Table of Contents
1. Executive Summary
Network observability is a category of solutions that go beyond device-centric network monitoring to provide truly relevant end-to-end visibility and intelligence for all the traffic in your network, whether on-premises, in the cloud, or anywhere else. Representing a step beyond network performance monitoring, network observability guarantees visibility and distinguishes itself with actionable insights. These insights shift many low-level activities—such as troubleshooting or traffic analysis—from engineers to the network observability tool.
Observability solutions are less about specialization and more about consolidating a comprehensive experience in a single tool. This convergence of functionality brings numerous advantages, including a better user experience, lower costs than those incurred when deploying multiple tools, adaptability for complex IT environments, future-proofing, and cohesiveness across IT departments. Network observability is a key ingredient for ensuring that your modern, critical infrastructure achieves the required uptime and availability.
While businesses of all sizes can benefit from the end-to-end visibility offered by network observability solutions, those with large, complex networks are likely to see the most improvement. These can be companies with proprietary networks, for which IT plays a supporting role—such as retail or manufacturing—or businesses that sell network services, such as communication service providers. We explore these categories in more depth in the following section.
This is our fourth year evaluating the network observability space in the context of our Key Criteria and Radar reports. This report builds on our previous analysis and considers how the market has evolved over the last year.
This GigaOm Radar report examines 20 of the top network observability solutions in the market, and compares offerings against the capabilities (table stakes, key features, and emerging features) and non-functional requirements (business criteria) outlined in the companion Key Criteria report. Together, these reports provide an overview of the category and its underlying technology, identify leading network observability offerings, and help decision-makers evaluate these solutions so they can make a more informed investment decision.
GIGAOM KEY CRITERIA AND RADAR REPORTS
The GigaOm Key Criteria report provides a detailed decision framework for IT and executive leadership assessing enterprise technologies. Each report defines relevant functional and nonfunctional aspects of solutions in a sector. The Key Criteria report informs the GigaOm Radar report, which provides a forward-looking assessment of vendor solutions in the sector.
2. Market Categories and Deployment Types
To help prospective customers find the best fit for their use case and business requirements, we assess how well network observability solutions are designed to serve specific target markets (Table 1) and deployment models (Table 2).
For this report, we recognize the following market segments:
- Cloud service provider (CSP): These are infrastructure-as-a-service (IaaS) providers who operate a global network of data centers and serve customers worldwide. These providers often have private networks connecting their data centers and work with communication service providers.
- Edge/content delivery network (CDN): Edge service providers operate a highly distributed global network, often containing hundreds of points of presence (PoPs) across all continents. Their main proposition is to lower latencies for end users, which means they depend heavily on observability solutions for performance assurance.
- Communication service providers/telcos: These are carriers, internet service providers (ISPs), and network service providers (NSPs) that offer network services and often have a very complex national and international physical infrastructure serving both enterprise and consumer customers.
- Regulated industries: These types of networks have comprehensive security requirements and can encompass local authorities (local councils, emergency services), utilities, national public institutions (government, national defense agencies), and international entities (such as the European Council).
- Small-to-medium business (SMB): Solutions in this category are those that meet the needs of small and midsize businesses, which operate a network (physical or virtual) that supports their workforce. These solutions also can serve individual departments or lines of business within a large enterprise.
- Large enterprise: Usually adopted for large or business-critical projects, solutions in this category have a strong focus on flexibility, performance, data services, and features that improve security and data protection. Scalability is another big differentiator, as is the ability to use the same service in different environments.
Table 1. Vendor Positioning: Target Market
Vendor Positioning: Target Market
Target Market |
||||||
---|---|---|---|---|---|---|
Vendor |
CSP | CDN | Telcos | Regulated Industries | SMB | Large Enterprise |
Accedian, now part of Cisco | ||||||
Auvik | ||||||
Broadcom | ||||||
Datadog | ||||||
Forward Networks | ||||||
Kentik | ||||||
LiveAction | ||||||
LogicMonitor | ||||||
ManageEngine | ||||||
MantisNet | ||||||
Motadata | ||||||
NetBrain | ||||||
NETSCOUT | ||||||
OpenText | ||||||
Paessler | ||||||
Park Place Technologies | ||||||
Plixer | ||||||
Progress | ||||||
Riverbed | ||||||
SolarWinds |
In addition, we recognize five solution deployment models and four network probe deployment models.
Network observability tools can be delivered via the following deployment models:
- Physical appliance: The tool requires one or more specialized hardware units to be installed on the customer’s network. This approach typically offers the least deployment flexibility (you must physically attach the appliance to your infrastructure) but the highest degree of control and security.
- Virtual appliance: This software tool can be deployed in public clouds, private clouds, or other on-premises infrastructure. It gives you greater control, while still allowing solid deployment flexibility. The tool’s performance, however, depends on whatever infrastructure the software is running on, as well as the quality of connectivity to the rest of the network.
- Public cloud image: The observability tool is available in public cloud marketplaces and can run within the cloud environment.
- SaaS: The tool can be accessed directly through a web portal with no additional installation. The tool is hosted and managed by the vendor and delivers the benefits of the solution as a service. This is often the simplest and easiest way to leverage network observability. The downside is that it may not meet the security requirements or complex customization needs of some customers.
- Software: This model refers to the solution being available as a software-only solution which can be installed and run on a customer’s own general-purpose servers.
Additionally, observability tools can leverage network probes or agents to collect data that can be deployed as one of the following:
- Physical appliance: Some solutions require dedicated physical appliances to be installed on them to tap network data. Typically, this offers packet-level visibility into the network traffic, but it is hard to deploy and manage.
- Virtual appliance: Some network probes can be installed on generic all-purpose hardware or virtual machines rather than on dedicated physical appliances. These can be more easily deployed and decommissioned compared to their physical appliance counterparts.
- Agent-based: An agent-based solution means that a piece of software is installed on relevant appliances or endpoints, such as end-user devices, to collect network data. These can take the form of an extended Berkeley Packet Filter (eBPF) host agent, synthetic private agents, or domain name system (DNS) probes.
- Agentless: An agentless model uses network flow data such as Netflow, Sflow, IPFIX, Jflow, Cflow, or protocols like simple network management protocol (SNMP) and an API to collect network data.
Table 2. Vendor Positioning: Deployment Model: Solution and Network Probe
Vendor Positioning: Deployment Model: Solution and Network Probe
Deployment Model: Solution |
Deployment Model: Network Probe |
||||||||
---|---|---|---|---|---|---|---|---|---|
Vendor |
Physical Appliance | Virtual Appliance | Public Cloud Image | SaaS | Software | Physical Appliance | Virtual Appliance | Agent-Based | Agentless |
Accedian, now part of Cisco | |||||||||
Auvik | |||||||||
Broadcom | |||||||||
Datadog | |||||||||
Forward Networks | |||||||||
Kentik | |||||||||
LiveAction | |||||||||
LogicMonitor | |||||||||
ManageEngine | |||||||||
MantisNet | |||||||||
Motadata | |||||||||
NetBrain | |||||||||
NETSCOUT | |||||||||
OpenText | |||||||||
Paessler | |||||||||
Park Place Technologies | |||||||||
Plixer | |||||||||
Progress | |||||||||
Riverbed | |||||||||
SolarWinds |
Tables 1 and 2 components are evaluated in a binary yes/no manner and do not factor into a vendor’s designation as a Leader, Challenger, or Entrant on the Radar chart (Figure 1).
“Target market” reflects which use cases each solution is recommended for, not simply whether that group can use it. For example, if an SMB could use a solution but doing so would be cost-prohibitive, that solution would be rated “no” for SMBs.
3. Decision Criteria Comparison
All solutions included in this Radar report meet the following table stakes—capabilities widely adopted and well implemented in the sector:
- Multiple data sources
- Vendor-agnostic orientation
- Contextual visibility
- Network discovery
- Real-time data
Tables 3, 4, and 5 summarize how each vendor included in this research performs in the areas we consider differentiating and critical in this sector. The objective is to give the reader a snapshot of the technical capabilities of available solutions, define the perimeter of the relevant market space, and gauge the potential impact on the business.
- Key features differentiate solutions, outlining the primary criteria to be considered when evaluating a network observability solution.
- Emerging features show how well each vendor is implementing capabilities that are not yet mainstream but are expected to become more widespread and compelling within the next 12 to 18 months.
- Business criteria provide insight into the non-functional requirements that factor into a purchase decision and determine a solution’s impact on an organization.
These decision criteria are summarized below. More detailed descriptions can be found in the corresponding report, “GigaOm Key Criteria for Evaluating Network Observability Solutions.”
Key Features
- Dynamic discovery and mapping: This criterion looks at whether and how well the platform can automatically discover and map new network functions and connections. These can be networking devices, new application integrations, third-party SaaS tools, edge locations, data center overlays and underlays, security functions, cloud-native constructs such as VPCs and Vnets, software-defined wide area network (SD-WAN) overlays and controllers, and network as a service (NaaS) and secure access service edge (SASE) deployments.
- Visualization: Observability goes beyond simple visibility and presents data in a way that is easy to navigate and understand. A major aspect of this criterion is the depth and granularity of visualization a solution provides.
- Validation: This is the process of confirming whether a network configuration or design is fulfilling its intended purpose. Validation should be performed proactively before deploying a network change to determine whether the proposed change violates any predefined (“golden configuration”) policy. Failed checks should automatically abort the deployment process.
- Traffic analysis: This metric evaluates the insights a network observability platform can extract by looking at historical network behavior. Though this information may consist of something as simple as trend lines based on existing data, leading solutions leverage ML algorithms to learn about usage patterns.
- Troubleshooting and optimization: This metric looks at how well a solution is able to resolve issues by tracing and correcting flaws in a system, and by optimizing the system to prevent further issues. Just as with validation and traffic analysis, troubleshooting has multiple facets. Its main scope is to reduce mean time to respond (MTTR) and network administrators’ workloads.
- Security observability: Network observability tools are well-positioned to provide observability over security infrastructure as well as network behaviors. For security network infrastructure monitoring, observability tools should include appliances such as Layer 4 firewalls, proxies, Layer 7 firewalls, and VPNs.
- Application and Layer 7 monitoring: With the network as a supporting function for the application, observability tools also need to provide visibility into application performance and how the network affects it.
- Microservices and containers: Network observability tools can expand their realm of expertise to include monitoring of both microservices and containers. Distributed applications built using serverless computing and container-based microservices will become increasingly important with modern application architectures, and leading solutions will bring observability to these new environments.
Table 3. Key Features Comparison
Key Features Comparison
Exceptional | |
Superior | |
Capable | |
Limited | |
Poor | |
Not Applicable |
Emerging Features
- Network modeling and planning: Network observability tools can use their knowledge of a customer’s infrastructure to create a simulated environment where the solution can generate synthetic traffic to emulate how the network will behave in different scenarios or how it would behave following configuration or architectural changes.
- AI-driven network operations: Compared to the troubleshooting and optimization key feature, the AIOps emerging feature evaluates solutions’ capabilities to autonomously identify and resolve issues.
- Extended Berkeley Packet Filter (eBPF): This technology originated in the Linux kernel and can run sandboxed programs in a privileged context such as the operating system kernel. It is used to safely and efficiently extend the capabilities of the kernel without requiring any change to kernel source code or loading of kernel modules.
- Large language model (LLM) integrations: Solutions can leverage LLMs to offer administrators a natural language interface for navigating the product. Using an LLM, a solution can write queries to surface relevant information about the network by using everyday language.
- End-user experience monitoring: Network observability tools can go beyond the enterprise network perimeter and measure the performance of applications and services from the end-users’ devices. Using either real-user traffic or synthetic traffic, the solution can gain visibility into client device metrics like bandwidth, latency, jitter, and packet loss.
- Business intelligence: This feature goes beyond network monitoring from a purely technical point of view and factors in business metrics, which include translating network performance into financials, industry-specific metrics, and customer experience.
Table 4. Emerging Features Comparison
Emerging Features Comparison
Exceptional | |
Superior | |
Capable | |
Limited | |
Poor | |
Not Applicable |
Business Criteria
- Scalability: Network observability is typically required in complex IT systems found in large national or multinational companies or public sector agencies that rely on legacy equipment and multiple vendors, which lowers their visibility and results in operational silos. This metric assesses how well a solution is able to grow to meet the increasing needs of large and dynamic enterprises.
- Flexibility: For network observability, flexibility is determined based on factors such as customization options, interoperability via APIs, and level of vendor support.
- Ease of use: We can assess this metric from the perspective of Day 1 (ease of deployment), navigation (ease of data retrieval), insights (is data reported on only, or does the solution offer actionable insights?), and remediation (does it offer steps for resolution?). Other factors contributing to ease of use include the availability of technical documents and training programs.
- Ecosystem: With the purchase of a large-scale solution like this, customers are essentially joining a family. To determine the network observability solution provider’s viability, it’s important to assess its supply chains and contractual agreements.
- Cost: As with all technical solutions, the up-front subscription cost for a network observability tool might not reflect all expenses required for full operation. For example, open-source software is free, but support staff and ancillary products may be required.
Table 5. Business Criteria Comparison
Business Criteria Comparison
Exceptional | |
Superior | |
Capable | |
Limited | |
Poor | |
Not Applicable |
4. GigaOm Radar
The GigaOm Radar plots vendor solutions across a series of concentric rings with those set closer to the center judged to be of higher overall value. The chart characterizes each vendor on two axes—balancing Maturity versus Innovation and Feature Play versus Platform Play—while providing an arrowhead that projects each solution’s evolution over the coming 12 to 18 months.
Figure 1. GigaOm Radar for Network Observability
As you can see in Figure 1, most vendors are concentrated in the Maturity/Platform Play quadrant, while the rest of the quadrants have two or three vendors. This represents an expected evolution compared to last year’s report, showing how vendors such as Plixer and OpenText have moved toward the horizontal axis and closer to the Innovation half. With the addition of Forward Networks and NetBrain to the report, we’ve migrated some vendors counterclockwise to better illustrate competing solutions.
The Innovation/Feature Play quadrant contains three vendors. Forward Networks and Netbrain both offer observability capabilities that are a basis for their network modeling or digital twin products. MantisNet provides a novel take on observability using eBPF, but it does not offer some out-of-the-box features expected in a network operations center (NOC). Auvik and Paessler are featured in the Maturity/Feature Play quadrant, with Auvik having a focus on mid-market solutions and Paessler delivering on the advanced features described in the report using third-party tools.
In the Innovation/Platform Play quadrant, both DataDog and Kentik tackle a good range of network observability use cases, developed their monitoring features using eBPF, have good development pipelines, and can tackle use cases such as container and microservices monitoring.
The Maturity/Platform Play quadrant features 13 well-established network observability solutions. All can deliver on a wide set of use cases. Outperformers in this quadrant include Broadcom, SolarWinds, OpenText, Riverbed, and LiveAction.
In reviewing solutions, it’s important to keep in mind that there are no universal “best” or “worst” offerings; there are aspects of every solution that might make it a better or worse fit for specific customer requirements. Prospective customers should consider their current and future needs when comparing solutions and vendor roadmaps.
INSIDE THE GIGAOM RADAR
To create the GigaOm Radar graphic, key features, emerging features, and business criteria are scored and weighted. Key features and business criteria receive the highest weighting and have the most impact on vendor positioning on the Radar graphic. Emerging features receive a lower weighting and have a lower impact on vendor positioning on the Radar graphic. The resulting chart is a forward-looking perspective on all the vendors in this report, based on their products’ technical capabilities and roadmaps.
Note that the Radar is technology-focused, and business considerations such as vendor market share, customer share, spend, recency or longevity in the market, and so on are not considered in our evaluations. As such, these factors do not impact scoring and positioning on the Radar graphic.
For more information, please visit our Methodology.
5. Solution Insights
Accedian, now part of Cisco
Solution Overview
In late 2023, Cisco completed the acquisition of network observability provider Accedian. The solution, Accedian Skylight, delivers high-performance network and user-experience monitoring across virtualized, cloud, software-defined, and physical network infrastructures, as well as service and application chains. Skylight provides end-to-end network and application performance visibility and control over user experience.
Accedian’s network observability is achieved with the following products:
- Skylight Performance Analytics (SaaS deployment) is the main tool for viewing and analyzing network performance data.
- Skylight software and hardware sensors (physical and virtual deployment) are designed for capturing all network traffic between users and infrastructure (north-south) and between virtualized infrastructure resources (east-west). These can be deployed as software microservices on open compute platforms (x86, vCPE or uCPE, cloud servers) and public cloud platforms.
Strengths
The platform ranks high on both the application and Layer 7 monitoring and traffic analysis key criteria. It uses sensors to monitor real-user experience and generate synthetic data orchestrated from a single solution. The Skylight sensors, available as software or containers, provide active test traffic from Layers 2 through 7. The sensors can generate performance data on Layer 2 Ethernet, Layer 3 IP, Layer 4, and Layer 7 protocols. The Skylight “capture sensor” provides lightweight passive analysis of network traffic from Layer 2 to Layer 7 on physical, virtualized, and cloud infrastructures. The capture sensor collects network traffic between users and infrastructure (north-south) and between virtualized infrastructure resources (east-west).
The Skylight platform is highly scalable, able to monitor multinational networks, and caters to the complex environments of CSPs or businesses with highly distributed networks.
Accedian ranks high on the traffic analysis criterion because Skylight performance analytics leverages ML to conduct network traffic analysis. It provides predictive analysis to identify performance-related issues such as latency, jitter, congestion, and dropped packets.
Skylight also scores well on the validation criterion, having developed intent-based assurance features, which support baseline performance to ensure the network fulfills business needs and outcomes. Baseline performance metrics can be used pre- and post-configuration change and validate that change management is done successfully. The solution couples baseline data and metadata, which allows Skylight to create a contextual relationship between service fulfillment and configuration.
Challenges
Accedian’s network observability has limited Wi-Fi and wireless monitoring capabilities. Accedian is working on a strategy to further integrate with Cisco’s broad portfolio that includes the Wi-Fi and wireless infrastructure monitoring capabilities. Similarly, the solution’s SaaS-only deployment is not suitable for organizations that require other types of deployment models.
Purchase Considerations
As it was only recently acquired, it’s expected that the Accedian solution will become more tightly integrated with the rest of the Cisco portfolio. Some use cases might be integrations with Cisco ACI and network dashboard fabric controller (NDFC) for data center and cloud networking to make use of Accedian’s well-developed analysis capabilities.
Accedian Skylight can deliver on a wide range of use cases, such as enterprise network monitoring, cloud network monitoring, WAN, and internet. Accedian can also monitor cellular and radio networks, which is a capability available only in a few vendors featured here. The solution is also able to monitor end-user experience.
Radar Chart Overview
Accedian, now part of Cisco, is positioned in the Maturity/Platform Play quadrant of the Radar chart. The solution supports a comprehensive range of use cases and has a mature and flexible architecture. As it was only recently acquired by Cisco, the solution is expected to be further integrated with Cisco’s products, but we do not foresee any rearchitecting or major developments in the near future. Accedian is thus a Fast Mover.
Auvik
Solution Overview
Auvik’s Network Management (ANM) solution has well-developed capabilities for monitoring SMB infrastructure that span from on-premises equipment to outsourced infrastructure in the cloud and at the edge. ANM also includes automation features that continually scan for network changes and update network documentation, back up device configurations, and alert on network activities.
Delivered in a SaaS model, Auvik supports functions such as network topology mapping, network traffic visualization, network performance monitoring, network configuration backups, syslog management, and netflow traffic analysis to provide Layer 7 monitoring.
Strengths
Auvik can discover and map new network appliances and services automatically as they are added. Moreover, Auvik integrates asset management capabilities such as detecting and capturing full details for every device on the network, including make and model, serial number, IP address, and the physical switchport the device is connected to. Auvik pulls lifecycle data from supported devices to show whether they are on current or expired support contracts, whether there are more up-to-date software versions available, whether the devices are eligible to receive critical security updates, and whether or not the devices are still available for purchase.
For validation, Auvik scans network devices for configuration changes every hour, backing up the latest configurations automatically. The configuration backups are available for a side-by-side comparison review. Auvik can easily restore configurations using a restore button or, alternatively, allow export so the configuration can be applied to a new device. While this approach falls short of achieving true validation, Auvik provides the opportunity to correlate network performance changes with configuration changes.
Auvik extracts flow data and uses ML and traffic classification to highlight which applications or protocols are using the bulk of the network’s bandwidth, allowing users to investigate network traffic spikes retroactively or in real-time. Customers can identify applications in use, application category, device names, and geolocation.
Challenges
Auvik ranks lower on criteria such as security observability and troubleshooting. While the lack of security observability is a deliberate choice, the vendor should continue improving its automation capabilities, including self-healing and auto-remediation.
Purchase Considerations
Auvik has a strong offering for mid-market customers with a good level of end-to-end network observability. Its developed traffic analysis capabilities and SaaS-based offering make it an attractive option in the network observability market. The lower overhead associated with deploying and managing the solution makes it a suitable choice for mid-sized organizations that need visibility of enterprise networks.
Auvik’s network observability solution is suitable for organizations that need to monitor data center, LAN, and campus Wi-Fi and wireless networks. With a high score for ease of use and licensing methods, the solution is a suitable choice for mid-sized organizations that require a solution with low overhead and a short time-to-value.
Radar Chart Overview
Catering specifically to the mid-market, Auvik’s solution is easy to use and deploy, and it addresses the most important use cases for organizations managing on-premises networks. This places Auvik in the Maturity/Feature Play quadrant of the Radar chart. While Auvik has a good development pipeline, there have been few feature releases since the last iteration of the report, which is why Auvik is now a Fast Mover rather than an Outperformer.
Broadcom
Solution Overview
Combining AppNeta’s and DX NetOps’ capabilities, the NetOps by Broadcom observability solution expands traditional operational visibility beyond the network edge and out to ISP, SaaS, and cloud provider networks. With these solutions, enterprises can leverage end-user experience metrics to track and optimize end-to-end network performance.
DX NetOps is Broadcom’s main network observability tool, which can be used across traditional and software-defined architectures, with strong capabilities for network fault detection, performance, flow, configuration management, log analysis, and AI insights. DX NetOps is further enhanced by Broadcom’s AIOps solution, which leverages AI and ML for full-stack correlations, predictions, and algorithmic analysis of alarms, metrics, logs, and topologies.
AppNeta offers SaaS-based network and end-user experience monitoring that provides insights into network performance from the end-user perspective across infrastructures that customers do not own, such as the internet, middle mile, cloud, and SaaS environments. AppNeta’s proprietary TruPath technology provides granular insight into the network delivery paths through any network by using packet-train dispersion.
Strengths
Broadcom brings user experience metrics into the NOC for a better understanding of the managed and unmanaged network delivery performance impact on applications and users. By correlating network path metrics with network device performance, root cause and end-to-end network path health are surfaced, enabling the operations teams to get a better perspective of user experience impact.
Broadcom’s network observability offering is a very good candidate for carriers, system integrators, managed service providers (MSPs), and large enterprises. Broadcom also boasts an excellent partner ecosystem, leveraging industry-leading vendors for comprehensive visibility across all network segments.
Broadcom scores high on most of our key criteria, including dynamic discovery, traffic analysis, and troubleshooting. For validation, Broadcom uses AppNeta’s near real-time, hop-by-hop, active testing of the entire network delivery experience to validate performance from controllers against the actual network delivery performance, validate overlay performance, identify patterns in performance over time, and identify problematic transports or service providers by looking at deviation from normal baselines and projections. This network delivery validation can be used for pre- and post-production deployments like SD-WAN and multi-cloud adoption.
Some of Broadcom’s recent feature releases include volatility analytics and monitoring policies. Volatility analytics monitors instability in the network by assessing metric variability inflicted by external forces on the overall market performance. Monitoring policies are a new AppNeta feature that enables administrators to define what and how to monitor, with the solution applying the policies for new users or networking constructs.
Challenges
Broadcom needs to continue the integration between its existing DX NetOps solution and the capabilities available through AppNeta to deliver a seamless user experience. Broadcom does not currently support any eBPF capabilities or integrations with LLMs for a natural language interface.
Purchase Considerations
Following the VMware acquisition, Broadcom’s network observability solution can benefit from lower-level integrations with VMware’s SD-WAN, NSX, Tanzu, and VCF. Current observability capabilities for VMware environments include SD-WAN performance validation that covers the Application Performance Index (Apdex) and Mean Opinion Score (MOS) indicators, and NSX performance validation, that collects inventory data, alarms, and performance metrics from VMware NSX data centers, as well as underlay network metrics.
NetOps licensing is based on the device count monitored on the corporate network, data centers, and cloud and SaaS applications with active network and web monitoring.
Broadcom’s network observability solution can be used for a wide range of use cases, including monitoring data center, LAN, and campus WAN and internet, virtualized networks for cloud and edge environments Wi-Fi, wireless, and cellular and radio networks, and digital experience monitoring. With such a broad platform scope, Broadcom’s network observability solution is suitable for large enterprises with complex environments.
Radar Chart Overview
Broadcom maintains its position as a strong Leader in this fourth iteration of the report. Compared to last year, Broadcom is now positioned in the Maturity/Platform Play quadrant rather than the Innovation/Platform Play quadrant. While it’s expected for vendors to move from innovation to maturity, new vendors added to the Feature Play side caused us to reshuffle the rest of the Radar, and Broadcom is now positioned in the same quadrant with comparable solutions.
Datadog
Solution Overview
Datadog offers a modern take on network observability through its two products, Network Performance Monitoring (NPM) and Network Device Monitoring.
NPM provides visibility into network environments, such as on-premises, cloud, and hybrid environments–including public cloud constructs like virtual private clouds (VPCs) and cloud services. NPM data collection is done using eBPF, meaning the solution requires monitored platforms to have Linux kernel versions of 4.4.0+ or have eBPF features backported. Datadog Network Device Monitoring monitors and troubleshoots routers, firewalls, switches, load balancers, and other network devices by supporting SNMP, Netflow, syslog, and other data formats. NPM also supports Windows.
In addition to network monitoring, buyers should also consider Datadog’s application performance monitoring (APM) solution, which provides insight into issues at the application layer of containerized environments. With APM, if a container running on EC2 is experiencing high request latency, it can have the networking component investigated to view all network connections that are related to that service and determine whether the problem stems from an upstream service.
Strengths
Datadog offers some of the most comprehensive and sophisticated monitoring of microservices container networking. The solution has awareness and visibility over CNIs such as Cilium, service meshes such as Istio, proxy services such as Envoy, and managed Kubernetes services.
Datadog NPM visualizes the architecture and performance of containerized and orchestrated environments, with support for Docker, Kubernetes, ECS, and other container technologies. Datadog’s container integrations enable organizations to aggregate traffic by entities, such as containers, tasks, pods, clusters, and deployments–with out-of-the-box tags. NPM can map network communication between containers, pods, and services over the Istio service mesh. It tags Envoy sidecars as containers, which means administrators can use the network map to visualize the underlying container traffic and determine whether it’s a service mesh issue.
The network map provides a topology view of the network to help visualize network partitions, dependencies, and bottlenecks. In addition to providing an overview of the network’s physical connections, administrators can investigate individual devices to understand their connections, flows, and overall status. Hovering over a device displays its overall status and key metrics.
Datadog NPM supports visibility for the large public cloud providers, AWS, Azure, and GCP. NPM automatically maps network calls to AWS services such as S3, RDS, Kinesis, ELB, and Elasticache. It can also map API calls to AppEngine, Google DNS, Gmail, and other Google Cloud services. The solution can also monitor AWS load balancers, NAT gateways, VPC internet gateways, and VPC endpoints.
For business intelligence, the solution’s analytics capabilities can help investigations into cloud cost reduction, such as for cross-availability-zone traffic by discovering which services make up most of the cross-AZ traffic. This can also be applied for other use cases, such as cross-team, cross-cloud provider, or cross-region traffic.
The solution supports troubleshooting through Datadog’s query language. Administrators are able to easily start investigations using templated queries that surface relevant network information without the need to search for or group the traffic.
Challenges
While Datadog offers full-stack observability for digital enterprises, the solution does not currently support use cases for radio and cellular networks. The solution also scores less well on the validation key feature, as Datadog NPM does not currently have awareness and control over network configuration. In addition, its troubleshooting features revolve around providing data to administrators, but the solution does not now offer any auto-remediation or self-healing capabilities.
Purchase Considerations
Datadog is distinguished from the rest of the vendors featured in this report due to its wider data ingestion and analytics capabilities, which go beyond network data. Organizations that deploy Datadog NPM also have access to a wide range of its infrastructure and service monitoring, which is unavailable from other vendors featured here. NPM is perhaps best suited for organizations that already have a Datadog deployment and require a network observability product.
Datadog can deliver on a nice range of use cases, but it has particularly good capabilities for monitoring containers, microservices, applications, and services. It can also monitor enterprise networks, data centers, and cloud networks. Currently, the solution can monitor Cisco SD-WAN only using Meraki or a Netnology integration, and it does not support radio networks.
Radar Chart Overview
DataDog is positioned in the Innovation/Platform Play quadrant. Leveraging its background in data ingestion and analytics, DataDog offers a modern approach to network performance monitoring that’s based on eBPF, a capability that’s generally not available with the solutions in the Maturity/Platform Play quadrant. Datadog is positioned further away from the horizontal axis and the Maturity half to indicate that it does not support some use cases required by enterprises today. Datadog is a Leader and a Fast Mover, and further development to support other use cases will position the vendor closer to the Maturity quadrant in future iterations.
Forward Networks
Solution Overview
Forward Networks’ Enterprise platform provides a novel take on network observability by generating a vendor-neutral software abstraction—a digital twin—that models the entire network infrastructure, including switches, routers, firewalls, load balancers, and SD-WAN solutions, both on-premises and in the public cloud.
By producing a digital twin of a network, the solution enables end-users to search network behavior, configuration, and state network-wide. The solution can discover any device on the network, including its connections and all forwarding behavior for end-to-end path analysis across the network for both on-premises and multicloud infrastructure.
The Forward Networks’ digital twin serves as a powerful troubleshooting platform, offering a suite of applications such as search, inventory, verification, and network query engine (NQE). These applications unveil comprehensive configuration and connectivity insights, empowering operators to proactively pinpoint configuration errors, connectivity inefficiencies, or potential causes of security breach. In the event of detecting such anomalies, the platform can be configured to dispatch notifications and alerts or generate or update ServiceNow tickets, expediting reporting and subsequent remediation efforts. This robust functionality streamlines network management processes and enhances overall operational efficiency.
Strengths
The solution specializes in and scores high on validation. It can verify that the network is configured and behaving as intended across on-premises, cloud, and virtual overlay networks by delivering automated pre- and post-deployment checks.
The Forward Enterprise Behavior Diffs feature surfaces what has changed at different layers in the network stack by showing changes in the topology (devices, links, interfaces), the changes at Layer 2 (VLANs) and Layer 3 (routing), the changes around security (ACL, NAT), and what effects the changes have on the network intent policies defined by the network operators. It offers a side-by-side comparison in one quick view of configuration file and state changes for any device, between any two points in time and can identify what policy rules and behavior checks have changed between snapshots.
The solution scores high on security observability. Forward Enterprise is able to address security use cases such as attack surface management, which provides detailed information on all devices connected to a compromised host, in a single intuitive interface; vulnerability management; security posture management for validating that global network security posture complies with zero-trust design goals for multicloud and on-premises networks; and exposure analysis to identify which end-hosts impacted by critical vulnerabilities can be accessed from any exposure point.
In January 2024, Forward launched AI Assist, which provides users with a natural language interface to perform root cause analysis, configuration analysis, compliance and audit tasks, and proactive detection of potential misconfigurations.
Challenges
The solution does not provide traffic analysis features, which rely on observing real-world traffic rather than using a simulated instance of the network. Moreover, it does not currently offer application and Layer 7 monitoring, microservices and container monitoring, or business intelligence features. However, application, microservices and container monitoring are all on Forward’s medium-term roadmap.
Purchase Considerations
Forward Network’s observability solution is inherently different from the rest of vendors featured in this report. It allows enterprises to take a much more proactive approach to managing how the network performs, compared to the reactive approach that monitors real traffic to identify degradations after they take place. What the solution can’t provide in terms of traffic analysis, it compensates for with very comprehensive validation features and associated security posture monitoring.
Forward offers a yearly licensing model per physical or virtual network device used on-premises, while for cloud monitoring, the licensing is per compute instances.
Forward Networks’ comprehensive digital twin engine can model a wide range of type overlay and underlay networks. The solution can model appliances such as switches, routers, firewalls, and load balancers, as well as SD-WAN and wireless solutions, data center networks, and virtualized cloud environments. It does not currently support radio networks. Modeling for containers and microservices will be supported in future releases.
Radar Chart Overview
In its first appearance in the network observability Radar, Forward Networks is positioned in the Innovation/Feature Play quadrant. Its approach is truly distinguished from the other vendors because it helps organizations monitor their networks by creating a digital twin. While this approach has specific advantages, the solution does not offer all the features supported by solutions on the Platform Play side, such as traffic analysis. But Forward Networks is also classified as an Outperformer due to its development pipeline for Layer 7 and application-aware features.
Kentik
Solution Overview
The Kentik network observability solution provides comprehensive observability of networks across infrastructures including data centers, private and public clouds, WAN and SD-WAN edge, CDNs, ISPs, and the various service provider networks on the internet.
The Kentik offerings are provided in a unified, intuitive map and topology view that shows intra- and inter-infrastructure traffic flows and provides real-time and historical traffic, performance, and health information for immediate assessment, issue identification, and troubleshooting. The solution is fully delivered as SaaS but can also be deployed physically within the customer’s control if needed to support compliance requirements. In this case, the solution is managed by Kentik and delivered in a similar SaaS fashion.
Kentik’s network observability solution supports monitoring for very large networks. It includes excellent security monitoring capabilities from its broad partner ecosystem as well as built-in threat-intelligence data that can correlate with customer-supplied data.
Kentik Kube is a new feature that uses a kernel-based eBPF agent to generate flow records and performance characteristics such as session latency and TCP retransmit statistics. The eBPF nature of the agent means it is lightweight and offers very high performance, generating flow records for 10Gb/s of traffic consuming a single CPU core. Kentik is currently developing eBPF features to generate VPC Flow logs in cloud provider environments, which is typically done to avoid the flow log charges.
Kentik has developed a natural language interface, called Journeys AI, that leverages GPT-4 under the hood for network troubleshooting and investigation, while other LLMs can be substituted in the future. Users can ask questions about their network in natural language, using the full breadth of Kentik’s platform to deliver an answer.
Strengths
Kentik ranks high on visualization for intuitive and easy-to-navigate network representations, with a granular level of detail across third-party infrastructures. Kentik enables the analysis of traffic paths throughout cloud virtual network constructs with trace-route and path views, including all nodes and test result metrics. This functionality lets administrators see nodes, links, and paths along a route and quickly find performance issues.
Another differentiating feature in Kentik’s solution is the visibility of network spending. Customers can input their connectivity service provider’s pricing model into Kentik, and based on the amount of traffic, Kentik can provide spending estimates. This information allows enterprises to forecast OpEx spending for network usage and scenario-based budget planning.
Kentik provides advanced insights with autodetection of anomalies and emerging issues, using built-in diagnosis and potential root cause analysis (RCA) with a combination of semantically enriched algorithmic learning. The solution uses AI to generate and surface emerging network events for proactive diagnostics, helping to battle brewing performance issues, network attacks, and/or traffic anomalies. Kentik can also generate synthetic traffic that can help with digital experience monitoring and proactive troubleshooting, allowing network administrators to zoom into specific tests and learn details about the traffic’s path or application response times from anywhere in the global agent network.
For dynamic discovery and mapping, Kentik can identify and visualize cloud networking elements and their associated context, Kubernetes nodes, pods, and connections, along with CDN PoPs, internet applications, and upstream connectivity providers. While these capabilities are extensive, Kentik’s solution also lets customers add devices through the API, which the solution then automatically discovers.
Kentik also ranks high on NetDevOps, with integrations for infrastructure as code (IaC) tools, such as Terraform, and a full Python software development kit (SDK). The solution can write API calls from queries written in its interface. Kentik also manages several open source projects, including tooling that facilitates integration with third-party tools and eBPF-based Kubernetes observability.
Challenges
Kentik deliberately chose to limit its capabilities around network validation. This means the solution has limited awareness of device and network configuration and its impact on performance, and it does not use intent-based mechanisms for defining networking constructs. Kentik is partnering with third-party companies like Itential and has begun exploring the use of LLM capabilities to make configuration suggestions that can help mitigate misconfiguration-related risks and performance degradations.
Purchase Considerations
Kentik’s licensing model comes in three tiers that are publicly documented. Each tier includes an initial number of flows per second, which includes VPC Flows, synthetic testing credits, and metrics per second. Customers can purchase additional flow, VPC Flow, metrics and synthetic credits using “Paks” and pay only for what they use.
Kenitk’s network observability solution can be used for a wide range of use cases, which includes monitoring data center, LAN, campus, WAN, and internet. The solution supports both on-premises and cloud environments, distinguishing between overlays and underlays. The solution’s cloud network monitoring is well-developed and also provides good features for monitoring containers and microservices. Kentik also offers synthetic monitoring, which allows customers to monitor the digital experience of their environment.
Radar Chart Overview
In this fourth iteration of the report, Kentik maintains its strong leadership position and Outperformer classification. It has moved from the Feature Play side of the Radar chart to the Platform Play side to better highlight its wide use case coverage. Kentik is one of the few platforms to score high on the emerging technologies, which maintains its position as an innovator and an Outperformer.
LiveAction
Solution Overview
LiveAction’s observability solution is mainly composed of LiveNX, LiveWire, and LiveNCA. LiveAction’s observability strategy is to leverage the network as a vantage point for conducting application and traffic analysis to extract intelligence for network and security teams.
LiveNX offers visibility into the network, including SD-WAN, data centers, edge locations, and web-based applications. It supports a server node architecture, with each virtual or physical node supporting 1,000 devices and 150,000 flows per second. Customers can add multiple nodes to scale horizontally.
The LiveNCA module provides full-featured network configuration management, including change detection, policy violations, configuration differences, rollback, and periodic validation.
LiveWire provides local packet analysis for deep performance views. This real-time and detailed telemetry is seamlessly fused into LiveNX’s integrated view. LiveWire simultaneously provides the ability to drill down into deep-packet forensic analysis when necessary.
In May 2024, LiveAction will add a natural language UI for interactive and contextual troubleshooting using the solution’s alerts generation and network anomalies detection mechanism. The LLM will be trained with product documentation and detailed traffic information.
Strengths
The solution supports ML-based features such as application usage baselining, performance baselining, and anomaly prioritizations. It learns the usage patterns of the top network applications, baselines them on a per-device/per-direction basis, and detects anomalies when the usage and performance deviates from learned normal behavior. Top anomalies and insights can be quickly understood in context per app, per site, and per device. This allows contextually relevant drill-down to anomaly details. LiveAction’s alerting engine has an optional GPU-based ML engine for high-capacity data analytics for baselining, anomaly detection, forecasting, and correlation workflows.
LiveAction scores high on security observability, with the solution detecting and correlating network-related threats using the ML capabilities available in the platform, and workflows being specifically developed for the network and security analyst to identify, investigate, and support root cause analysis of network-based threats.
LiveAction can validate network design and intent by integrating with prominent SD-WAN vendors. It allows clients to view and analyze the results of dynamic changes to traffic patterns in the context of the full end-to-end network. LivaNX can also create, push, and validate QoS policies in near real-time.
Challenges
LiveAction can further improve its observability solution by implementing self-healing capabilities and developing NetDevOps capabilities beyond the availability of APIs. While the solution can monitor WiFi and wireless networks, it should further develop these capabilities. Moreover, the monitoring of cellular and radio networks is not currently supported.
Purchase Considerations
Though LiveAction’s network observability solution is composed of three products, customers can choose to deploy only the modules they are interested in. For example, if a customer does not need validation and configuration management, they do not require the LiveNCA product. LiveAction is licensed on a per-device basis, while detailed packet forensic analysis is licensed on an appliance (physical/virtual/cloud) basis.
LiveAction’s network observability solution can support a variety of use cases, such as monitoring data center networks, LAN, campus networks, and WAN and doing end-user digital experience monitoring. The solution can also monitor virtualized and overlay networks, such as SD-WAN and public cloud networks. In addition to monitoring network performance, the solution is aware of applications, including cloud-hosted applications, SaaS, and web services. It can also support latency-sensitive use cases by monitoring quality of service for live voice and video.
Radar Chart Overview
LiveAction maintains its strong Challenger position on the Radar chart. The vendor is positioned in the Maturity/Platform Play quadrant, which reflects its ability to deliver on a wide range of use cases and its overall stability. LiveAction has a comprehensive development pipeline for AI/ML-based capabilities, earning the label of Outperformer.
LogicMonitor
Solution Overview
LogicMonitor’s SaaS-based observability platform offers extensive infrastructure monitoring and provides comprehensive visibility into dynamic IT environments from data centers to public clouds. Data correlation capabilities within the platform provide insights for intelligent troubleshooting and predicting bottlenecks. LogicMonitor’s agentless infrastructure monitoring delivers an extensible solution with over 2,000 integrations, customizable dashboards, and automated discovery.
LogicMonitor’s modular observability solution allows customers to select products to match their requirements. Products include LM Infrastructure Monitoring, LM Cloud, LM Container Monitoring, LM Logs, and LM Application Performance Monitoring.
Strengths
LM Intelligence contains the vendor’s AIOps capabilities that can be used for dynamic thresholds, anomaly detection, forecasting, RCA, and unbalanced service detection. For a given alert condition, LM Intelligence can correlate data points among various metrics, traffic flows, configuration changes, logs, and topology. Future LM Intelligence developments will include metric-to-metric correlations and metric/log/tracing correlation for applications.
LogicMonitor ranks high on the NetDevOps key feature, with ongoing developments around integrations with CI/CD and IaC tools such as Ansible, Terraform, and StackStorm.
LogicMonitor offers end-to-end network visibility to IT departments in medium and large enterprises, and caters to MSPs as well. The LogicMonitor solution features a well-developed network discovery function by which collectors use its NetScan feature to discover network devices. NetScans can be executed via the internet control message protocol (ICMP). Native algorithms provide automatic tech-stack discovery via tools such as WMI, Perfmon, SNMP/SSH, JDBC, HTTP/S, PowerShell, and Groovy APIs for virtual infrastructure.
Another strength of the LogicMonitor solution is its ability to perform network validation. The platform can detect configuration changes and automatically identify the associated impact on network performance metrics. The LM Config feature in LogicMonitor allows customers to centrally monitor all their configurations and raise alerts if there are differences from previous baselines or versions. These configuration change alerts can be correlated with other performance or availability-related alerts along with any logs from that source at the time of the alert.
Challenges
LogicMonitor should consider improving its support for security observability. Security monitoring is not built into the platform, though users can ingest logs from network devices as well as security insights from other platforms to route them through LogicMonitor’s alerting system.
Purchase Considerations
LogicMonitor’s network observability solution can deliver on a wide range of use cases, which include WiFi and wireless monitoring, digital experience monitoring for end users, and performance monitoring for both overlay and underlay networks in data centers, LAN, and campus networks. The solution can also monitor WAN and internet performance, along with virtualized cloud networks.
Radar Chart Overview
LogicMonitor is a strong Challenger positioned in the Maturity/Platform Play quadrant. In the previous iterations of the report, LogicMonitor was positioned in the Innovation/Platform Play quadrant, but due to new vendors added to the Feature Play side of the chart, LogicMonitor has been repositioned to the Maturity half alongside comparable solutions. Lower scores for business intelligence and microservices and container monitoring on the new five-point scale are the main reason LogicMonitor’s distance from the center was negatively impacted compared to last year. The vendor continues releasing new features and capabilities at a regular pace, which maintains its status as a Fast Mover.
ManageEngine
Solution Overview
ManageEngine OpManager Plus is a comprehensive network observability solution that helps monitor and manage network devices and virtual infrastructure as well as network traffic, configuration changes, security appliances, and applications. “OpManager Plus” can be deployed in physical appliances, virtual appliances, or as a public cloud image. Site 24/7 is available as a SaaS solution.
Besides the comprehensive OpManager Plus platform, ManageEngine also offers dedicated standalone solutions for network performance monitoring, network traffic management, network configuration, change management, and application performance management. A separate network performance monitoring solution is tailor-made for MSPs.
Strengths
A distinguishing aspect of the ManageEngine solution is its visualization capabilities. The platform goes beyond topological and geographical maps to provide 3D server room and virtual device views. The vendor ranks high on application and Layer 7 monitoring, offering features such as monitoring the health, availability, and performance of monolithic applications and distributed applications built using serverless functions and microservices. In addition, the solution provides application-to-application network performance visibility and monitoring of Layer 7 applications such as load balancers and web application firewalls.
ManageEngine’s Network Configuration Manager provides excellent validation. It enables users to push configuration changes through “configets” (configuration scripts), allowing deviations to be identified using compliance rules and corrective actions to be taken.
OpManager’s dynamic discovery enables it to discover new locations, physical appliances, and virtual appliances and update network visualizations such as Layer 2 topology maps, inventory, and reports. For troubleshooting, ManageEngine offers workflows that help IT teams automate routine tasks based on predefined conditions. These workflow actions include stopping processes to bring down CPU usage or restarting devices. Workflows can be scheduled for routine maintenance or executed automatically based on user-defined conditions.
ManageEngine’s solution provides visibility into end-user experience with real-time data on availability, performance, and packet loss, using application performance index scores that help measure customer satisfaction based on speed and application transactions.
Synthetic transaction monitoring can simulate user experience on a website or web application from 130 global monitoring locations or from behind the firewall to ensure application availability and high performance.
Challenges
While ManageEngine scores well on most key features described in the report, it should build its capabilities to use eBPF for lightweight kernel-level monitoring and to integrate LLMs to provide customers a natural language interface for interacting with the product.
Purchase Considerations
OpManager Plus and Site 24/7 need to be purchased separately. ManageEngine offers various tiers for its products. The solution can be purchased either as a perpetual license or via a subscription model based on the number of devices being managed, and there’s a dedicated plan for MSPs, with no additional costs for deploying probes.
OpManager can monitor a wide range of network types, which include on-premises overlays and underlays for data centers, LAN, campus, and WAN networks as well as Wi-FI and wireless monitoring. It can also monitor virtualized public cloud networks and microservices. The Site 24/7 solution provides end-user experience monitoring using both real user traffic and synthetic traffic.
Radar Chart Overview
MangeEngine is a Leader in this report, maintaining its position from last year. Positioned in the Maturity/Platform Play quadrant, it is a long-standing and stable solution with incremental developments that maintain its competitive edge, earning the Fast Mover designation. Its comprehensive feature set, including the end-user experience capability offered by Site 24/7, are what position the solution on the Platform Play side.
MantisNet
Solution Overview
Commercially available since 2020, MantisNet Containerized Visibility Fabric (CVF) is a network observability solution that provides visibility into networking infrastructure from the core to the edge. MantisNet CVF provides deep, full-stack visibility into all events and enables users to correlate the resulting metadata across multiple systems and infrastructure components.
CVF is a containerized, cloud-native application that provides access and visibility into the inner workings of microservices-based containerized environments, anywhere from the core to the edge. The MantisNet CVF represents a new generation of eBPF-based observability software that can dynamically apply logic and continuously generate real-time telemetry at the source so that it can be correlated across multiple systems and infrastructure components that were traditionally completely independent.
The CVF leverages in-kernel sensor software to achieve deep visibility into any cloud, cloud-native, or microservices environment. These sensors provide comprehensive, continuous real-time, non-disruptive, visibility into all events and traffic—down to the kernel level—and can be deployed in an automated, dynamic manner with orchestration and automation tools to scale on-demand, as resources, processes, and applications are being dynamically provisioned and deprovisioned.
Strengths
The CVF solution consists of a single binary image that can be instantiated as an agent or controller. Agents—lightweight, event-driven, network sensors—are installed one per node and programmed to capture or filter traffic and monitor the environment for specific events and changes to physical and virtual resources. Controller instances are installed one per cluster and provide administrative, configuration, and provisioning control over the agents installed in that cluster.
MantisNet customers can deploy the solution via SaaS, or as virtual or physical appliance instances.
The MantisNet solution provides comprehensive, continuous, real-time, non-disruptive visibility into all events and traffic—across links, processes, flows, containers, applications, microservices, and users. It is typically deployed in an automated, dynamic manner with orchestration and automation tools (Kubernetes) to scale on-demand as resources, processes, and applications are being provisioned and deprovisioned. Furthermore, the solution is open and composable, so that new functions can be added and distributed as needed.
Challenges
The solution does not offer an out-of-the-box observability solution that can be immediately deployed in a NOC, which means that customers who want to deploy the solution will need to invest additional development effort to use the data collected and generated by MantisNet to develop visualization, traffic analysis, or validation features.
Purchase Considerations
A significant caveat is that MantisNet doesn’t currently offer a turnkey network observability solution. MantisNet CVF collects, processes, and publishes network data into open message buses. Customers then typically ingest MantisNet metadata into their existing applications, open source tools, or analytic workflows for visualization, analysis, and workflow automation, thus meeting the rest of our key criteria. MantisNet’s roadmap includes developing features and functions for automation, visualization, reporting, alerts, and UI dashboard tools to deliver a full-stack network observability solution for enterprise IT. Prospective customers who need full network observability will have to consider whether to jump in now or wait for full availability.
Two of the most important use cases available for MantisNet are monitoring containers and microservices and cellular and radio networks. Currently, the solution is able to monitor 5G networks and is becoming 6G-ready. The solution’s agent can also be used in other network scenarios, such as in data centers, LAN, campus, and WAN networks.
Radar Chart Overview
MantisNet is positioned in the Innovation/Feature Play quadrant, as it offers a new take on network observability that is natively built using eBPF. MantisNet does not offer a turnkey observability solution that can be deployed in a NOC, so the solution is positioned in the Feature Play half, scoring low on key features such as visualization, traffic analysis, and validation. The solution is an Entrant in the space, but we expect it to develop more capabilities in future releases.
Motadata
Solution Overview
Motadata consolidated its network observability features within its AIOps product, bringing ML-based insights and automation engines to an end-to-end infrastructure visibility platform.
Motadata is a unified observability platform for the network, infrastructure, and application stack that enables organizations to gather actionable insights at scale. The solution leverages ML algorithms for anomaly detection, forecasting, and capacity planning, and it is able to reduce MTTR by limiting noise from alerts and generating tickets with more context.
Strengths
The platform ranks high on application and Layer 7 monitoring, with strong capabilities around DevOps-oriented monitoring via service maps, synthetic data, and code-level tracing. The tool can integrate into the DevOps teams’ CI/CD pipeline.
The platform can automate network configuration management for configuration changes, backups, and restores. These are mature features that provide the capabilities of asset management software. However, the platform isn’t able to achieve validation, which entails correlating configuration with network performance impact and offering automated remediation.
Despite being able to ingest security logs, the platform doesn’t provide security analytics or more advanced features such as network detection and response (NDR). The solution can be deployed only as a virtual appliance because the vendor doesn’t offer a SaaS or on-premises deployment model.
Challenges
Motadata scores lower on some key features and emerging technologies, as it does not support the monitoring and analysis of application traffic and application health. In addition, the solution does not currently use eBPF for kernel-level monitoring, and it does not have LLM integrations or a product for monitoring end-user experience.
Purchase Considerations
Prospective customers should evaluate the vendor’s medium-term strategy, as the vendor has a very strong opportunity to develop mature AIOps features by leveraging its existing automation engine—consisting of script and workflow builders—and its ML-based analytics engine that extracts actionable insights to create features such as intelligent self-healing and auto-remediation. Network observability tools are large and important deployments, so growing organizations may find that Motadata’s solution capabilities can grow at the same time, preventing any future tool displacement.
The solution is able to monitor a good range of networking use cases. For on-premises networks, it can monitor underlays and overlays for data centers, LAN, campus, and WAN networks. The solution also has awareness of public cloud networking constructs and can monitor these within the same product. Motadata can also monitor WiFi and wireless networks.
Radar Chart Overview
Like last year, Motadata is positioned as a Challenger in the Maturity/Platform Play quadrant. The solution is stable and well-established, positioning it in the Maturity half, and it can deliver on most use cases described in the report, which makes it a platform. Motadata is a Forward Mover, as it has released consistent—though minor—features over the past year. These improve users’ experience but do not translate to the platform delivering on new use cases.
NetBrain
Solution Overview
NetBrain Next-Gen is a network automation platform that relies on a strong observability foundation to provide its no code automation features. It has a distinguished approach to observability compared to other solutions featured here, through which observability is achieved by creating a digital twin of the network that is used to validate the network and preserve policies during key operation workflows.
The solution can discover and visualize real-time traffic flow based on routing and forwarding tables, overlay and underlay network topology, and device and operating details. These form the baseline to create a live digital twin that is a representation of a customer’s network.
Strengths
NetBrain scores high on two specific features, validation and AIOps–its intent and automation features are the result of these two capabilities used together.
Intent captures the knowledge of subject matter experts as automation without coding. This includes information about network state, condition, design, configuration, and policies. The Intent technology allows administrators to define how to measure the success of all network conditions and continuously assess them against those desired conditions, such as resiliency, application performance, capacity, latency, security rules, and controls.
The Intent Layer translates business requirements and network design behaviors, while the Flow Layer is used to create an edge-to-cloud control plane with live, historical, and baseline application paths. The Topology Layer provides real-time Layer 2, Layer 3, VPN overlay and underlay detail for all devices and neighbors and supports end-end visibility for public cloud and software-defined networks (SDN)s. Lastly, the device layer offers real-time inventory of device configuration, state, and interface details of multivendor networks.
NetBrain’s Triple-Defense network protection produces a shareable automation dashboard for each change. It evaluates the network in three phases: before, during, and after a change. Before a change, the solution assesses the desired change against all of the rules and policies to ensure no violations would occur. During the change, it assesses the impact of each requested change on the network.
Finally, after the change, NetBrain confirms the network is delivering services properly, then adds this new configuration requirement to the automation library to verify a future change’s impact on current requirements. It also offers a built-in rollback mechanism that allows administrators to mitigate unexpected changes by quickly undoing them to prevent outages and downtime.
The solution can assess the network continuously using no-code automation. Rules, policies, and vulnerabilities can run automation continuously to identify deviations from the expected. NetBrain’s Replication Wizard applies intents as automation to the entire multivendor hybrid-cloud network to scale no-code automation. It identifies, replicates, and scales automation across the entire network.
Challenges
It is worth noting that NetBrain’s innovative take on network observability makes the solution score lower on some key features, as they are not prime use cases for NetBrain’s technology. These include security observability, application and Layer 7 monitoring, and microservices and containers monitoring.
Purchase Considerations
Subscription is annual, with a three-year term as the default. License is per managed device, per concurrent user, and is also based on extended-feature modules used. NetBrain includes its robust assessment library with hundreds of the most common assessments that network professionals need to maintain production. Its ready-to-use network assessment templates can be customized into rich drill-down dashboards.
NetBrain’s no-code automation and modeling engine can be deployed to observe a wide range of overlay and underlay networks. The solution can model networking hardware and security appliances such as switches, routers, firewalls, and load balancers, as well as SD-WAN solutions, data center networks, and virtualized cloud environments. It does not currently support containerized, microservice, Wi-Fi, wireless, or radio networks.
Radar Chart Overview
This is the first iteration of the network observability Radar to feature NetBrain, whose live digital twin approach distinguishes it from the rest of vendors in the report. The solution’s automation capabilities are built on its features that enable the discovery, mapping, and analysis of networking constructs in enterprise environments. This places the vendor in the Innovation/Feature Play quadrant. NetBrain is a Challenger, as it can solve specific cases related to network observability, but it needs to further improve on use cases that tie network performance to application performance.
NETSCOUT
Solution Overview
NETSCOUT is a key player in the network observability space, with established solutions developed over 30 years of working with some of the largest network operators in the world. Its network observability suite, nGenius, is a mature and well-rounded solution that is tailored to customers based on varied industry requirements—such as carriers, public sector, finance, healthcare, or MSPs.
nGenius is highly scalable and supports a good selection of data sources, making it a versatile tool for CSPs and for large enterprises with complex networks. In terms of deployment, NETSCOUT offers its flagship product, nGeniusONE, as an on-premises solution featuring the nGeniusONE server unit. It also provides network visibility as a managed service with its nGeniusVaaS (visibility as a service) offering.
Strengths
A key aspect of NETSCOUT’s solutions is its patented Adaptive Session Intelligence (ASI) technology, which performs real-time data mining of user and application traffic at the network source. The ASI metadata includes key traffic and performance indicators and Layer 4 through 7 problem indicators for the discovered applications and servers, with no need to install device agents. NETSCOUT’s ASI technology is pre-integrated with over 1,000 applications, providing monitoring for voice, video, web/URL-based, server-based, SaaS, unified communications as a service (UCaaS), and custom applications.
NETSCOUT ranks high on the traffic analysis key feature with its Omnis Analytics product, which uses ML to detect business impact by correlating KPIs with network performance and performing outlier detection. At the time of writing, Omnis Automation is currently available for Wi-Fi, 5G, multiple-access edge computing (MEC), and voice networks. The product will be available for other types of networks such as LAN, WAN, cloud, and edge in future releases.
NETSCOUT can monitor applications via the nGeniusPULSE product. Using synthetic testing, nGeniusPULSE can monitor the performance of SaaS applications and remote users using an active synthetic testing solution for instrumentation at remote edges. It performs tests, including on business transactions, network SLAs, VoIP, Wi-Fi, and infrastructure performance management. nGenius PULSE is integrated with ISNG/vSTREAM and nGeniusONE and can capture packets on synthetic transactions for smart data triage.
The vendor ranks high on traffic security, with its Omnis Cyber Intelligence solution supporting use cases such as verification of zero-trust policies, retrospective analysis using new threat intelligence against historical metadata and packets, threat hunting, and threat blocking via integrations with security service providers. NETSCOUT Arbor Sightline can gather and analyze multiple versions of NetFlow to identify baseline behavior and detect anomalies. It can also provide data associated with attacks, such as source address, target addresses, and protocols used, which can be used for automated attack mitigation.
NETSCOUT supports the monitoring of containers and microservices-based applications using packet-level monitoring, smart data, metrics, and measurements correlated with application monitoring data.
Challenges
NETSCOUT’s suite of network observability products makes it a complex solution that can require additional support from the vendor or third parties to successfully deploy. nGeniusVaaS is designed to address these challenges.
Purchase Considerations
Licensing can be either perpetual or a subscription. NETSCOUT also introduced the new nGenius Vantage Point Software solution, which is a subscription that combines NETSCOUT instrumentation with nGeniusONE performance management software. This subscription enables enterprise performance management customers to eliminate blind spots that have emerged with digital transformations by cost-effectively expanding instrumentation to new vantage points across their network. The subscription provides 1,000 ASI processing units (APUs) to allocate for instrumentation, which can be deployed as physical or software-based units or as virtual instrumentation.
NETSCOUT caters to a wide range of network monitoring use cases, which include both on-premises and cloud networks. The solution can differentiate between on-premises underlays and overlays, monitoring data center, LAN, campus, and WAN networks, and WiFi and wireless networks. The solution can also monitor public cloud networking constructs. NETSCOUT’s solution is also one of the few that can monitor cellular and radio networks, differentiating the solution in this respect.
Radar Chart Overview
NETSCOUT maintains its position as a Leader and Fast Mover in this year’s report. As an established solution that can cater to a wide range of use cases, NETSCOUT is positioned in the Maturity/Platform Play quadrant. NETSCOUT has a good development pipeline with incremental releases that maintain its competitive edge. We don’t expect any major product or feature releases in the near future that would enable novel use cases, which makes NETSCOUT a Fast Mover.
OpenText
Solution Overview
After acquiring Micro Focus in 2023, OpenText entered the network observability space with its Network Operations Management (NOM) solution. This is a mature and well-featured tool that provides management for enterprise networks, integrating capabilities to monitor fault, performance, configuration, and compliance of physical, virtual, wireless, and SDN infrastructure.
Strengths
NOM’s dynamic Spiral Discovery technology continuously gathers information about network inventory, displays the relationships between devices, such as subnets, VLANs, and virtual resource pools, and near real-time updates of connectivity maps of devices.
NOM shows operators how device configuration changes might be impacting network performance (which happens frequently) to enable faster MTTR for problems introduced by such changes. Automated configuration changes can then be deployed by NOM to remediate the problems found.
The NOM Causal Engine dynamically assesses the root causes of network faults, leveraging analytics against polled data, SNMP traps, and real-time topology data from Spiral Discovery, reducing the volume and noise of incidents up to 50%. Any time the state poller sends updated state values for an object, the causal engine reanalyzes status, conclusions, and incidents, and updates this information if needed. The NOM Causal Engine defines root cause in terms of symptoms, using a set of rules to define relationships for fault and performance, (thresholding) symptoms, and root causes. Sources of symptom information include SNMP traps and the monitoring information from the state poller, including an object’s state.
The NOM Causal Engine is a mature feature that can generate notifications about problems or issues, including sending conclusions, correlation, or suppression of incidents; closing incidents that are no longer valid; creating parent-child relationships among incidents that are all related to one problem; and creating parent-child relationships between any two incidents that are correlated using the custom correlation configuration.
The Causal Engine actively solicits symptoms during analysis and reacts dynamically to topology changes. It uses three stages to help determine and display root cause incidents and their related conclusions:
- Condition listener: Collects symptoms from NOM processes and services
- Hypothesis engine: Analyzes these symptoms to determine relationships until a root cause is reached
- Blackboard: Updates a device’s status and posts any related incidents, based on the information sent by the hypothesis engine
For validation, the solution can examine a configuration’s fitness for purpose before deployment by automatically assessing pre-change conditions to validate a change and determine whether it should proceed, deploy the configuration change, and then automatically assess post-change conditions to determine whether an automated rollback action should be triggered.
NOM provides real-time compliance analysis of any changes to any network device configurations detected, any network device running state diagnostics, and network OS patch levels. It also includes automated remediation features regardless of whether those changes were automatically deployed by NOM or by third-party tools.
NOM provides real-time security and compliance monitoring to ensure adherence to standards, along with monthly updated vulnerability policy content to help users quickly identify vulnerability issues and secure and prevent threats to the network. If network failures or security threats are detected, automated configuration change, automated provisioning, and automated upgrade capabilities are available for administrators to use to recover or proactively manage the network infrastructure.
OpenText has a solid AI strategy with Aviator, which is OpenText’s proprietary family of generative AI products. Using Aviator, NOM will integrate with an LLM through Operations Bridge, a feature that will be released in 2024.
Challenges
While NOM currently provides core on-premises to cloud network monitoring, NOM should improve its end-to-end view to ensure availability and performance for data center to cloud and web services. To address this, OpenText is developing new features that use technologies such as webhooks and synthetic performance metrics for a broader edge-to-cloud management experience.
Purchase Considerations
NOM supports multiple licensing models, including a perpetual license, subscription, and SaaS. The NOM solution is available in three tiers and includes up to six non-production environments along with one production environment. Licenses are available in unit packs adjusted for managed nodes/services, with no additional charge for probes.
NOM can support a wide range of use cases. For on-premises networks, the solution can monitor both underlays and overlays for data center, LAN, campus, and WAN networks, and Wi-Fi and wireless networks. The solution has awareness of and can monitor cloud-native networking constructs such as VPCs and networking services. NOM can also monitor end-user experience by deploying intelligent response agent probes on client devices for real user monitoring or deliver synthetic user monitoring via QA iSPI.
Radar Chart Overview
A long-standing solution in the network monitoring market, NOM offers a comprehensive set of features and use cases, positioning the solution in the Maturity/Platform Play quadrant. OpenText maintains its position as a Leader and Outperformer, having delivered a good set of feature releases, moving closer to the Innovation half compared to last year’s Radar chart. Substantial developments to be available in the near future also earn OpenText the Outperformer designation this year.
Paessler
Solution Overview
Paessler’s PRTG (Router Traffic Grapher) is an all-in-one solution for infrastructure monitoring. PRTG is a network monitor that provides low-level visibility into all corners of the infrastructure, from network and applications to cloud, hardware, databases, and services. It has a consistent and comprehensive interface and can visualize data in several different modes, including its signature sunburst map. The solution ranks well on flexibility due to its highly customizable sensors, dashboards, licensing models, and available APIs.
Strengths
Despite its lack of extended observability features, PRTG has carved out a speciality and is looking to provide its customers with automation and insights through several partnerships. Paessler has a very good partner ecosystem, collaborating with IP Fabric to provide validation and with ScriptRunner for automation workflows, for example.
In terms of deployment, PRTG can be installed as a virtual appliance in a cloud environment, using a physical probe on a local machine on-premises, or as a web-hosted application, which simply requires a user to log into the web portal while Paessler manages the PRTG server.
PRTG can monitor network security appliances, including firewalls, anti-virus software, and other security products. It can perform automated integrity checks of files, folders, and logs to uncover file modifications or unusual log data that might otherwise be overlooked. It notifies users in case of any changes to their data that deviate from the norm, alerting them via custom notifications so they can react as quickly as possible to mitigate the potential threat. PRTG can quickly identify potential network bottlenecks and unusual spikes in traffic, using SNMP, packet sniffing, and flow protocols like NetFlow to detect suspicious activities that can indicate a security breach.
PRTG can monitor a range of applications and cloud services, which include cloud-based applications from AWS and Azure, and a range of SaaS solutions such as Bing, Dropbox, and GitHub. It can also monitor web applications and services using HTTP loading time, response codes, web page rendering, HTTP transactions or activity, and performance stats of an Apache web server.
Challenges
PRTG ranks lower on a few key criteria due to its lack of out-of-the-box features for configuration validation, automated troubleshooting, and security visibility. The tool presents all the information required to diagnose and identify issues, but it relies on the engineer’s expertise for remediation rather than providing actionable insights and intelligent suggestions.
While it supplies good information about the network, PRTG’s out-of-the-box capabilities that can be measured against our key criteria are comparatively limited.
Purchase Considerations
PRTG’s licensing model includes five tiers that are based on the size of the organization. Each tier increases the number of sensors available for customers to use, a sensor representing one metric to be monitored on a device, such as the CPU load on a machine, a port of a switch, a specific URL, or the traffic of a network connection. The licensing options are based on the number of sensors and not the number of devices, with most deployments requiring approximately 10 sensors per device. This means that monitoring 100 devices using PRTG requires a license for 1,000 sensors.
PRTG supports a good variety of use cases, as it is especially proficient in monitoring devices and hardware infrastructure. The solution can be used to monitor data center, LAN, and campus networks, as well as requests made to web services for organizations that use cloud-based or third-party solutions. PRTG can also monitor Wi-Fi and wireless networks.
Radar Chart Overview
As a well-established solution, Paessler’s PRTG is positioned in the Maturity half of the Radar chart. And while PRTG can monitor a wide range of infrastructure types, it is positioned on the Feature Play side as a result of its integration with third-party providers for more advanced functions such as validation and automation. This differentiates Paessler from vendors on the Platform Play side that develop these types of capabilities in-house. While Paessler was a Forward Mover in the last iteration of the report, developments around monitoring HTTP requests, web applications, and cloud-based applications have earned Paessler the Fast Mover designation this year.
Park Place Technologies
Solution Overview
Park Place Technologies’ network observability platform, Entuity, is a comprehensive network performance and analytics software solution built on a distributed multiple-server architecture that acts as a single system to scale from tens to hundreds of thousands of devices, and it is highly configurable. Designed for today’s multivendor, multicloud environments, Entuity enables ITOps teams to more efficiently and effectively monitor, visualize, and manage their infrastructure. By combining its event and configuration management systems, Entuity achieves strong troubleshooting and validation capabilities. The solution also provides good traffic analysis.
Strengths
The platform has strong troubleshooting capabilities provided by Entuity’s Event Management System (EMS). Automated actions can be defined based on conditions and specific workflows, configured either by network administrators or out of the box, which can process and correlate events to consolidate actionable incidents.
The Entuity Configuration Management and Monitoring System allows users to create and automatically push configuration settings to thousands of monitored devices and ports. This system provides validation capabilities when working in conjunction with its event management system to streamline workflows, as configuration management tasks can be executed as EMS actions. For example, the two features can work together to detect and automatically shut down a port that has been flapping for more than a defined amount of time, or to enable backup circuits for a period of high use on a WAN. The system also monitors existing configurations to provide backup, restore, golden image functions, change detection, management, and policy compliance.
For automated discovery and mapping, the solution can conduct auto-discovery scans either manually or on a scheduled basis. Newly discovered devices can either be taken under management automatically or added to a list for administrator assessment. The managed devices can be spread across multiple views—hierarchical containers whose contents are not mutually exclusive contents. View can be auto-populated so newly managed devices appear in the appropriate view(s) without manual intervention. Dashboards and reports will adopt the latest view updates. Topology maps are automatically populated based on view contents and the links between devices are automatically discovered. Operating system services that underpin application services can be auto-discovered and monitored.
The solution offers good traffic analysis, using machine learning to evaluate long-term drift in monitored metrics. This capability can be used both interactively and in the form of planning reports that warn when upward drift indicates the need for intervention before service degradation occurs. Metrics such as bandwidth, CPU, memory, and storage volume use are considered in conjunction with spare port capacity in the LAN switch fabric to report on both current and projected concerns for planning purposes. Hour-by-hour baselines can be auto-generated for circuits, and significant deviation from baseline values can generate alerts. Linear regression analysis of historic behavior can be used either interactively or in reports to provide traffic forecasting.
The Entuity Event Management System can both detect anomalous situations and initiate actions to remediate them. Built-in root cause analysis techniques help isolate a device or circuit outage that is preventing access to multiple other devices.
Challenges
At the time of this writing, Entuity is not available via SaaS. In addition, its capabilities for native security observability and microservices and container networking should be further developed.
Purchase Considerations
Entuity’s licensing model is based on the number of devices under management, except NetFlow, which is an enterprise license. An important aspect of the licensing for network devices is that it is based on the number of devices, not the number of ports on those devices. When a full device license is allocated to a network device, all ports are automatically included for monitoring. Entuity SurePath is an agent-based technology for monitoring the network paths being taken by client-server connections. There is no licensing for the SurePath agents, only the individual paths being monitored.
The solution is particularly proficient in monitoring on-premises networks with low-level device information. It can be used to monitor data center, LAN, campus and WAN networks, as well as Wi-Fi and wireless. Using SurePath, the solution can also monitor end-user experience of on-prem and cloud/SaaS based applications, using an agent-based deployment.
Radar Chart Overview
In this report, Park Place Technologies maintains its position as a Challenger in the Maturity/Platform Play quadrant. Entuity is a stable and well-established solution that delivers consistent upgrades and feature releases. Its ability to monitor a wide range of network infrastructures positions the vendor in the Platform Play half alongside comparable solutions. New and upcoming releases earn the company the Fast Mover designation, an improvement over last year.
Plixer
Solution Overview
Plixer offers two network observability solutions: Plixer One Network and Plixer One Security. They are based on a similar set of core capabilities: ingestion of telemetry (such as NetFlow, IPFIX, SNMP, and traffic analysis), device discovery, visualization, and investigative workflows. The two products are differentiated based on the ML models available with each and can be deployed together to provide a unified network and security observability solution.
Strengths
Plixer’s differentiating feature is its traffic analysis capabilities, which provide a “clear box” that offers detection transparency and visualization of ML models. Traffic analysis can support threshold-based analytic algorithms, both supervised and unsupervised ML, and deep learning. These features are combined with user customizable detection sensitivity thresholds, baselined seasonality, customizable modeling dimensions, encrypted traffic analytics (ETA), and threat intelligence feed integration. This array of detection techniques also allows Plixer to identify potential “poisoning” attacks on ML learning.
Plixer continuously ingests and analyzes a broad range of hybrid IT infrastructure data sources from multiple domains, including NetFlow, IPFIX, SNMP, SD-WANs, Active Directory, LDAP, RADIUS, and DHCP. This process provides comprehensive Layer 2 to Layer 7 visibility and context for RCA without the need to deploy and maintain packet processing technologies.
For troubleshooting, Plixer provides prioritized alert monitoring and filtering, event correlation for incident noise suppression, alert visualization timelines to assist with RCA, and dashboard drilldowns. These are supported by various detection techniques. The dashboard UI is designed to highlight alerts by priority and focus the user workflow. Plixer provides out-of-the-box bidirectional integration for remediation with tools such as Microsoft Defender, ServiceNow, and Tenable, as well as a programmatic REST API interface.
Challenges
Plixer is currently working to address its lack of visibility into container and microservices networking. The vendor has strategically decided to exclude validation capabilities.
Purchase Considerations
In the past year, Plixer has redefined its product taxonomy. The network observability tool is part of the Plixer One Platform, which is built upon its previous Scrutinizer product. Plixer One Platform now includes Plixer One Core for basic network monitoring needs; Plixer One Network, comprising the features evaluated in this report; and Plixer One Security, its network detection and response (NDR) product.
Plixer’s network observability solution can be used to monitor enterprise networks across data centers, LAN, campus, and WAN networks, and it has awareness of and monitoring features for cloud networking constructs. However, the solution has limited features for monitoring containers and microservices, and while it can also monitor WiFi and wireless networks, it does not support radio or cellular use cases.
Radar Chart Overview
Plixer is positioned as a Challenger in the Maturity/Platform Play quadrant. Compared to last year, the vendor has migrated from the Feature Play side to the Platform Play side and is represented alongside comparable solutions. The vendor is positioned further away from the horizontal axis and the Innovation half, as it is still developing features for monitoring containers, microservices, and other cloud-native services. While Plixer was an Outperformer in the previous iteration moving quickly toward the Maturity half, this year Plixer is a Fast Mover moving toward the center of the Radar chart.
Progress
Solution Overview
Progress’ observability solution consists of comprehensive infrastructure monitoring provided by Progress WhatsUp Gold and advanced network traffic analysis provided by Progress Flowmon. WhatsUp Gold monitors the infrastructure for visibility of network devices, while Flowmon analyzes network traffic data with deep drill down capabilities for troubleshooting, RCA, application performance measurement, and network anomaly detection. Flowmon’s comprehensive network traffic analysis capabilities are displayed on a dashboard within the WhatsUp Gold interface.
WhatsUp Gold and Flowmon features complement each other, and with deeper integration, they can provide full-stack, end-to-end observability over network infrastructure, security appliances, and applications.
WhatsUp Gold allows administrators to monitor devices, track bandwidth usage, and improve network, server, and application performance. It gives them a complete picture of the network by monitoring and categorizing wired, wireless, and virtual environments. This enables administrators to find and fix problems before users are impacted, assure that bandwidth is optimized for critical applications and services, and automate configuration, log, and asset management.
WhatsUp Gold also provides the ability to respond to alerts in several automated ways, including using application performance monitors to specify what actions can be taken when the application or monitored component changes state. Administrators can also quickly generate custom application profiles and modify existing profiles to meet specific monitoring needs with an intuitive profile development utility. In case of network failures or security threats, Flowmon provides automatic detection and data evidence of the threats for network admins to respond to and analyze.
The solution also ranks high on the application and Layer 7 monitoring and troubleshooting key criteria. For monitoring, the platform measures user experience and extracts Layer 7 flow data such as domain name system (DNS), dynamic host configuration protocol (DHCP), and server message block (SMB). The solution can support automated troubleshooting via self-healing actions such as triggering a server reset and activating PowerShell scripts whenever alerts are triggered.
Flowmon Anomaly Detection System (ADS) is a security solution within the Flowmon suite that uses ML to detect anomalies hidden in the network traffic. Its ML-powered detection engine, combining multiple detection mechanisms, identifies malicious behaviors, attacks against mission-critical applications, and data breaches at any point of the threat’s lifecycle, allowing it to uncover unknown and insider threats even in encrypted traffic. It also leverages external threat intelligence feeds and community blacklists.
Strengths
With the new version of Flowmon 13, the company plans to introduce a new data processing engine, along with trend predictions to help anticipate capacity and performance issues. A newly introduced AI-based feature automatically processes all triggered events to pinpoint priorities, helping security professionals to allocate their time more efficiently rather than spending it analyzing a high volume of events. Progress plans to build on this AI feature and provide even more AI-based functions, such as automated suggestions on tuning the detection engine, turning average users into Flowmon-proficient experts who can maximize detection accuracy without having to involve consultants.
Challenges
Following its acquisition of Kemp Technologies in 2021, Progress has made little headway in integrating WhatsUp Gold and Flowmon. Though operating the products individually is not inherently a challenge, the vendor’s score across the features described in this report include both solutions’ capabilities. This means that customers who want to take full advantage of both products will have to navigate through two separate front and back ends.
Purchase Considerations
Currently, both WhatsUp Gold and Flowmon can be deployed as virtual appliances. While Flowmon is also directly available from the large public cloud providers, neither solution has a SaaS option.
WhatsUp Gold’s subscription model provides a cost-effective means of software access that offers a lower entry barrier and ensures consistent version and security updates. The subscription package includes continuous maintenance and dedicated customer support, assuring users that any potential issues will be swiftly addressed.
Flowmon offers a subscription similar to WhatsUp Gold. Standard and extended support tiers are comprehensive services that offer different levels of technical support for perpetual licenses.
Progress’ network observability solution is suitable for a wide range of use cases, including data center, LAN, campus, and WAN monitoring, where these on-premises networks can be both overlays and underlays. The solution can also monitor WiFi and wireless corporate networks, as well as cellular and radio networks for service providers, and virtualized cloud networking constructs such as VPCs and VNets. Lastly, the solution can monitor end-user experience using real and synthetic traffic.
Radar Chart Overview
Progress maintains its position as a Leader in the Maturity/Platform Play quadrant, a consistent position that reflects the vendor’s latest feature releases. However, the limited year-on-year advancements in integrating Flowmon and WhatsUp Gold makes Progress a Forward Mover. Currently, Progress’ direction on the Radar chart is toward the center, but further integration between Flowmon and WhatsUp Gold will likely position the vendor closer to the horizontal axis and the Innovation half.
Riverbed
Solution Overview
The Riverbed Platform supports full-stack observability across infrastructure, network, cloud, applications, digital experience management, and application acceleration. It applies AI, correlation, and automation. Riverbed IQ integrates data from across observability tools and applies causal AI to identify root cause of issues, predictive AI to forecast future problems, and soon, generative AI to make smart recommendations.
Riverbed network observability solutions include full packet capture and storage, network flow monitoring, and infrastructure monitoring. The Unified Agent is a single agent platform for deploying and managing Riverbed end user experience and network modules.
Strengths
Riverbed’s dynamic discovery and mapping features create a topological view of the network that is auto discovered and continuously updated. Network traffic analyzers collect and examine flows from switches and routers, collecting information that helps to illustrate a view of the network’s topology under observation.
Riverbed can be used to model current and future network configurations to plan for network changes and validate them post-deployment. It can also validate device configuration against desired policies of an organization. The solution uses AI-based analytics to correlate events across a variety of our data sources to determine whether the configuration performs as intended.
The solution can analyze traffic patterns, correlate network behavior to seasonal events, and assess current performance against expected or typical levels to highlight unusual traffic loads.
The solution offers comprehensive security observability features that provide analysis such as lateral movement tracking, suspicious behavior detection, traffic decryption and inspection, and DNS threat detection. The solution can also track compliance and integrate with security operations tools such as security information and events management (SIEM) and security orchestration, automation, and response (SOAR).
For application and Layer 7 monitoring, the solution can monitor web transactions in real time and auto discover URLs and end-user activity. It can also monitor SQL databases to identify the impact of the database on end-to-end application performance and provide real-time and historical analysis of voice and video performance calls. For other application monitoring features, Riverbed offers a standalone application performance monitoring product.
Riverbed’s AI/ML engine can detect anomalies and incidents and populate them with leading indicators or probable root causes. The solution’s ML-based engine continuously watches for new alerts, metrics, and incidents. The output from this engine feeds an automation system that uses a low-code flow builder to codify institutional and expert knowledge in runbooks for issue remediation and resolution. Runbooks can integrate with third-party systems to improve incident lifecycle management.
Challenges
While the AIOps functionality is SaaS and deployed natively in the cloud, the two major challenges for the rest of Riverbed’s network observability solution are the lack of a SaaS deployment model and the lack of support for monitoring networks in containerized and microservices environments. Riverbed will address both challenges in upcoming releases, with the release of NPM Plus, a SaaS-based version of the solution that includes a Riverbed Unified Agent component. Support for container-based network communication is planned for early in 2025.
Purchase Considerations
Riverbed offers perpetual and subscription-based licenses, tiered licensing based on volume, and a variety of support options with different levels of SLA. Pricing for the AIOps functionality is based on consumption of automation, which includes AI/ML analysis, while pricing for end-user digital experience is based on the number of endpoints monitored. Riverbed has a large professional services organization that can create bespoke solutions.
Riverbed’s solution can monitor a wide range of use cases, which include edge, data center, and cloud environments, as well as campus, LAN and WAN deployments. The solution can also monitor SaaS applications and managed network solutions such as SASE. The company also offers a digital experience monitoring solution that monitors the end-user experience using real and synthetic traffic.
Radar Chart Overview
Riverbed is positioned in the Maturity/Platform Play quadrant of the chart. Its solution offers a comprehensive feature set that can be applied across a wide range of use cases, which puts the vendor on the Platform side, while the stable nature of the solution positions it in the Maturity half. Riverbed is an Outperformer, which reflects its developments in ML-based analytics and AIOps, as well as a good development pipeline for a SaaS-based deployment model and support for container networking monitoring.
SolarWinds
Solution Overview
SolarWinds offers two network observability solutions: Hybrid Cloud Observability is optimized for on-premises or self-hosted cloud deployments, while SolarWinds Observability is a cloud-native as-a-service offering. Both solutions are powered by the SolarWinds Platform and provide full-stack observability focused on meeting the requirements of a complete IT estate.
Hybrid Cloud Observability is designed for on-premises and hybrid networks and infrastructure and commercial cloud apps. SolarWinds Observability addresses the needs of DevOps, application development teams, and site reliability engineers with its code-level observability for in-house custom and cloud-native apps. Its AI/ML-powered Health Scores provide a holistic view that simplifies troubleshooting of complex modern applications across multiple clouds.
Both the self-hosted and SaaS-delivered solutions were developed following a “Secure by Design” model, working in collaboration with security experts such as the Krebs Stamos Group, CrowdStrike, and KPMG to devise a secure software development lifecycle and product architecture.
Strengths
The Hybrid Cloud Observability solution ranks high on the dynamic discovery and mapping key feature because it can automatically discover and map both physical and virtual topologies across different types of infrastructures and services, including cloud environments. The topology maps also include a “time travel” feature, giving users the option to enable historical tracking of the map to determine what occurred prior to an event or to detect related patterns and behaviors.
The solution also scores high on validation, offering integration with Cisco ACI, which surfaces health scores for APIC tenants, spines, and leaves. Cisco ACI information is gathered through a combination of SNMP and API calls. Hybrid Cloud Observability can make bulk configuration changes to wired and wireless devices by designing change templates and creating standardized configurations and can compare configuration changes to adjust and push configurations if needed to remediate any issues. It can also help validate SD-WAN deployments by displaying the control plane and data plane deployments in a single map.
For application and Layer 7 monitoring, Hybrid Cloud Observability provides a visualization of the application stack elements supporting it, including transactions, databases, physical and virtual hosts, network attached storage (NAS) volumes, and APIs. The platform can also integrate with SolarWinds Observability, which provides a dashboard of distributed services representing an application built on a microservices-based architecture. The platform also provides application dependency mapping, which polls dependencies and creates maps to monitor incoming network connections for a managed server or application.
SolarWinds Observability ranks high for container and microservices monitoring because it allows users to track details about their container infrastructure, including hosts, host clusters, environment dependencies, and deployments, and to review metrics for containers, hosts, and other infrastructure elements to plan capacity, analyze container activity in the AppStack Environment, and organize containers on SolarWinds Observability Intelligent Maps.
Some of SolarWinds’ recent feature releases include comprehensive capabilities for monitoring containers and microservices, a capability that is not supported by most other solutions featured here. SolarWinds can monitor container networking interfaces, ingress controllers, API gateways, Kubernetes services, and clusters. The solution can also monitor distributed applications built using microservices and API requests made to web services.
Challenges
SolarWinds could further develop its capabilities for business intelligence, such as measuring the financial impact of network performance and other customer- and industry-specific metrics. It’s also worth noting a small feature discrepancy between the SaaS and self-hosted versions of the product; however, SolarWinds has been continuously working to achieve feature parity between the two deployment models.
Purchase Considerations
The self-hosted observability option is licensed by the number of nodes, while the SaaS observability option offers customizable licenses based on a combination of applications, such as APM, DEM networking, logs, infrastructure, and database applications, each measured in its relevant units.
Both versions of the product are sold via monthly or annual subscription licenses. The license model is fixed rather than consumption-based, meaning that customers can easily predict costs based on the license tier they have subscribed to.
SolarWinds’ solutions offer a comprehensive feature set that can deliver on use cases including data center, LAN, campus, and WAN deployments, and can distinguish between underlays and overlays. The solutions can also monitor public cloud networking constructs such as VPCs and VNets, and they are among the few solutions in this report with comprehensive container monitoring capabilities. They can also monitor end-user performance using both synthetic and real-user traffic and can monitor wireless and Wi-Fi networks, but not cellular and radio networks.
Radar Chart Overview
SolarWinds maintains its position as a strong Leader in this year’s report. As a well-established player in the market catering to a wide range of use cases, SolarWinds is positioned in the Maturity/Platform Play quadrant. It is a Fast Mover, which indicates a good development pipeline and incremental releases, but we don’t expect any major solution updates in the near future.
6. Analyst’s Outlook
Network observability is not revolutionary, but the technology is constantly moving forward. Features such as providing real-time data, discovering and mapping assets, and offering visibility across most types of network infrastructure are becoming the norm in this space. We expect this evolution to continue, with capabilities such as automation becoming the standard rather than a differentiating selling point. How such automation is achieved is another story, because it can be static and defined by humans, or contextual and actioned by AI.
ML and AI are the critical elements that will dictate whether vendors remain competitive in the market. We can categorize vendors into three groups depending on how they will implement AI and ML:
- AI-centric: Vendors will develop AI/ML capabilities in-house or work with AI specialists to embed these features within the platform.
- AI-compatible: Vendors will integrate their solutions with third-party AI tools, bearing the risk that these AI tools will not be purpose-built for network observability.
- AI-reluctant: Vendors won’t leverage AI and ML but will continue to develop features around workflow automation.
The most consistent capability across all vendors is visualization. This makes sense as visualization has been a focus of traditional network performance monitoring, with all developments in this area carrying forward into network observability.
Interestingly, most vendors have gone beyond Layers 2 through 4 monitoring to provide Layer 7 and application observability as well. This illustrates a market-wide shift in priorities, by which network teams are no longer siloed but actively involved in supporting business applications. Business leaders acknowledge that application performance is heavily dependent on network performance, and observability tools provide the required insights to support applications via the network.
The widest variance in vendors’ capabilities occurs around validation and dynamic discovery and mapping. Validation is the result of multiple features such as configuration management, network performance, and automation. If a vendor offers all these capabilities independently, they will not be able to perform validation. However, if they can correlate performance changes to configuration while also being able to assess configurations created through automated deployment features, the vendor will be a leading contender for the validation use case.
Dynamic discovery and mapping has a low barrier to entry. With asset discovery as a table stake for observability, a vendor can achieve minimum dynamic discovery and mapping by scheduling discovery scans. The difference becomes apparent with more advanced features, such as discovering SaaS applications and other services, which is not something most vendors support.
SaaS deployments are not yet the industry standard, but this is one aspect recognized as a deal breaker for a growing number of network operators. It is thus unsurprising that most vendors are accelerating SaaS deployment models in their development pipelines.
While network observability is mainly a platform-based solution (that is, the more features supported, the better the offering), a vendor’s capabilities need to go only as far as your requirements and future needs dictate. For example, if you already own a security observability solution, employing a network observability solution with security capabilities may not add any value. This is why modular solutions can be beneficial, allowing you to pick and choose the features you need. Likewise, if you need to deploy the observability solution as a physical appliance on-premises, whether the solution offers an SaaS deployment model is irrelevant. When assessing vendors, we recommend drafting a high-level view of your requirements to help narrow down your network observability vendor selection to a manageable number of prospects.
To learn about related topics in this space, check out the following GigaOm Radar reports:
7. Methodology
*Vendors marked with an asterisk did not participate in our research process for the Radar report, and their capsules and scoring were compiled via desk research.
For more information about our research process for Key Criteria and Radar reports, please visit our Methodology.
8. About Andrew Green
Andrew Green is an enterprise IT writer and practitioner with an engineering and product management background at a tier 1 telco. He is the co-founder of Precism.co, where he produces technical content for enterprise IT and has worked with numerous reputable brands in the technology space. Andrew enjoys analyzing and synthesizing information to make sense of today’s technology landscape, and his research covers networking and security.
9. About GigaOm
GigaOm provides technical, operational, and business advice for IT’s strategic digital enterprise and business initiatives. Enterprise business leaders, CIOs, and technology organizations partner with GigaOm for practical, actionable, strategic, and visionary advice for modernizing and transforming their business. GigaOm’s advice empowers enterprises to successfully compete in an increasingly complicated business atmosphere that requires a solid understanding of constantly changing customer demands.
GigaOm works directly with enterprises both inside and outside of the IT organization to apply proven research and methodologies designed to avoid pitfalls and roadblocks while balancing risk and innovation. Research methodologies include but are not limited to adoption and benchmarking surveys, use cases, interviews, ROI/TCO, market landscapes, strategic trends, and technical benchmarks. Our analysts possess 20+ years of experience advising a spectrum of clients from early adopters to mainstream enterprises.
GigaOm’s perspective is that of the unbiased enterprise practitioner. Through this perspective, GigaOm connects with engaged and loyal subscribers on a deep and meaningful level.
10. Copyright
© Knowingly, Inc. 2024 "GigaOm Radar for Network Observability" is a trademark of Knowingly, Inc. For permission to reproduce this report, please contact sales@gigaom.com.