This GigaOm Research Reprint Expires: Jun 30, 2023

GigaOm Radar for Network Observabilityv2.0

1. Summary

Network observability is a category of platforms and tools that go beyond device-centric network monitoring to provide truly relevant, end-to-end visibility and intelligence for all the traffic in your network, whether on-premises, in the cloud, or anywhere else. Representing a step beyond network performance monitoring, network observability guarantees visibility and distinguishes itself with actionable insights. These insights shift many low-level activities—such as troubleshooting or traffic analysis—from engineers to the network observability tool.

Observability tools are less about specialization and more about consolidating a comprehensive experience in a single tool. This convergence brings numerous advantages, including a better user experience, lower costs than those incurred when deploying multiple tools, adaptability for complex IT environments, future-proofing, and cohesiveness across IT departments. Network observability is perhaps the only way to ensure that a modern, critical infrastructure achieves the required uptime and availability.

While businesses of all sizes can benefit from the end-to-end visibility offered by network observability tools, those with large, complex networks are likely to see the most improvement. These can be companies with proprietary networks, where IT plays a supporting role—such as retail or manufacturing—or businesses that sell network services, such as communication service providers. We explore these categories in more depth in the following section.

This report looks at key vendors in the emerging network observability space and aims to equip IT decision-makers with the required information to select suitable providers according to their specific needs. We analyze the vendors on a set of key criteria and evaluation metrics, described in depth in the GigaOm report, “Key Criteria Report for Evaluating Network Observability Solutions.”

How to Read this Report

This GigaOm report is one of a series of documents that helps IT organizations assess competing solutions in the context of well-defined features and criteria. For a fuller understanding, consider reviewing the following reports:

Key Criteria report: A detailed market sector analysis that assesses the impact that key product features and criteria have on top-line solution characteristics—such as scalability, performance, and TCO—that drive purchase decisions.

GigaOm Radar report: A forward-looking analysis that plots the relative value and progression of vendor solutions along multiple axes based on strategy and execution. The Radar report includes a breakdown of each vendor’s offering in the sector.

Solution Profile: An in-depth vendor analysis that builds on the framework developed in the Key Criteria and Radar reports to assess a company’s engagement within a technology sector. This analysis includes forward-looking guidance around both strategy and product.

2. Market Categories and Deployment Types

Network observability tools are necessary and effective across all types of networks, but they are particularly important in complex IT environments. By taking into consideration the size of the network, its geographical spread, the security requirements, and whether IT is a supporting or a central function, we identified the following market categories that can benefit from network observability:

  • Small-to-medium business (SMB): Solutions in this category are those that meet the needs of mid-sized businesses, which operate a network (physical or virtual) that supports their workforce. These solutions also can serve individual departments or lines of business within a large enterprise.
  • Large enterprise: Usually adopted for large or business-critical projects, solutions in this category have a strong focus on flexibility, performance, data services, and features that improve security and data protection. Scalability is another big differentiator, as is the ability to use the same service in different environments.
  • Public sector: These types of networks have comprehensive security requirements and can span local authorities (local councils, emergency services), national public institutions (government, parliament, defense), and international entities (such as the European Council).
  • Communication service providers (CSPs): CSPs are carriers, internet service providers (ISPs), and network service providers (NSPs) that offer network services and often have a very complex national and international infrastructure serving both enterprise and consumer customers.
  • Managed service providers (MSPs): MSPs are enablers that take over a customer’s network operations and deal with maintenance, upgrades, and other day-to-day activities. Their needs can align with any of those mentioned in the above categories, depending on the MSP’s customer base, and include strict multitenancy requirements as well.

Network observability tools can be delivered using three deployment models:

  • Virtual appliance: This software tool can be deployed in public clouds, private clouds, or other on-premises infrastructure. It gives you greater control, while still allowing solid deployment flexibility. The tool’s performance, however, depends on whatever infrastructure the software is running on, as well as connectivity to the rest of the network.
  • Physical appliance: The tool requires one or more specialized hardware units to be installed on the customer’s network. This approach typically offers the least deployment flexibility (you must physically attach the appliance to your infrastructure) but the highest degree of control and security.
  • Software as a service (SaaS): The tool can be accessed directly through a web portal with no additional installation. This is often the simplest and easiest way to leverage network observability. The downside is that it may not meet the security requirements or complex customization needs of some customers.

Table 1. Vendor Positioning

Market Segment

Deployment Model

SMB Large Enterprise Public Sector CSP MSP Physical appliance Virtual appliance SaaS
Accedian
Auvik
Broadcom
Kentik
LiveAction
LogicMonitor
ManageEngine
MantisNet
Motadata
NETSCOUT
Paessler
Park Place Technologies
Plixer
Progress
SolarWinds
3 Exceptional: Outstanding focus and execution
2 Capable: Good but with room for improvement
2 Limited: Lacking in execution and use cases
2 Not applicable or absent

3. Key Criteria Comparison

Building on the findings from the GigaOm report, “Key Criteria for Evaluating Network Observability,” Table 2 summarizes how each vendor included in this research performs in the areas that we consider differentiating and critical in this sector. Table 3 follows this summary with insight into each product’s evaluation metrics—the top-line characteristics that define the impact each will have on the organization. The objective is to give the reader a snapshot of the technical capabilities of available solutions, define the perimeter of the market landscape, and gauge the potential impact on the business.

Table 2. Key Criteria Comparison

Key Criteria

Dynamic Discovery & Mapping Visualization Validation Traffic Analysis Troubleshooting Security Observability Application & Layer 7 Monitoring
Accedian 1 2 1 3 2 2 3
Auvik 2 2 2 3 1 0 2
Broadcom 3 2 3 3 3 3 3
Kentik 1 3 0 3 2 3 3
LiveAction 1 2 2 3 2 3 2
LogicMonitor 1 2 3 3 2 2 3
ManageEngine 2 3 2 2 2 2 3
MantisNet 2 0 1 2 1 2 2
Motadata 2 2 1 2 2 1 3
NETSCOUT 3 2 1 3 2 3 3
Paessler 1 2 1 1 2 2 2
Park Place Technologies 2 2 2 2 2 3 2
Plixer 1 2 0 3 1 3 2
Progress 2 2 2 2 3 3 3
SolarWinds 3 2 3 2 2 2 3
3 Exceptional: Outstanding focus and execution
2 Capable: Good but with room for improvement
2 Limited: Lacking in execution and use cases
2 Not applicable or absent

Table 3. Evaluation Metrics Comparison

Evaluation Metrics

NetDevOps Suitability Automation Scalability Flexibility Ease of Use & Usability Solution & Partner Ecosystem TCO
Accedian 2 1 3 2 2 2 2
Auvik 1 2 2 2 2 2 2
Broadcom 2 3 3 2 2 2 2
Kentik 3 2 3 2 3 2 2
LiveAction 1 2 2 3 2 3 2
LogicMonitor 3 3 3 2 2 3 2
ManageEngine 3 2 2 3 2 2 3
MantisNet 2 1 2 2 2 2 2
Motadata 3 3 2 2 2 2 2
NETSCOUT 1 2 3 2 2 3 1
Paessler 1 1 2 2 1 3 2
Park Place Technologies 1 2 3 3 2 2 2
Plixer 1 2 2 2 2 2 2
Progress 1 3 2 2 2 2 2
SolarWinds 3 2 3 2 2 3 2
3 Exceptional: Outstanding focus and execution
2 Capable: Good but with room for improvement
2 Limited: Lacking in execution and use cases
2 Not applicable or absent

Most vendors rank high on the visualization key criteria, a capability that has been developed over the years from the days of network performance monitoring. It is continuously evolving, but enterprise buyers can be confident in most vendors’ visualization features. However, scores on other criteria such as validation and dynamic discovery and mapping are not consistent across observability vendors. This area of differentiation should be noted for enterprises requiring these types of advanced features.

By combining the information provided in the tables above, the reader can develop a clear understanding of the technical solutions available in the market.

4. GigaOm Radar

This report synthesizes the analysis of key criteria and their impact on evaluation metrics to inform the GigaOm Radar graphic in Figure 1. The resulting chart is a forward-looking perspective on all the vendors in this report, based on their products’ technical capabilities and feature sets.

The GigaOm Radar plots vendor solutions across a series of concentric rings, with those set closer to the center judged to be of higher overall value. The chart characterizes each vendor on two axes—Maturity versus Innovation, and Feature Play versus Platform Play—while providing an arrow that projects each solution’s evolution over the coming 12 to 18 months.

Figure 1. GigaOm Radar for Network Observability

As you can see in the Radar chart in Figure 1, most vendors are placed in the upper Maturity half, which represents the incremental developments from the network performance monitoring space, while vendors in the Innovation half have developed functions that are new in the space.

On the Feature Play side, we have positioned vendors such as Auvik, Paessler, and Plixer in the Maturity quadrant, and Kentik and MantisNet in the Innovation quadrant. All these have carved out a unique depth in which they focus, either by looking at specific market segments, deliberately excluding features, working with partners for extended capabilities, or completely rethinking the observability space.

The Platform Play side has a much higher concentration of Leaders, as most of these players have ranked highly more broadly across metrics described in the report. Mature and Platform solutions include vendors such as Broadcom, LiveAction, LogicMonitor, ManageEngine, Motadata, NETSCOUT, Park Place Technologies, Progress, and SolarWinds.

Outperformers are progressing in this space more quickly in different ways. Broadcom Software and Progress have both acquired companies that are complementing their existing capabilities. SolarWinds has consolidated its previous products into a single mature platform. Paessler is fully committed to deepening its infrastructure visibility features, achieving observability through partnerships with specialized vendors, and Accedian’s latest developments are setting it on the course to a comprehensive platform.

Inside the GigaOm Radar
The GigaOm Radar weighs each vendor’s execution, roadmap, and ability to innovate to plot solutions along two axes, each set as opposing pairs. On the Y axis, Maturity recognizes solution stability, strength of ecosystem, and a conservative stance, while Innovation highlights technical innovation and a more aggressive approach. On the X axis, Feature Play connotes a narrow focus on niche or cutting-edge functionality, while Platform Play displays a broader platform focus and commitment to a comprehensive feature set.

The closer to center a solution sits, the better its execution and value, with top performers occupying the inner Leaders circle. The centermost circle is almost always empty, reserved for highly mature and consolidated markets that lack space for further innovation.

The GigaOm Radar offers a forward-looking assessment, plotting the current and projected position of each solution over a 12- to 18-month window. Arrows indicate travel based on strategy and pace of innovation, with vendors designated as Forward Movers, Fast Movers, or Outperformers based on their rate of progression.

Note that the Radar excludes vendor market share as a metric. The focus is on forward-looking analysis that emphasizes the value of innovation and differentiation over incumbent market position.

5. Vendor Insights

Accedian

Accedian Skylight delivers high-performance network and user-experience monitoring across virtualized, cloud, software-defined, and physical network infrastructures as well as service and application chains. Skylight provides end-to-end network and application performance visibility and control over user experience.

Accedian network observability is achieved with the following products:

  • Skylight Performance Analytics (SaaS deployment) is the main tool for viewing and analyzing network performance data.
  • Skylight Orchestrator (physical and virtual deployment) is Accedian’s solution for managing sensor deployments.
  • Skylight software and hardware sensors (physical and virtual deployment) are designed for capturing all network traffic between users and infrastructure (north-south) and between virtualized infrastructure resources (east-west).

The platform ranks high on the application & Layer 7 as well as traffic analysis key criteria. It uses sensors to monitor real-user experience and generate synthetic data orchestrated from a single solution. The Skylight sensor agents provide active test traffic from Layers 2 through 7. The sensor agents can generate performance data on Layer 2 Ethernet, Layer 3 IP, Layer 4, and Layer 7 protocols. The Skylight “capture sensor” provides lightweight passive analysis of network traffic from Layer 2 to Layer 7 on physical, virtualized, and cloud infrastructures. The capture sensor collects network traffic between users and infrastructure (north-south) and between virtualized infrastructure resources (east-west).

The Skylight platform is highly scalable, able to monitor multinational networks, and cater to the complex network of CSPs or businesses with highly distributed networks. Skylight passive sensors support 13 Gbps of the maximum throughput of a single instance with Layer 4 deep packet inspection (DPI) enabled. While Layer 7’s DPI maximum throughput is 10 Gbps, the maximum number of active/synthetic monitoring flows per second is 250,000.

Skylight Interceptor is a new product that Accedian will launch in the second half of 2022. It is a SaaS cloud-native network detection and response (NDR) solution that will provide real-time network detection by analyzing network traffic for threat and intrusion. Accedian’s scoring for the security observability key criterion excludes the soon-to-be-released capabilities of Skylight Interceptor.

Accedian ranks high on the traffic analysis criterion because Skylight performance analytics leverages machine learning (ML) to conduct network traffic analysis. It provides predictive analysis to identify performance-related issues such as latency, jitter, congestion, and dropped packets. It can also be used to support threat investigation and detect malicious behavior.

Strengths: Accedian’s offerings can deliver excellent scalability using its orchestration tool and has good security visibility as well as continued development of artificial intelligence (AI) and ML integration.

Challenges: Accedian’s network observability platform ranks lower for validation and dynamic discovery and mapping, which means a lower level of automation available from the platform compared to other vendors featured in the report.

Auvik

Auvik’s network management platform has well-developed capabilities for monitoring mid-market enterprise infrastructure that spans from on-premises equipment to outsourced infrastructure in the cloud and at the edge.

Delivered in an SaaS model, Auvik supports functions such as network topology mapping, network traffic visualization, network performance monitoring, network configuration backups, and syslog management.

For validation, Auvik scans network devices for configuration changes every hour, backing up the latest configurations automatically. The configuration backups are available for a side-by-side comparison review. Auvik can easily restore configurations using a restore button or, alternatively, allow for export so the config can be applied to a new device. While this approach falls short of achieving true validation, Auvik has the opportunity to correlate network performance changes with configuration changes.

Auvik can discover and map new network appliances and services automatically as they are added. Moreover, Auvik integrates asset management capabilities such as detecting and capturing full details for every device on the network, including make and model, serial number, IP address, and the physical switchport the device is connected to. Auvik pulls lifecycle data from supported devices to show whether they are on current or expired support contracts, whether there are more up-to-date software versions available, whether the devices are eligible to receive critical security updates, and whether or not the devices are still available for purchase.

Auvik extracts flow data and uses ML and traffic classification to highlight which applications or protocols are using the bulk of the network’s bandwidth, allowing users to investigate network traffic spikes retroactively or in real-time. Customers can identify applications in use, application category, device names, and geolocation.

Strengths: Auvik has a strong offering for mid-market customers, offering a good level of end-to-end network observability. Its developed traffic analysis capabilities and SaaS-based offering make it an attractive option in the network observability market.

Challenges: Auvik ranks lower on criteria such as security observability and troubleshooting. While the lack of security observability is a deliberate choice, the vendor can continue improving its automation capabilities, including self-healing and auto-remediation.

Broadcom

Between its in-house developments and the recent acquisitions of CA Technologies (CA) in 2018 and AppNeta in February 2022, Broadcom Software’s network observability solution offers comprehensive visibility across most types of enterprise infrastructure, including network edge and out to ISP, SaaS, and cloud provider networks.

DX NetOps is Broadcom Software’s main network observability tool, which can be used across traditional and software-defined architectures, with strong capabilities for network fault detection, performance, flow, configuration management, log analysis, and AI insights. DX NetOps is further enhanced by AIOps by Broadcom Software, a solution that leverages AI and ML for full-stack correlations, predictions, and algorithmic analysis of alarms, metrics, logs, and topologies.

AppNeta offers SaaS-based network and end-user experience monitoring that provides insights into network performance from the end-user perspective across infrastructures that customers do not own, such as the internet, middle mile, cloud, and SaaS environments. AppNeta’s proprietary TruPath technology provides granular insight into the network delivery paths through any network by using packet-train dispersion.

Broadcom Software’s network observability offering is a very good candidate for carriers, system integrators, MSPs, and large enterprises. Broadcom also boasts an excellent partner ecosystem, leveraging industry-leading vendors for comprehensive visibility across all network segments.

Broadcom Software scores high on most of the key criteria described in the report, including dynamic discovery, traffic analysis, and troubleshooting. For validation, the platform can capture network device configurations upon detecting changes and validate them against policies for compliance with security, audit requirements, and organizational standards. If a configuration is found to be in violation of policy, the issue is raised for awareness, and either an automated or operator-initiated remediation is triggered to resolve the issue.

Strengths: With AI at the core of their offering, Broadcom Software’s capabilities rank high on a wide range of key criteria, including validation, traffic analysis, troubleshooting, security observability, and monitoring of application and Layer 7 resources.

Challenges: Broadcom needs to continue the integration between their existing DX NetOps solution and the recently acquired capabilities from AppNeta to deliver a seamless user experience and consistent pricing model.

Kentik

Kentik’s network observability platform supports monitoring for very large networks. It includes excellent security monitoring capabilities from its broad partner ecosystem as well as built-in threat-intelligence data that can correlate with customer-supplied data.

Kentik ranks high on visualization for intuitive and easy-to-navigate network representations, and for the granular level of detail across third-party infrastructures. Kentik enables the analysis of traffic paths throughout cloud virtual network constructs with trace-route and path views, including all nodes and test result metrics. This functionality lets you see all nodes, links, and paths along a route and quickly zero in on performance issues.

Another differentiating feature in Kentik’s platform is the visibility over network spending. Customers can input their connectivity service provider’s pricing model into Kentik and, based on the amount of traffic, Kentik can provide spending estimates. This information allows enterprises to forecast operational expense (OPEX) spending for network usage and scenario-based budget planning.

Kentik provides advanced insights with autodetection of anomalies and emerging issues, using built-in diagnosis and potential root-cause analysis with a combination of semantically enriched algorithmic learning. The platform uses AI to generate and surface emerging network events for proactive diagnostics, helping the battle against brewing performance issues, network attacks, or traffic anomalies. Kentik can also generate synthetic traffic that can help with digital experience monitoring and proactive troubleshooting, allowing network administrators to zoom into specific tests and learn details about the traffic’s path or application response times from anywhere in the global agent network.

Kentik ranks lower for dynamic discovery and mapping, as well as validation, which represent deliberate business decisions. For dynamic discovery, due to its device-based licensing model, Kentik customers add devices through the API and then the platform auto-discovers all the other sub-infrastructure.

Kentik also ranks high on NetDevOps, providing integrations with infrastructure as code (IaC) tools such as Terraform, a full Python software development kit, and it can write API calls from writing queries in the platform’s interface. Kentik Labs, a part of Kentik that manages several open-source projects, also includes tools that facilitate integration with third-party platforms and eBPF.

Strengths: Kentik is easy to use and delivers very good visualization, planning tools, and security observability. It also offers tailored experiences for different market categories.

Challenges: Kentik deliberately does not offer validation and limited network asset discovery; as such, its platform offers fewer capabilities overall compared to other vendors featured in the report.

LiveAction

LiveAction offers multiple products for network observability. LiveNX is the main monitoring tool targeting the enterprise, while LiveSP is a product dedicated to service providers. Both platforms are complemented by LiveNCA, the network configuration automation tool that automates service management activities such as configuration, change, and inventory management. Omnipeek is another complementary platform, offering in-depth data analysis and visualization.

LiveNX offers visibility into the network, including SD-WAN, data centers, edge locations, and web-based applications. LiveNX supports a Server Node architecture. Each virtual or physical node supports 1,000 devices and 150,000 flows per second. Customers can add multiple nodes to scale horizontally. LiveSP follows a similar model, supporting up to 500 routers with a virtual appliance, up to 3,000 routers with a standard physical appliance, and over 3,000 routers with custom sizing options.

LiveNA is an AIOps product that supports application utilization baselining, performance baselining, and anomaly prioritizations. LiveNA learns the usage patterns of the top network applications, baselines them on a per-device, per-direction basis, and detects anomalies when the usage and performance deviates from learned normal behavior. Top anomalies and insights can be quickly understood in context per app, per site, and per device. This allows contextually relevant drill-down to anomaly details.

In early 2022, LiveAction released ThreatEye NV, a network detection and response solution for enterprise threat detection and encrypted traffic analysis. ThreatEye NV can track, classify, and characterize network traffic without requiring network traffic decryption. ThreatEye NV’s deep packet dynamics (DPD) is agnostic with respect to packet contents and is used to create a historical inventory of traits and behaviors for profiling and fingerprinting, which can help with end-user privacy and save on computation power for packet payload decryption.

LiveAction seems to achieve true network observability as defined in this report only through multiple products, which can significantly impact the total cost of ownership. For instance, you would need to use LiveWire, LiveNX, and LiveNCA.

Strengths: LiveAction can monitor large networks across different types of infrastructure. The platform’s AIOps product gives customers actionable insights by analyzing traffic patterns.

Challenges: While LiveAction products are tailored to specific market categories, its reliance on complementary products, such as LiveNCA, LiveNX, and LiveWire, make it harder to achieve network observability with a single product.

LogicMonitor

LogicMonitor’s SaaS-based observability platform offers extensive infrastructure monitoring and provides comprehensive visibility into dynamic IT environments from data centers to public clouds. Data correlation capabilities within the platform provide insights for intelligent troubleshooting and predicting bottlenecks. LogicMonitor’s agentless infrastructure monitoring delivers an extensible solution with over 2,000 integrations, customizable dashboards, and automated discovery.

LogicMonitor’s modular observability solution allows customers to select products to match their requirements; products include LM Infrastructure Monitoring, LM Cloud, LM Container Monitoring, LM Logs, and LM Application Performance Monitoring.

LM Intelligence contains the vendor’s AIOps capabilities that can be used for dynamic thresholds, anomaly detection, forecasting, root-cause analysis, and unbalanced service detection. For a given alert condition, LM Intelligence can correlate data points among various metrics, traffic flows, config changes, logs, and topology. Future LM Intelligence developments will include metric-to-metric correlations and metric/log/tracing correlation for the application.

LogicMonitor ranks high on the NetDevOps key criterion, with ongoing developments around integrations with continuous improvement, continuous development (CI/CD) and IaC tools such as Ansible, Terraform, and StackStorm.

LogicMonitor offers end-to-end network visibility to IT departments in medium and large enterprises, and also caters to MSPs. The LogicMonitor solution features a well-developed network discovery function by which collectors use its NetScan feature to discover network devices. NetScans can be executed via ICMP. Native algorithms provide automatic tech-stack discovery via protocols such as WMI, Perfmon, SNMP/SSH, JDBC, HTTP/S, PowerShell, and Groovy APIs for virtual infrastructure.

Another strength of the LogicMonitor solution is its ability to perform network validation. The platform can detect configuration changes and automatically identify the associated impact on network performance metrics. The LM Config feature in LogicMonitor allows customers to centrally monitor all their configurations and raise alerts if there are differences from previous baselines or versions. These configuration change alerts can be correlated with other performance or availability-related alerts.

LogicMonitor has room to improve its support for security observability. Security monitoring is not built into the platform, though users can ingest security insights from other platforms and route them through LogicMonitor’s alerting system.

Strengths: The platform has strong capabilities for multiple metrics, including validation, application and Layer 7 monitoring, traffic analysis, and suitability for NetDevOps practices.

Challenges: LogicMonitor’s main drawback is its lack of built-in security observability and dynamic discovery.

ManageEngine

ManageEngine OpManager Plus is a comprehensive network observability solution that helps monitor network devices and virtual infrastructure as well as network traffic, configuration changes, security appliances, and applications. OpManager Plus can be deployed as a physical appliance on-premises or as a virtual appliance. Currently, there is no SaaS option available. It can be deployed in physical appliances, virtual appliances, and in the cloud.

A distinguishing aspect of the ManageEngine solution is its visualization capabilities. The platform goes beyond topological and geographical maps to provide 3D server room and virtual device views. The vendor ranks high on application and Layer 7 monitoring, offering features such as monitoring the health, availability, and performance of monolithic applications and distributed applications built using serverless functions and microservices. In addition, the solution provides application-to-application network performance visibility and monitoring of Layer 7 applications such as L7 load balancers and web application firewalls.

Besides the comprehensive OpManager Plus platform, ManageEngine also offers dedicated, stand-alone solutions for network performance monitoring, network traffic management, network configuration, change management, and application performance management. ManageEngine also has a separate network performance monitoring solution tailor-made for MSPs.

ManageEngine’s Network Configuration Manager achieves a high degree of validation. Using Network Configuration Manager to push configuration changes through “confligets” (configuration scripts), deviations can be identified using compliance rules and corrective actions can be taken. The system is not yet compatible with third-party applications.

For dynamic discovery, OpManager can discover new locations, physical appliances, and virtual appliances, and update network visualizations such as Layer 2 topology maps, inventory, and reports. For troubleshooting, ManageEngine offers workflows that help IT teams automate routine tasks based on predefined conditions. These workflow actions include stopping processes to bring down central processing unit (CPU) usage or restarting devices. Workflows can be scheduled for routine maintenance or executed automatically based on user-defined conditions.

One downside compared to other network observability tools on the market is that the probe-based deployment model might be less attractive when SaaS solutions are available. Also, the solution is based on Java, which can be seen as a weakness by some users, especially in regard to upgrades.

Strengths: ManageEngine offers unique visualization capabilities and delivers great application and Layer 7 monitoring.

Challenges: ManageEngine’s OpManager Plus is based on Java, which can lead to issues when upgrading. Deployment options do not include SaaS, and it also requires physical traffic probes.

MantisNet

Commercially available since 2020, MantisNet Containerized Visibility Fabric (CVF) is a network observability platform that provides visibility into networking infrastructure from the core to the edge. MantisNet CVF provides deep, full-stack visibility into all events and enables users to correlate the resulting metadata across multiple systems and infrastructure components.

It’s worth noting that MantisNet doesn’t currently offer a turnkey network observability solution. MantisNet CVF collects, processes, and publishes network data into open message buses. From there, customers typically ingest MantisNet metadata into their existing applications, open-source tools, or analytic workflows for visualization, analysis, and workflow automation to meet the rest of the key criteria described in this report. MantisNet’s roadmap includes developing features and functions for automation, visualization, reporting, alerts, and user interface (UI) dashboard tools to deliver a full-stack network observability platform for enterprise IT.

The CVF platform consists of a single binary image that can be instantiated as agents or controllers. Agents—lightweight, event-driven, network sensors—are installed one per node and programmed to capture or filter traffic and monitor the environment for specific events and changes to physical and virtual resources. Controller instances are installed one per cluster and provide administrative, configuration, and provisioning control over the agents installed in that cluster.

MantisNet customers can deploy the platform via SaaS or use an enterprise licensing model; virtual and physical appliances instances are also available.

The MantisNet platform provides comprehensive, continuous, real-time, non-disruptive visibility into all events, and traffic—across links, processes, flows, containers, applications, microservices, and users. It is typically deployed in an automated, dynamic manner with orchestration and automation tools (Kubernetes) to scale on-demand as resources, processes, and applications are being provisioned and deprovisioned. Furthermore, the platform is open and composable, so that new functions can be added and distributed as needed.

Strengths: MantisNet is a New Entrant in the network observability space (Figure 1); its open, microservices-based and event-streaming architecture may challenge the current observability ecosystem.

Challenges: Currently, the vendor does not offer a full-stack observability platform for enterprise IT: it is missing out-of-the-box visualization, platform automation, and traffic analysis.

Motadata

Motadata has consolidated its network observability features within its AIOps product, bringing ML-based insights and automation engines to an end-to-end infrastructure visibility platform.

Motadata is a unified observability platform for the network, infrastructure, and application stack that enables organizations to gather actionable insights at scale. Motadata leverages ML algorithms for anomaly detection, forecasting, and capacity planning. It is also able to reduce mean time to respond (MTTR) by reducing noise from alerts and generating tickets with more context.

The vendor has a very strong opportunity to develop mature AIOps features by leveraging its existing automation engine—consisting of script and workflow builders—and its ML-based analytics engine that extracts actionable insights to create features such as intelligent self-healing and auto-remediation.

The platform ranks high on the application and Layer 7 monitoring key criterion, with strong capabilities around DevOps-oriented monitoring via service maps, synthetic data, and code-level tracing. The tool can also integrate into the DevOps teams’ CI/CD pipeline.

The platform can automate network configuration management for configuration changes, backups, and restores. These are mature features that provide the capabilities of asset management software. However, the platform isn’t able to achieve validation, which entails correlating configuration with network performance impact and offering automated remediation.

Despite being able to ingest security logs, the platform doesn’t provide security analytics or more advanced features such as NDR. The solution can be deployed only as a virtual appliance; the vendor doesn’t offer an SaaS or on-premises deployment model.

Strengths: Motadata offers great visibility to provide insights across complex networks as well as a wide range of third-party integrations. It also has mature features for application and Layer 7 monitoring.

Challenges: Motadata can further develop its capabilities around validation and work on bringing to market a SaaS deployment model.

NETSCOUT

NETSCOUT is a key player in the network observability space, with established solutions developed over 30 years of working with some of the largest network operators in the world. NETSCOUT’s network observability suite, nGenius, is a mature and well-rounded solution. NETSCOUT tailors its solution based on varied industry requirements—for carriers, public sector, finance, healthcare, or MSPs. nGenius is highly scalable and supports a good selection of data sources, making it a versatile tool for large enterprises with complex networks and for CSPs. In terms of deployment, NETSCOUT offers its flagship product, nGeniusONE, as an on-premises solution featuring the nGeniusONE server unit. NETSCOUT also provides network visibility as a managed service with its nGeniusVaaS (visibility as a service) offering.

A key aspect of NETSCOUT’s solutions is its patented Adaptive Session Intelligence (ASI) technology, which performs real-time data mining of user and application traffic at the network source. The ASI metadata includes key traffic and performance indicators and Layer 4 through 7 problem indicators for the discovered applications and servers, without installing device agents. NETSCOUT’s ASI technology is pre-integrated with over 1,000 applications, providing application monitoring for voice, video, web/URL-based, server-based, SaaS, UCaaS, and custom applications

NETSCOUT ranks high on the traffic analysis key criterion with its Omnis Automation product, which uses ML to detect business impact by correlating KPIs with network performance and performing outlier detection. At the time of writing, Omnis Automation is currently available for Wi-Fi, 5G, multi-access edge computing (MEC), and voice networks. The product will be available for other types of networks such as local area network (LAN), wide area network (WAN), cloud, and edge in future releases.

In 2021, NETSCOUT expanded its capabilities to include application monitoring via the nGeniusPULSE product. Using synthetic testing, nGeniusPULSE can monitor the performance of SaaS applications and remote users. Active, synthetic testing solution for instrumentation at remote edges. It performs tests including business transaction, network service level agreement (SLA), voice over internet protocol (VoIP), full meeting lifecycle, Wi-Fi, and infrastructure performance management. nGenius PULSE is integrated with ISNG/vSTREAM and nGeniusONE and can capture packets on synthetic transactions for Smart Data triage.

Strengths: NETSCOUT offers mature, industry-specific solutions that have been developed over decades. These solutions have excellent scalability, visibility, and troubleshooting capabilities.

Challenges: NETSCOUT’s suite of network observability products makes it a complex solution that can require additional support from the vendor or third parties to successfully deploy. nGeniusVaaS is designed to address these challenges.

Paessler

Paessler offers an all-in-one platform for infrastructure monitoring: PRTG. It provides low-level visibility into all corners of the infrastructure, from network and applications to cloud, hardware, databases, and services. It has a consistent and comprehensive interface and can visualize data in several different modes, including its signature sunburst map. The platform ranks well on flexibility due to its highly customizable sensors, dashboards, licensing models, and available APIs.

PRTG ranks lower on a few key criteria due to the lack of out-of-the-box features for configuration validation, automated troubleshooting, and security visibility. The tool presents all the information required to diagnose and identify issues, but relies on the engineer’s expertise for remediation rather than providing actionable insights and intelligent suggestions.

Despite the lack of these extended observability features, PRTG has carved out its speciality and is looking to provide its customers with automation and insights through several partnerships. Paessler has a very good partner ecosystem, collaborating with IP Fabric to provide validation and ScriptRunner for automation workflows, for example.

In terms of deployment, PRTG can be installed either as a virtual appliance, using a physical probe, or as a web-hosted application. As a virtual appliance, PRTG can be installed in a cloud environment. A physical PRTG probe requires a local machine on-premises. The hosted version simply requires a user to log into the web portal while Paessler manages the PRTG server.

Strengths: PRTG offers excellent visibility over network data sources and has great flexibility in terms of APIs, customizable sensors, and licensing models.

Challenges: While it supplies good information about the network, its troubleshooting and validation capabilities are not as strong as other vendors featured in the report.

Park Place Technologies

Park Place Technologies’ network observability platform, Entuity, is a comprehensive network performance and analytics software solution built on a unified architecture that is highly scalable and configurable. Entuity uses a distributed multi-server architecture that acts as one system to scale from tens to hundreds of thousands of devices.

The platform has strong troubleshooting capabilities provided by Entutiy’s Event Management System (EMS). Automated actions can be defined based on conditions and specific workflows, configured either by network administrators or out-of-the-box, which can process and correlate events to consolidate the number of actionable incidents.

The Configuration Management and Monitoring System allows users to create and automatically push configuration settings to thousands of monitored devices and ports. This system provides validation capabilities when working in conjunction with the Event Management System to streamline workflows, as configuration management tasks can be executed as EMS actions. For example, the two features can work together to detect and automatically shut down a port that has been flapping for more than a defined amount of time, or to enable back-up circuits for a period of high utilization on a WAN. It also monitors existing configurations to provide backup, restore, and golden image functions, change detection and management, as well as policy compliance.

Entuity has well-developed capabilities for all metrics defined in the report. Even though the platform doesn’t offer out-of-the-box capabilities for advanced functions such as AIOps and ML, Park Place Technologies is actively working to further develop its already deep ecosystem partnerships with specialized vendors in the area. As part of its 2022 roadmap, the vendor is looking to implement bidirectional integrations with other AIOps, ITSM, and APM tools.

For installation, Park Place Technologies provides ISO images of the Entuity server, allowing it to be easily installed on both virtual and physical servers. In turn, Entuity can be run in an on-premises environment, or in a private or public cloud. Once deployed, users can access the fully instrumented solution via a web browser portal. While there is no SaaS version available, a hosted option is available through the services team.

Strengths: By combining its event and configuration management systems, Entuity achieves strong troubleshooting and validation capabilities.

Challenges: At the time of writing, Entuity is not available via SaaS; however, the deployment model is part of the 2022 roadmap. More advanced capabilities such as AIOps are dependent on the vendor’s partner ecosystem.

Plixer

The Plixer Scrutinizer network observability platform supports most of the key criteria in this report. Scrutinizer can be enhanced using two AI-based solutions, Network Intelligence and Security Intelligence. The Plixer proposition is straightforward and customers can easily select the features they need using Plixer’s modular solution.

Especially when used with Security Intelligence, Scrutinizer provides excellent visibility into all security concerns. It is augmented by AI/ML technology and includes the ability to automate workflows to reduce the impact of security incidents. Scrutinizer also offers good visualization capabilities, with geographical and topological map views and highly descriptive and customizable graphs. Network Intelligence also offers excellent traffic analysis, fully leveraging AI/ML for accurate capacity forecasting and trend analysis.

While Plixer’s solutions offer mature features, network validation and troubleshooting are limited. The platform equips administrators with all the information needed to run diagnostics but falls short at providing light-touch or no-touch network management. Scrutinizer does offer ServiceNow integration for automated ticket creation, which reduces the engineering team’s investigative efforts.

Plixer offers a flexible deployment model, with Scrutinizer available either as a SaaS offering or a virtual or hardware appliance. Customers can buy the SaaS version of the platform or a subscription license that covers the virtual and physical deployments.

Plixer can provide highly scalable network traffic analytics. Customers benefit from centrally collecting, visualizing, and reporting on thousands of unique flow and metadata elements from their existing network and security infrastructure. This data is centrally stored, creating a rich contextual forensic database that enables threat detection, rapid investigation, and root-cause analysis for network- and security-related incidents.

Strengths: Plixer has a straightforward proposition with excellent visualization, security observation, and AI-based capacity planning capabilities.

Challenges: The solution doesn’t provide validation capabilities, and its troubleshooting features require investigative efforts by an operator.

Progress

Progress’ WhatsUp Gold is a distinguished name in the network observability arena, providing a mature solution that features an advanced interactive mapping interface. Through the strategic acquisition of Kemp Technologies in November 2021, the vendor has expanded the capabilities of its observability solution considerably. Progress’ WhatsUp Gold and Kemp’s Flowmon are now being integrated into a single, end-to-end observability solution.

WhatsUp Gold offers comprehensive infrastructure monitoring while Flowmon provides network traffic analysis for troubleshooting, application performance measurement, and detection of network anomalies.

The vendor ranks high on the security observability key criterion due to the Flowmon Anomaly Detection System (ADS), a security solution that uses ML to detect anomalies in the network traffic. ADS leverages external threat systems and combines multiple detection mechanisms to identify malicious behaviors, attacks against applications, and data breaches, allowing it to uncover unknown and insider threats.

The vendor also ranks high on the application and Layer 7 monitoring as well as the troubleshooting key criteria. For application and Layer 7 monitoring, the platform measures user experience and extracts L7 flow data such as domain name system (DNS), dynamic host configuration protocol (DHCP), and server message block (SMB). The vendor can support automated troubleshooting via self-healing actions such as triggering a server reset and activating PowerShell scripts whenever alerts are triggered. While WhatsUp Gold allows administrators to respond to issues with automated network configuration management actions such as backing up or restoring a network device configuration, the platform cannot yet directly correlate performance degradations with configuration changes.

Currently, both WhatsUp Gold and Flowmon can be deployed as separate physical and virtual appliances. While Flowmon is directly available also from the large public cloud providers, neither solution has an SaaS option.

Strengths: WhatsUp Gold and Flowmon features already complement each other, and with deeper integration, can provide full-stack, end-to-end observability over network infrastructure, security appliances, and applications.

Challenges: At the time of writing, the acquisition is still recent, and the solutions are deployed as standalone products which communicate via APIs.

SolarWinds

Launched in April 2022, Hybrid Cloud Observability is SolarWinds’ solution for network observability, delivering comprehensive, integrated, and full-stack observability as well as integrating data from across the IT ecosystem, encompassing network, servers, applications, and databases. The solution can be deployed as both a physical and virtual appliance, with SaaS deployment on the 2022 roadmap.

SolarWinds developed Hybrid Cloud Observability following a “secure by design” model, working in collaboration with security experts such as the Krebs Stamos Group, CrowdStrike, and KPMG to devise a secure software development lifecycle and product architecture.

The Hybrid Cloud Observability platform ranks high on the dynamic discovery and mapping key criterion as it can automatically discover and map both physical and virtual topologies across different types of infrastructures and services, including cloud environments. The topology maps also include a “Time Travel” feature, giving users the option to enable historical tracking of the map to determine what occurred prior to an event or detect related patterns and behaviors.

The platform also scores high on validation, offering integration with Cisco ACI, which surfaces health scores for APIC tenants, spines, and leaves. Cisco ACI information is gathered through a combination of SNMP and API calls. Hybrid Cloud Observability can make bulk configuration changes to wired and wireless devices by designing change templates and creating standardized configurations. The platform can compare configuration changes to adjust and push configs if needed to remediate any issues. Hybrid Cloud Observability can also help validate software-defined wide area network (SD-WAN) deployments by displaying the control plane and data plane deployments in a single map.

For application and Layer 7 monitoring, Hybrid Cloud Observability provides a visualization of the application stack elements supporting it, including transactions, databases, physical and virtual hosts, network attached storage (NAS), volumes, and APIs. The platform can also integrate with AppOptics, which provides a dashboard of distributed services representing an application built on microservices-based architecture. The platform also provides application dependency mapping, which polls dependencies and creates maps to monitor incoming network connections for a managed server or application.

Strengths: Hybrid Cloud Observability is the result of SolarWinds’ decades of experience in network performance management. The platform has strong capabilities across a variety of key criteria, including dynamic discovery, validation, and application monitoring.

Challenges: SolarWinds can further develop its capabilities for troubleshooting and traffic analysis using AIOps and ML techniques. At the time of writing, the vendor is due to release an SaaS version of its platform.

6. Analyst’s Take

Network observability is not revolutionary, but it is constantly moving forward. More and more, features such as providing real-time data, discovering and mapping assets, and offering visibility across most types of network infrastructure are becoming the norm in the space. We expect this trend to continue, with capabilities such as automation becoming the standard rather than the selling point of differentiation. How automation is achieved is another story because it can be static and defined by humans, or contextual and actioned by AI.

ML and AI are critical elements that will dictate whether vendors remain competitive in the market. We can categorize vendors into three groups depending on how they will implement AI and ML:

  1. AI-centric: Will develop AI/ML capabilities in-house or work with AI specialists to embed the features within the platform
  2. AI-compatible: Will integrate with third-party AI tools, bearing the risk that these AI tools will not be purpose-built for network observability
  3. AI-reluctant: Will not leverage AI and ML but will continue to develop around workflow automation

The most consistent capability across all vendors is visualization. This makes sense as visualization has been a focus of traditional network performance monitoring, with all developments in this area carrying forward into network observability.

Interestingly, most vendors have gone beyond Layer 2 through 4 monitoring, to provide Layer 7 and application observability as well. This illustrates a market-wide shift in priorities, where network teams are no longer siloed but are actively involved in supporting business applications. Business leaders acknowledge that application performance is heavily dependent on network performance, and observability tools provide the required insights to support the application via the network.

The widest variance in vendors’ capabilities occurs around validation as well as dynamic discovery and mapping. Validation is the result of multiple features, such as configuration management, network performance, and automation. If a vendor offers all these capabilities independently, they will not be able to perform validation. However, if they can correlate performance changes based on configuration while also being able to assess configurations created through automated deployment features, then the vendor will be a leading contender for this use case.

Dynamic discovery and mapping has a low barrier to entry. With asset discovery as a table stake for observability, a vendor can achieve minimum dynamic discovery and mapping by scheduling discovery scans. The difference becomes apparent for more advanced features, such as discovering SaaS applications and other services, which is not something that most vendors can support.

SaaS deployments are not yet the industry standard, but this is one aspect recognized as a deal breaker for many network operators. So it is unsurprising that most vendors are accelerating SaaS deployment models in their development pipelines.

While network observability is mainly a platform-based solution (that is, the more features supported, the better the offering), a vendor’s capabilities need to go only as far as your requirements and future needs dictate. For example, if you already own a security observability solution, employing a network observability solution with security capabilities may not add any value. This is where modular solutions can be beneficial, allowing you to pick and choose the features you need. Likewise, if you need to deploy the observability solution as a physical appliance on-premises, whether the solution offers an SaaS deployment model is irrelevant. When assessing vendors, we recommend drafting a high-level view of your requirements to help narrow down your vendor selection to a manageable number of prospects.

7. About Logan Andrew Green

Logan Andrew Green

Logan Andrew Green is an experienced technologist, whose areas of expertise include enterprise IT, fintech, Internet of Things, artificial intelligence, and fixed and mobile connectivity. His engineering experience as an operational support system designer and radio networks optimization engineer helps him assess new technologies from both a technical and commercial perspective. Currently, Logan oversees Vodafone’s portfolio of managed IT products targeted at large enterprises. He has also been working as a technical writer and business strategist across the technology industry, helping mid-sized organizations define their propositions, offerings, and market positioning.

8. About GigaOm

GigaOm provides technical, operational, and business advice for IT’s strategic digital enterprise and business initiatives. Enterprise business leaders, CIOs, and technology organizations partner with GigaOm for practical, actionable, strategic, and visionary advice for modernizing and transforming their business. GigaOm’s advice empowers enterprises to successfully compete in an increasingly complicated business atmosphere that requires a solid understanding of constantly changing customer demands.

GigaOm works directly with enterprises both inside and outside of the IT organization to apply proven research and methodologies designed to avoid pitfalls and roadblocks while balancing risk and innovation. Research methodologies include but are not limited to adoption and benchmarking surveys, use cases, interviews, ROI/TCO, market landscapes, strategic trends, and technical benchmarks. Our analysts possess 20+ years of experience advising a spectrum of clients from early adopters to mainstream enterprises.

GigaOm’s perspective is that of the unbiased enterprise practitioner. Through this perspective, GigaOm connects with engaged and loyal subscribers on a deep and meaningful level.

9. Copyright

© Knowingly, Inc. 2022 "GigaOm Radar for Network Observability" is a trademark of Knowingly, Inc. For permission to reproduce this report, please contact sales@gigaom.com.