic REST API interface.

Strengths: Plixer’s maturity and feature set for its ML and traffic analysis capabilities are true differentiators. The vendor also has well-developed discovery and security observability features.

Challenges: Plixer is currently working to address its lack of visibility into container and microservices networking. The vendor has strategically decided to exclude validation capabilities.


Progress’ observability solution consists of comprehensive infrastructure monitoring provided by Progress WhatsUp Gold and advanced network traffic analysis provided by Progress Flowmon. WhatsUp Gold provides availability monitoring of the infrastructure for visibility of network devices, while Flowmon analyzes network traffic data with deep drill down capabilities for troubleshooting, RCA, application performance measurement, and network anomaly detection. Flowmon’s comprehensive network traffic analysis capabilities are displayed in a dashboard within the WhatsUp Gold interface.

WhatsUp Gold allows administrators to monitor devices, track bandwidth usage, and improve network, server, and application performance. It gives them a complete picture of their network by monitoring and categorizing wired, wireless, and virtual environments. This enables administrators to find and fix problems before their users are impacted, assure that bandwidth is optimized for critical applications and services, and automate configuration, log, and asset management.

WhatsUp Gold also provides the ability to respond to alerts in several automated ways, including responding to alerts or using application performance monitors to specify what actions can be taken when the application or monitored component changes state. Administrators can also quickly generate custom application profiles and modify existing profiles to meet specific monitoring needs with an intuitive profile development utility. In case of network failures or security threats, Flowmon provides automatic detection and data evidence of the threats for network admins to respond to and analyze.

The vendor also ranks high on the application and Layer 7 monitoring and troubleshooting key criteria. For monitoring, the platform measures user experience and extracts Layer 7 flow data such as DNS, DHCP, and server message block (SMB). The vendor can support automated troubleshooting via self-healing actions such as triggering a server reset and activating PowerShell scripts whenever alerts are triggered.

Flowmon Anomaly Detection System (ADS) is a security solution within the Flowmon suite that uses ML to detect anomalies hidden in the network traffic. Its ML-powered detection engine, combining multiple detection mechanisms, identifies malicious behaviors, attacks against mission-critical applications, and data breaches at any point of the threat’s lifecycle, allowing it to uncover unknown and insider threats even in encrypted traffic. Furthermore, it leverages external threat intelligence feeds and community blacklists.

Currently, both WhatsUp Gold and Flowmon can be deployed as separate physical and virtual appliances. While Flowmon is directly available also from the large public cloud providers, neither solution has a SaaS option.

Strengths: WhatsUp Gold and Flowmon features already complement each other, and with deeper integration, they can provide full-stack, end-to-end observability over network infrastructure, security appliances, and applications.

Challenges: Progress’ main challenge is the integration of WhatsUp Gold and Flowmon. Even after the acquisition took place in 2021, the solutions still mainly operate and get deployed as two separate products with some front-end integrations.


SolarWinds has two network observability solutions: Hybrid Cloud Observability is optimized for on-premises or self-hosted cloud deployments, while SolarWinds Observability is a cloud-native, as-a-service offering. Both solutions are powered by the SolarWinds Platform and provide full-stack observability focused on solving the unique requirements across a complete IT estate.

Hybrid Cloud Observability is designed for observability of on-premises and hybrid networks and infrastructure and commercial cloud apps. SolarWinds Observability addresses the needs of DevOps, application development teams, and site reliability engineers with its code-level observability for in-house custom and cloud-native apps. Its AI/ML powered Health Scores provide a holistic view that simplifies troubleshooting of complex, modern applications across multiple clouds.

SolarWinds developed Hybrid Cloud Observability following a “secure by design” model, working in collaboration with security experts such as the Krebs Stamos Group, CrowdStrike, and KPMG to devise a secure software development lifecycle and product architecture.

The Hybrid Cloud Observability platform ranks high on the dynamic discovery and mapping key criterion because it can automatically discover and map both physical and virtual topologies across different types of infrastructures and services, including cloud environments. The topology maps also include a “Time Travel” feature, giving users the option to enable historical tracking of the map to determine what occurred prior to an event or detect related patterns and behaviors.

The platform also scores high on validation, offering integration with Cisco ACI, which surfaces health scores for APIC tenants, spines, and leaves. Cisco ACI information is gathered through a combination of SNMP and API calls. Hybrid Cloud Observability can make bulk configuration changes to wired and wireless devices by designing change templates and creating standardized configurations. The platform can compare configuration changes to adjust and push configurations if needed to remediate any issues. Hybrid Cloud Observability can also help validate SD-WAN deployments by displaying the control plane and data plane deployments in a single map.

For application and Layer 7 monitoring, Hybrid Cloud Observability provides a visualization of the application stack elements supporting it, including transactions, databases, physical and virtual hosts, network attached storage (NAS) volumes, and APIs. The platform can also integrate with SolarWinds Observability, which provides a dashboard of distributed services representing an application built on a microservices-based architecture. The platform also provides application dependency mapping, which polls dependencies and creates maps to monitor incoming network connections for a managed server or application.

Hybrid Cloud Observability ranks high for container and microservices monitoring as it allows users to track details about their container infrastructure, including hosts, host clusters, environment dependencies, and deployments, review metrics for containers, hosts, and other infrastructure elements to plan capacity, analyze container activity in the AppStack Environment, and organize containers on Hybrid Cloud Observability Intelligent Maps.

Strengths: Hybrid Cloud Observability and SolarWinds Observability are the result of decades of experience in network performance management. The platform has strong capabilities across a variety of key criteria, including dynamic discovery, validation, and application monitoring.

Challenges: SolarWinds could further develop its capabilities for business intelligence, like measuring the financial impact of network performance and other customer and industry-specific metrics.

6. Analyst’s Take

Network observability is not revolutionary, but it is constantly moving forward. Features such as providing real-time data, discovering and mapping assets, and offering visibility across most types of network infrastructure are becoming the norm in the space. We expect this trend to continue, with capabilities such as automation becoming the standard rather than the selling point of differentiation. How automation is achieved is another story because it can be static and defined by humans, or contextual and actioned by AI.

ML and AI are critical elements that will dictate whether vendors remain competitive in the market. We can categorize vendors into three groups depending on how they will implement AI and ML:

  1. AI-centric: Develop AI/ML capabilities in-house or work with AI specialists to embed the features within the platform
  2. AI-compatible: Integrate with third-party AI tools, bearing the risk that these AI tools will not be purpose-built for network observability
  3. AI-reluctant: Will not leverage AI and ML but will continue to develop around workflow automation

The most consistent capability across all vendors is visualization. This makes sense as visualization has been a focus of traditional network performance monitoring, with all developments in this area carrying forward into network observability.

Interestingly, most vendors have gone beyond Layer 2 through 4 monitoring to provide Layer 7 and application observability as well. This illustrates a market-wide shift in priorities, where network teams are no longer siloed but actively involved in supporting business applications. Business leaders acknowledge that application performance is heavily dependent on network performance, and observability tools provide the required insights to support the application via the network.

The widest variance in vendors’ capabilities occurs around validation and dynamic discovery and mapping. Validation is the result of multiple features such as configuration management, network performance, and automation. If a vendor offers all these capabilities independently, they will not be able to perform validation. However, if they can correlate performance changes based on configuration while also being able to assess configurations created through automated deployment features, then the vendor will be a leading contender for this use case.

Dynamic discovery and mapping has a low barrier to entry. With asset discovery as a table stake for observability, a vendor can achieve minimum dynamic discovery and mapping by scheduling discovery scans. The difference becomes apparent for more advanced features, such as discovering SaaS applications and other services, which is not something that most vendors can support.

SaaS deployments are not yet the industry standard, but this is one aspect recognized as a deal breaker for a growing number of network operators. So, it is unsurprising that most vendors are accelerating SaaS deployment models in their development pipelines.

While network observability is mainly a platform-based solution (that is, the more features supported, the better the offering), a vendor’s capabilities need to go only as far as your requirements and future needs dictate. For example, if you already own a security observability solution, employing a network observability solution with security capabilities may not add any value. This is why modular solutions can be beneficial, allowing you to pick and choose the features you need. Likewise, if you need to deploy the observability solution as a physical appliance on-premises, whether the solution offers an SaaS deployment model is irrelevant. When assessing vendors, we recommend drafting a high-level view of your requirements to help narrow down your vendor selection to a manageable number of prospects.

7. About Andrew Green

Andrew Green is an enterprise IT writer and practitioner with an engineering and product management background at a tier 1 telco. He is the co-founder of, where he produces technical content for enterprise IT and has worked with numerous reputable brands in the technology space. Andrew enjoys analyzing and synthesizing information to make sense of today’s technology landscape, and his research covers networking and security.

8. About GigaOm

GigaOm provides technical, operational, and business advice for IT’s strategic digital enterprise and business initiatives. Enterprise business leaders, CIOs, and technology organizations partner with GigaOm for practical, actionable, strategic, and visionary advice for modernizing and transforming their business. GigaOm’s advice empowers enterprises to successfully compete in an increasingly complicated business atmosphere that requires a solid understanding of constantly changing customer demands.

GigaOm works directly with enterprises both inside and outside of the IT organization to apply proven research and methodologies designed to avoid pitfalls and roadblocks while balancing risk and innovation. Research methodologies include but are not limited to adoption and benchmarking surveys, use cases, interviews, ROI/TCO, market landscapes, strategic trends, and technical benchmarks. Our analysts possess 20+ years of experience advising a spectrum of clients from early adopters to mainstream enterprises.

GigaOm’s perspective is that of the unbiased enterprise practitioner. Through this perspective, GigaOm connects with engaged and loyal subscribers on a deep and meaningful level.

9. Copyright

© Knowingly, Inc. 2023 "GigaOm Radar for Network Observability" is a trademark of Knowingly, Inc. For permission to reproduce this report, please contact