GigaOm Radar for Network Observability v6

Network observability is a category of solutions that goes beyond device-centric network monitoring to provide truly relevant end-to-end visibility and intelligence for all traffic in a network, whether on-prem, in the cloud, or elsewhere. Representing a step beyond network performance monitoring, network observability guarantees visibility and distinguishes itself with actionable insights. These insights shift many low-level activities, such as troubleshooting or traffic analysis, from engineers to the network observability tool.

Observability solutions are less about specialization and more about consolidating a comprehensive experience in a single tool. This convergence of functionality brings numerous advantages, including a better user experience, lower costs than those incurred when deploying multiple tools, adaptability for complex IT environments, future-proofing, and cohesiveness across IT departments. Network observability is a key ingredient for ensuring that a modern, critical infrastructure achieves the required uptime and availability.

While businesses of all sizes can benefit from the end-to-end visibility offered by network observability solutions, those with large, complex networks are likely to see the most improvement. These can be companies with proprietary networks, for which IT plays a supporting role (such as retail or manufacturing) or businesses that sell network services, such as communication service providers. We explore these categories in more depth in the following section.

This is our sixth year evaluating the network observability space. This report builds on our previous analysis and considers how the market has evolved over the last year.

This GigaOm Radar report examines 21 of the top network observability solutions and compares offerings against capabilities (table stakes, key features, and emerging features) and nonfunctional requirements (business criteria). It provides an overview of the market, identifies leading network observability offerings, and helps decision-makers evaluate these solutions so they can make a more informed investment decision.

To help prospective customers find the best fit for their use case and business requirements, we assess how well network observability solutions are designed to serve specific target markets and deployment models (Tables 1&2).

For this report, we recognize the following market segments:

• Cloud service provider (CSP): These are infrastructure-as-a-service (IaaS) providers that operate a global network of data centers and serve customers worldwide. These providers often have private networks connecting their data centers and work with communication service providers.

• Edge/content delivery network (CDN): Edge service providers operate a highly distributed global network, often containing hundreds of points of presence (PoPs) across all continents. Their main proposition is to lower latencies for end users, which means they depend heavily on observability solutions for performance assurance.

• Telcos: These are carriers, internet service providers (ISPs), and network service providers (NSPs) that offer network services and often have a very complex national and international physical infrastructure serving both enterprise and consumer customers.

• Regulated industries: These types of networks have comprehensive security requirements and can encompass local authorities (local councils, emergency services), utilities, national public institutions (government, national defense agencies), and international entities (such as the European Council).

• Small-to-medium business (SMB): Solutions in this category are those that meet the needs of small and midsize businesses, which operate a network (physical or virtual) that supports their workforce. These solutions can also serve individual departments or lines of business within a large enterprise.

• Large enterprise: Usually adopted for large or business-critical projects, solutions in this category have a strong focus on flexibility, performance, data services, and features that improve security and data protection. Scalability is another big differentiator, as is the ability to use the same service in different environments.

Network observability tools can be delivered via the following deployment models:

• Physical appliance: The tool requires one or more specialized hardware units to be installed on the customer’s network. This approach typically offers the least deployment flexibility (the appliance must be physically attached to the infrastructure) but the highest degree of control and security.

• Virtual appliance: This software tool can be deployed in public clouds, private clouds, or other on-prem infrastructure. It offers greater control while still allowing solid deployment flexibility. The tool’s performance, however, depends on whatever infrastructure the software is running on, as well as the quality of connectivity to the rest of the network.

• Public cloud image: The observability tool is available in public cloud marketplaces and can run within the cloud environment.

• SaaS: The tool can be accessed directly through a web portal with no additional installation. The tool is hosted and managed by the vendor and delivers the benefits of the solution as a service. This is often the simplest and easiest way to leverage network observability. The downside is that it may not meet the security requirements or complex customization needs of some customers.

• Software: This model refers to the solution being available as a software-only solution that can be installed and run on a customer’s own general-purpose server.

Additionally, observability tools can leverage network probes or agents to collect data that can be deployed as one of the following:

• Physical appliance: Some solutions require dedicated physical appliances to be installed to tap network data. Typically, this offers packet-level visibility into the network traffic, but it is hard to deploy and manage.

• Virtual appliance: Some network probes can be installed on generic all-purpose hardware or virtual machines rather than on dedicated physical appliances. These can be more easily deployed and decommissioned compared to their physical appliance counterparts.

• Agent-based: An agent-based solution means that a piece of software is installed on relevant appliances or endpoints, such as end-user devices, to collect network data. These can take the form of an extended Berkeley Packet Filter (eBPF) host agent, synthetic private agents, or domain name system (DNS) probes.

• Agentless: An agentless model uses network flow data such as Netflow, Sflow, IPFIX, Jflow, Cflow, or protocols like simple network management protocol (SNMP) and an API to collect network data.

Tables 1&2. Vendor Positioning: Target Market and Deployment Model

Tables 1 & 2 components are evaluated in a binary yes/no manner and do not factor into a vendor’s designation as a Leader, Challenger, or Entrant on the Radar chart (Figure 1).

“Target market” reflects which use cases each solution is recommended for, not simply whether that group can use it. For example, if an SMB could use a solution but doing so would be cost-prohibitive, that solution would be rated “no” for SMBs.

All solutions included in this Radar report meet the following table stakes—capabilities widely adopted and well implemented in the sector:

• Multiple data sources

• Vendor-agnostic orientation

• Contextual visibility

• Network discovery

• Real-time data

Tables 3, 4, and 5 summarize how each vendor in this research performs in the areas we consider differentiating and critical in this sector. The objective is to give the reader a snapshot of the technical capabilities of available solutions, define the perimeter of the relevant market space, and gauge the potential impact on the business.

• Key features differentiate solutions, highlighting the primary criteria to be considered when evaluating a network observability solution

• Emerging features show how well each vendor implements capabilities that are not yet mainstream but are expected to become more widespread and compelling within the next 12 to 18 months

• Business criteria provide insight into the nonfunctional requirements that factor into a purchase decision and determine a solution’s impact on an organization

These decision criteria are summarized below.

Key Features

• Dynamic discovery and mapping: This criterion looks at whether and how well the platform can automatically discover and map new network functions and connections. These can be networking devices, new application integrations, third-party SaaS tools, edge locations, data center overlays and underlays, security functions, cloud-native constructs such as virtual private clouds (VPCs) and Vnets, software-defined wide area network (SD-WAN) overlays and controllers, and network as a service (NaaS) and secure access service edge (SASE) deployments.

• Visualization: Observability goes beyond simple visibility and presents data in a way that is easy to navigate and understand. A major aspect of this criterion is the depth and granularity of visualization a solution provides.

• Validation: This is the process of confirming whether a network configuration or design is fulfilling its intended purpose. Validation should be performed proactively before deploying a network change to determine whether the proposed change violates any predefined “golden configuration” policy. Failed checks should automatically abort the deployment process.

• Traffic analysis: This metric evaluates the insights a network observability platform can extract by looking at historical network behavior. Though this information may consist of something as simple as trend lines based on existing data, leading solutions leverage ML algorithms to learn about usage patterns.

• Troubleshooting and optimization: This metric looks at how well a solution can resolve issues by tracing and correcting flaws in a system and by optimizing the system to prevent further issues. Just as with validation and traffic analysis, troubleshooting has multiple facets. Its main scope is to reduce mean time to respond (MTTR) and network administrators’ workloads.

• Security observability: Network observability tools are well positioned to provide observability over security infrastructure as well as network behaviors. For security network infrastructure monitoring, observability tools should include appliances such as Layer 4 firewalls, proxies, Layer 7 firewalls, and VPNs.

• Application and Layer 7 monitoring: With the network as a supporting function for the application, observability tools also need to provide visibility into application performance and how the network affects it.

• Container network monitoring: Network observability tools can expand their realm of expertise to include monitoring of both microservices and containers. Distributed applications built using serverless computing and container-based microservices will become increasingly important with modern application architectures, and leading solutions will bring observability to these new environments.

Table 3. Key Features Comparison

Emerging Features

• Network modeling and planning: Network observability tools can use their knowledge of a customer’s infrastructure to create a simulated environment where the solution can generate synthetic traffic to emulate how the network will behave in different scenarios or how it would behave following configuration or architectural changes.

• Extended Berkeley Packet Filter (eBPF): This technology originated in the Linux kernel and can run sandboxed programs in a privileged context such as the operating system kernel. It is used to safely and efficiently extend the capabilities of the kernel without requiring any change to kernel source code or loading of kernel modules.

• End-user experience monitoring: Network observability tools can go beyond the enterprise network perimeter and measure the performance of applications and services from the end-users’ devices. Using either real-user traffic or synthetic traffic, the solution can gain visibility into client device metrics like bandwidth, latency, jitter, and packet loss.

• Business intelligence: This feature goes beyond network monitoring from a purely technical point of view and factors in business metrics, which include translating network performance into financials, industry-specific metrics, and customer experience.

• LLM modularity and guardrails: Solutions that leverage large learning models (LLMs) to offer administrators a natural language interface for navigating the product need to define where the model is hosted, which models are used, how guardrails are defined, and how the models are evaluated.

• LLM agents and copilots: These are implementations of large language models that either offer administrators a natural language interface for conducting investigation and remediation or act autonomously to investigate and remediate problems.

Table 4. Emerging Features Comparison

Business Criteria

• Scalability: Network observability is typically required in complex IT systems found in large national or multinational companies or public sector agencies that rely on legacy equipment and multiple vendors, which lowers their visibility and results in operational silos. This metric assesses how well a solution is able to grow to meet the increasing needs of large and dynamic enterprises.

• Flexibility: For network observability, flexibility is determined based on customization options, interoperability via APIs, and level of vendor support.

• Ease of use: We can assess this metric from the perspective of Day 1 (ease of deployment), navigation (ease of data retrieval), insights (whether the solution reports only data or provides actionable insights), and remediation (whether it offers steps for resolution). Other factors contributing to ease of use include the availability of technical documents and training programs.

• Ecosystem: With the purchase of a large-scale solution like this, customers are essentially joining a family. To determine the network observability solution provider’s viability, it’s important to assess its supply chains and contractual agreements.

• Cost transparency: As with all technical solutions, the up-front subscription cost for a network observability tool might not reflect all expenses required for full operation. For example, open source software is free, but support staff and ancillary products may be required.

• Support: This refers to managed and professional services offered by the vendor to help customers navigate and troubleshoot problems with the solution. The evaluation includes support channels, times, SLAs, and SLOs.

Table 5. Business Criteria Comparison

The GigaOm Radar plots vendor solutions across a series of concentric rings, with those positioned closer to the center being judged as having the most complete solution. The chart characterizes each vendor on two axes—balancing Maturity versus Innovation and Feature Play versus Platform Play—while providing an arrowhead that projects each solution’s expected evolution over the coming 12 to 18 months.

Figure 1. GigaOm Radar for Network Observability

As shown in Figure 1, most vendors are positioned in the Platform Play half because they have developed their solutions to cover a wide range of network infrastructure types, including hardware, virtualized, and cloud. A large number of vendors are positioned in the Maturity half because their offerings have seen incremental development but no rearchitecting, such as adopting natural language interfaces over GUIs or updating a rule-based detection engine for an LLM-based one. However, as the industry increasingly adopts LLM-based automation, we expect a larger number of vendors to move to the Innovation half in the coming years.

There is consistent development across all vendors in the report, which is illustrated by the lack of Forward Movers. In the validation key feature, for example, capabilities that were delivered by just a few vendors in past reports are now delivered by most. Similarly, in troubleshooting and optimization, a number of vendors are strengthening the optimization side, and as a result, we see more solutions earning top marks in this criterion.

In reviewing solutions, it’s important to keep in mind that there are no universal “best” or “worst” offerings; every solution has aspects that might make it a better or worse fit for specific customer requirements. Prospective customers should consider their current and future needs when comparing solutions and vendor roadmaps.

INSIDE THE GIGAOM RADAR

To create the GigaOm Radar graphic, key features, emerging features, and business criteria are scored and weighted. Key features and business criteria receive the highest weighting and have the most impact on vendor positioning on the Radar graphic. Emerging features receive a lower weighting and have a lower impact on vendor positioning on the Radar graphic. The resulting chart is a forward-looking perspective on all the vendors in this report, based on their products’ technical capabilities and roadmaps.

Note that the Radar is technology-focused, and business considerations such as vendor market share, customer share, spend, recency or longevity in the market, and so on are not considered in our evaluations. As such, these factors do not impact scoring and positioning on the Radar graphic.

For more information, please visit our Methodology.

Auvik: Network Management

Solution Overview

Auvik’s Network Management solution has well-developed capabilities for monitoring SMB infrastructure, from on-prem equipment to outsourced infrastructure in the cloud and at the edge. The solution also includes automation features that continually scan for network changes and update network documentation, back up device configurations, and alert on network activities.

Delivered in a SaaS model, Auvik supports functions such as network topology mapping, network traffic visualization, network performance monitoring, network configuration backups, syslog management, end-user experience monitoring, and netflow traffic analysis to provide Layer 7 monitoring.

Catering specifically to the mid-market, Auvik’s solution is easy to use and deploy, and it addresses the most important use cases for organizations managing on-prem networks.

Auvik is positioned as a Challenger and Fast Mover in the Maturity/Feature Play quadrant of the network observability Radar chart.

Strengths

Auvik scored well on a number of decision criteria, including:

• Dynamic discovery and mapping: Auvik can automatically discover and map new network appliances and services as they are added. It integrates asset management capabilities that detect and capture detailed information for every device on the network, including make and model, serial number, IP address, and the physical switchport where the device is connected. Auvik pulls lifecycle data from supported devices to show whether they are on current or expired support contracts, whether newer software versions are available, whether the devices are eligible to receive critical security updates, and whether the devices are still available for purchase.

• Validation: Auvik scans network devices for configuration changes every hour, backing up the latest configurations automatically and making them available for a side-by-side comparison. Auvik can easily restore configurations using a restore button or, alternatively, allow export so the configuration can be applied to a new device. While this approach falls short of true validation, Auvik enables correlating network performance changes with configuration changes.

• Traffic analysis Auvik extracts flow data and uses ML and traffic classification to highlight which applications or protocols are using the bulk of the network’s bandwidth, allowing users to investigate network traffic spikes retroactively or in real time. Customers can identify applications in use, application category, device names, and geolocation.

Opportunities

Auvik has room for improvement in a few decision criteria, including:

• Application and Layer 7 monitoring: The application has limited capabilities to monitor application-to-application connectivity paths and traces, Layer 7 requests such as HTTP, HTTPS, gRPC, API calls, and requests to third-party services.

• Security observability: While Auvik can discover and map physical and virtual security appliances and visualize network segmentation through dynamic network mapping capabilities, it does not detect anomalous or out-of-policy traffic that can indicate malicious activity such as distributed denial of service (DDoS) attacks or exfiltration.

• Troubleshooting and optimization: The solution supports configurable and customizable alerting, including out-of-the-box alerts, but it does not currently include automatic remediation, self-healing, or root cause analysis (RCA) features.

Purchase Considerations

Auvik offers a strong solution for mid-market customers, with a high level of end-to-end network observability. Its developed traffic analysis capabilities and SaaS-based offering make it an attractive option in the network observability market.

Use Cases

Auvik’s network observability solution is suitable for organizations that need to monitor data centers, LANs, and campus Wi-Fi and wireless networks. With high scores for ease of use and licensing methods, it is a suitable choice for midsize organizations that require a solution with low overhead and a short time to value.

BlueCat Networks: BlueCat Network Observability & Intelligence Platform

Solution Overview

In late 2024, LiveAction was acquired by BlueCat Networks, a provider of DNS, dynamic host configuration protocol (DHCP), and IP address management (DDI). The acquisition aimed to combine LiveAction’s network observability features with BlueCat Network’s DNS-level insights to provide comprehensive traffic flows and performance monitoring across all network protocols.

The BlueCat Network Observability & Intelligence Platform provides end-to-end network observability, LLM-powered troubleshooting, and real-time security analytics across hybrid, multicloud, and edge environments. It unifies flow, device, and packet telemetry into a single view, helping IT teams accelerate root-cause analysis (RCA), prevent outages, and strengthen security posture.

BlueCat Network Observability & Intelligence Platform is made up of four key components. LiveNX provides network visibility using flow data, APIs, SNMP, OpenTelemetry, and cloud telemetry sources. LiveWire delivers enterprise-wide network forensics through high-density packet capture.

LiveAssist, the latest release, is an LLM-powered assistant that provides guided RCA and proactive recommendations through natural language interaction.

Since the BlueCat Networks’ acquisition of LiveAction, new capabilities are delivered via LiveNX Assurance. These include proactive detection and prescriptive remediation steps for network and security infrastructure; identifying, troubleshooting, and remediating errors and misconfigurations in firewalls and load balancers before they disrupt the network; and the ability to proactively identify and resolve issues across firewalls and load balancers.

LiveNX offers visibility into the network, including SD-WAN, data centers, edge locations, and web-based applications. It supports a server node architecture, with each virtual or physical node supporting 1,000 devices and 500,000 flows per second. Customers can add multiple nodes to scale horizontally.

LiveWire provides local packet analysis for deep performance views. This real-time and detailed telemetry is seamlessly fused into LiveNX’s integrated view. LiveWire simultaneously provides the ability to drill down into deep-packet forensic analysis when necessary.

BlueCat Networks is positioned as a Leader and Outperformer in the Innovation/Platform Play quadrant of the network observability Radar chart.

Strengths

BlueCat Networks scored well on a number of decision criteria, including:

• Traffic analysis: The solution supports ML-based features such as application usage baselining, performance baselining, and anomaly prioritizations. It learns the usage patterns of the top network applications, baselines them on a per-device, per-direction basis, and detects anomalies when the usage and performance deviates from learned normal behavior. Top anomalies and insights can be quickly understood in context per app, per site, and per device. This allows contextually relevant drill-down to anomaly details. LiveAction’s alerting engine has an optional GPU-based ML engine for high-capacity data analytics for baselining, anomaly detection, forecasting, and correlation workflows.

• Security observability: BlueCat Networks detects and correlates network-related threats using the platform’s ML capabilities, and workflows are specifically developed for network and security analysts to identify, investigate, and support root cause analysis of network-based threats. BlueCat Networks can validate network design and intent by integrating with prominent SD-WAN vendors. It allows clients to view and analyze the results of dynamic changes to traffic patterns in the context of the full end-to-end network. LiveNX can also create, push, and validate quality of service (QoS) policies in near real time.

• Validation: The solution can verify configurations against gold standards to avoid system outages proactively and automatically verify the device state before and after maintenance, whether it’s a major upgrade, minor patch release, or configuration change. Comparing the device state pre- and post-maintenance provides the operations team with confidence in the success of the update. The LiveNCA module provides full-featured network configuration management, including change detection, policy violations, configuration diffs, rollback, and periodic validation.

BlueCat Networks was classified as an Outperformer given the acquisition, integrations between the two portfolios, and comprehensive development pipelines.

Opportunities

BlueCat Networks has room for improvement in a few decision criteria, including:

• Troubleshooting and optimization: The solution offers step-by-step remediation guidance, with LiveAssist further offering advanced correlation, natural-language workflows, and evidence presentation. However, it does not perform automated remediation or self-healing actions.

• Container network monitoring: While the vendor can monitor API calls or IP-based entities that include containers, it does not have awareness of container and microservices concepts such as container network interfaces (CNIs), API gateways, or ingress controllers to provide low-level visibility into how containers and microservices communicate.

• Dynamic discovery and mapping: While the solution automatically detects when new devices or services appear in the environment, a user must explicitly add a device before it becomes fully managed and included in inventory or reporting.

Purchase Considerations

Though its network observability solution is composed of four products, customers can choose to deploy only the modules they are interested in. For example, if a customer does not need validation and configuration management, they do not require the LiveNCA product. LiveAction is licensed on a per-device basis, while detailed packet forensic analysis is licensed on an appliance (physical, virtual, cloud) basis.

Use Cases

The solution can support a variety of use cases, such as monitoring data‑center networks, local area networks (LANs), campus networks, and wide area networks (WANs), and it is also capable of end‑user digital‑experience monitoring. The solution can also monitor virtualized and overlay networks, such as SD-WAN and public cloud networks. In addition to monitoring network performance, the solution is aware of applications, including cloud-hosted applications, SaaS, and web services. It can also support latency-sensitive use cases by monitoring QoS for live voice and video.

Broadcom: Network Observability by Broadcom

Solution Overview

Combining AppNeta, DX NetOps, SMARTS, and Network Configuration Management (NCM), the Network Observability platform by Broadcom expands traditional operational visibility beyond the network edge and out to ISP, SaaS, and cloud provider networks. With these solutions, enterprises can use end-user experience metrics to track and optimize end-to-end network performance.

The solution provides comprehensive visibility across traditional and software-defined architectures, with strong capabilities for network fault detection, performance, flow, configuration management, log analysis, and AI insights. Network Observability by Broadcom is further enhanced, leveraging AI and ML for full-stack correlations, predictions, and algorithmic analysis of alarms, metrics, logs, and topologies.

Broadcom offers SaaS-based network and end-user experience monitoring that provides insights into network performance from the end-user perspective across infrastructures that customers do not own, such as the internet, middle mile, cloud, and SaaS environments. The solution’s proprietary TruPath technology provides granular insight into the network delivery paths through any network by using packet-train dispersion.

Network Observability by Broadcom is a very good candidate for carriers, system integrators, managed service providers (MSPs), and large enterprises. Broadcom also boasts an excellent partner ecosystem, leveraging industry-leading vendors for comprehensive visibility across all network segments.

The former VMware Voyence NCM product is being integrated into the wider Network Observability platform, providing automation to streamline configuration tasks, enforce compliance, and support post-incident recovery, transforming configuration management from reactive to proactive.

Broadcom is positioned as a Leader and Outperformer in the Maturity/Platform Play quadrant of the network observability Radar chart.

Strengths

Broadcom scored well on a number of decision criteria, including:

• Application and Layer 7 monitoring: Broadcom uses AppNeta’s near-real-time, hop-by-hop active testing of the entire network delivery experience to validate performance from controllers against the actual network delivery performance, validate overlay performance, identify patterns in performance over time, and identify problematic transports or service providers by looking at deviation from normal baselines and projections. This network delivery validation can be used for pre- and post-production deployments like SD-WAN and multicloud adoption.

• End-user experience monitoring: Broadcom brings user experience metrics into the network operations center (NOC) to better understand how managed and unmanaged network delivery performance impacts applications and users. By correlating network path metrics with network device performance, root cause and end-to-end network path health are surfaced, giving the operations teams a better perspective of user experience impact. Monitoring policies are an AppNeta feature that enable administrators to define what and how to monitor, with the solution applying the policies for new users or networking constructs.

• Troubleshooting and optimization: The solution provides root cause analysis, significant alarm noise reduction, situations to watch, self-healing and predictions with machine-driven parameterization of automation, and integration with chat and collaboration tools. It determines usage domains across security, configuration, and release pipelines, including prediction of the future state, multivariate prediction, capacity prediction, business KPI, and resource planning using AI/ML inference.

Broadcom was classified as an Outperformer due to a strong short-term release pipeline for LLM-based automation and remediation.

Opportunities

Broadcom has room for improvement in a few decision criteria, including:

• Container network monitoring: Broadcom can further improve these capabilities by monitoring API requests across microservices, their payloads, and container-specific appliances such as CNIs, load balancers, service meshes, API gateways, and ingress controllers.

• Validation: While the solution offers comprehensive validation capabilities, it can improve them by implementing digital twin and modeling features that can simulate how changes will affect performance before being deployed in production.

• LLM modularity and guardrails: Currently, Broadcom’s solutions for LLM-based automation are limited and use third-party LLMs accessed via APIs.

Purchase Considerations

Broadcom has built strong integrations into VMware's SD-WAN, NSX, and VCF environments, enabling customers with VMware environments to benefit from extensive network observability features. Network Observability by Broadcom licensing is based on the number of devices monitored on the corporate network, data centers, and cloud and SaaS applications with active network and web monitoring.

Use Cases

Broadcom’s network observability solution can be used for a wide range of use cases, including monitoring data centers, LANs, campus WANs and internet; virtualized networks for cloud and edge environments; Wi-Fi, cellular, radio, and other wireless networks; and digital experience monitoring. With such a broad platform scope, Broadcom’s network observability solution is suitable for large enterprises with complex environments.

Cisco: Provider Connectivity Assurance

Solution Overview

In late 2023, Cisco completed the acquisition of network observability provider Accedian. The solution, Provider Connectivity Assurance, delivers high-performance network and user-experience monitoring across virtualized, cloud, software-defined, and physical network infrastructures, as well as service and application chains. Provider Connectivity Assurance also provides end-to-end network and application performance visibility and control over user experience.

Network observability is achieved using Provider Connectivity Assurance (SaaS and on-prem deployment) as the main tool for viewing and analyzing network performance data. Provider Connectivity Assurance software and hardware sensors (physical and virtual deployments) are designed for capturing all network traffic between users and infrastructure (north-south) and between virtualized infrastructure resources (east-west). These can be deployed as software microservices on open compute platforms (x86, vCPE or uCPE, cloud servers) and public cloud platforms.

Provider Connectivity Assurance is highly scalable, is able to monitor multinational networks, and caters to the complex environments of CSPs or businesses with highly distributed networks.

Cisco is positioned as a Challenger and Fast Mover in the Maturity/Platform Play quadrant of the network observability Radar chart.

Strengths

Cisco scored well on a number of decision criteria, including:

• Application and Layer 7 monitoring: The platform uses sensors to monitor real user experience and generate synthetic data orchestrated from a single solution. The platform’s sensors, available as software or containers, provide active test traffic from Layers 2 through 7. The sensors can generate performance data on Layer 2 Ethernet, Layer 3 IP, Layer 4, and Layer 7 protocols.

• Traffic analysis: Provider Connectivity Assurance performance analytics leverage ML to conduct network traffic analysis. It provides predictive analysis to identify performance-related issues such as latency, jitter, congestion, and dropped packets.

• Validation: Provider Connectivity Assurance has developed intent-based assurance features that support baseline performance to ensure the network fulfills business needs and outcomes. Baseline performance metrics can be used pre- and post-configuration change and validate that change management is done successfully. The solution couples baseline data and metadata, allowing it to create a contextual relationship between service fulfillment and configuration.

Opportunities

Cisco has room for improvement in a few decision criteria, including:

• Dynamic discovery and mapping: The solution can improve its discovery capabilities by asynchronously updating visualizations and dashboards as new network appliances are spun up.

• Security observability: The solution has limited capabilities to monitor security appliances such as firewalls, detect suspicious traffic, highlight unpatched network appliances, or offer network detection and response (NDR) features.

• Container network monitoring: Currently, the product supports only basic container monitoring based on IP addresses. With Cisco’s acquisition of Isovalent, we expect the tool will develop native awareness of the Cilium CNI for enhanced container monitoring.

Purchase Considerations

We expect the solution to become more tightly integrated with the rest of the Cisco portfolio over time. Customers may consider integrations between Cisco ACI and Nexus Dashboard Fabric Controller (NDFC) for data center and cloud networking.

Use cases

Cisco Provider Connectivity Assurance can deliver on a wide range of use cases, such as enterprise network monitoring, cloud network monitoring, WAN, and internet monitoring. It can also monitor cellular and radio networks, which is a capability offered by only a few vendors featured here. The solution is also able to monitor end-user experience.

Datadog: Network Performance Monitoring and Network Device Monitoring*

Solution Overview

Datadog offers a modern take on network observability through its two products, Network Performance Monitoring (NPM) and Network Device Monitoring (NDM).

NPM provides visibility into network environments, such as on-prem, cloud, and hybrid environments, including public cloud constructs like VPCs and cloud services. NPM data collection is done using eBPF, meaning the solution requires monitored platforms to have Linux kernel versions of 4.4.0 or later or have eBPF features backported. NPM also supports Windows.

Datadog NDM monitors and troubleshoots routers, firewalls, switches, load balancers, and other network devices by supporting SNMP, Netflow, syslog, and other data formats.

In addition to its network monitoring, buyers should consider Datadog’s application performance monitoring (APM) solution, which provides insight into issues at the application layer of containerized environments. With APM, if a container running on EC2 is experiencing high request latency, it can have the networking component investigated to view all network connections that are related to that service and determine whether the problem stems from an upstream service.

Leveraging its background in data ingestion and analytics, Datadog offers a modern approach to network performance monitoring that is based on eBPF, a capability generally not available with other solutions on the market. Datadog NPM supports visibility for the major public cloud providers: AWS, Azure, and GCP. NPM automatically maps network calls to AWS services such as S3, RDS, Kinesis, ELB, and ElastiCache. It can also map API calls to AppEngine, Google DNS, Gmail, and other Google Cloud services. The solution can also monitor AWS load balancers, NAT gateways, VPC internet gateways, and VPC endpoints.

For business intelligence, the solution’s analytics capabilities can support investigations into cloud cost reduction, such as discovering which services account for the majority of cross-availability-zone (cross-AZ) traffic. This can also be applied to other use cases, such as cross-team, cross-cloud provider, or cross-region traffic.

The solution supports troubleshooting through Datadog’s query language. Administrators are able to easily start investigations using templated queries that surface relevant network information without the need to search for or group the traffic.

Datadog is positioned as a Challenger and Fast Mover in the Innovation/Platform Play quadrant of the network observability Radar chart.

Strengths

Datadog scored well on a number of decision criteria, including:

• Container network monitoring: Datadog offers some of the most comprehensive and sophisticated monitoring of microservices and container networking. The solution has awareness and visibility over CNIs such as Cilium, service meshes such as Istio, proxy services such as Envoy, and managed Kubernetes services.

• Visualization: Datadog NPM visualizes the architecture and performance of containerized and orchestrated environments, with support for Docker, Kubernetes, ECS, and other container technologies. Datadog’s container integrations enable organizations to aggregate traffic by entities, such as containers, tasks, pods, clusters, and deployments, with out-of-the-box tags. NPM can map network communication between containers, pods, and services over the Istio service mesh. It tags Envoy sidecars as containers, which means administrators can use the network map to visualize the underlying container traffic and determine whether it’s a service mesh issue.

• Dynamic discovery and mapping: The network map provides a topology view of the network to help visualize network partitions, dependencies, and bottlenecks. In addition to providing an overview of the network’s physical connections, administrators can investigate individual devices to understand their connections, flows, and overall status. Hovering over a device displays its overall status and key metrics.

Opportunities

Datadog has room for improvement in a few decision criteria, including:

• Validation: The solution can further improve its validation capabilities by correlating performance degradations with configuration changes, enabling alerting or automatic rollbacks, implementing synthetic traffic to simulate how changes would behave in production, or offering digital twin features.

• Security observability: The solution has limited capabilities to monitor security appliances such as firewalls, detect suspicious traffic, highlight unpatched network appliances, or offer NDR features. It is worth noting that Datadog has a comprehensive security monitoring portfolio, which is a separate set of products from network monitoring.

• LLM modularity and guardrails: Datadog does not currently integrate with large language models to allow network administrators to interact with the solution using natural language.

Purchase Considerations

Datadog’s data ingestion and analytics capabilities, which go beyond network data, distinguish it from the rest of the vendors featured in this report. Organizations that deploy Datadog NPM also have access to a wide range of infrastructure and service monitoring capabilities that are unavailable from other vendors featured here. NPM is perhaps best suited for organizations that already have a Datadog deployment and require a network observability product.

Use cases

Datadog can deliver on a wide range of use cases, but its capabilities are particularly good for monitoring containers, microservices, applications, and services. It can also monitor enterprise networks, data centers, and cloud networks. Currently, the solution can monitor Cisco SD-WAN only using Meraki or a Netnology integration, and it does not support radio networks.

Forward Networks: Forward Enterprise

Solution Overview

Forward Networks’ Enterprise platform provides an innovative take on network observability by generating a vendor-neutral software abstraction—a digital twin—that models the entire network infrastructure, including switches, routers, firewalls, load balancers, and SD-WAN solutions, both on-prem and in the public cloud.

By producing a digital twin of a network, the solution enables end users to do a network-wide search of network behavior, configuration, and state. The solution can discover any device on the network, including its connections and all forwarding behavior for end-to-end path analysis across the network for both on-prem and multicloud infrastructure.

The Forward Enterprise platform's digital twin serves as a powerful troubleshooting platform, offering a suite of applications such as search, inventory, verification, and network query engine (NQE). These applications unveil comprehensive configuration and connectivity insights, empowering operators to proactively pinpoint configuration errors, connectivity inefficiencies, or potential causes of security breaches. In the event of detecting such anomalies, the platform can be configured to dispatch notifications and alerts or generate or update ServiceNow tickets, expediting reporting and subsequent remediation efforts. This robust functionality streamlines network management processes and enhances overall operational efficiency.

Its digital twin approach distinguishes Forward Networks from most other vendors. While this approach has specific advantages, the solution does not offer all the features supported by solutions on the Platform Play side, such as traffic analysis.

One of the vendor’s recent developments, Forward AI, helps customers surface information, automatically identify anomalies, and respond to incidents.

Forward Networks is positioned as a Challenger and Fast Mover in the Innovation/Feature Play quadrant of the network observability Radar chart.

Strengths

Forward Networks scored well on a number of decision criteria, including:

• Validation: The solution specializes in validation. It can verify that the network is configured and behaving as intended across on-prem, cloud, and virtual overlay networks by delivering automated pre- and post-deployment checks. The solution offers a full network digital twin that can simulate how infrastructure and configuration changes will behave before being deployed in production. The Forward Enterprise Behavior Diffs feature surfaces what has changed at different layers in the network stack by showing changes in the topology (devices, links, interfaces), at Layer 2 (VLANs) and Layer 3 (routing) and security controls such as access control lists (ACLs) and network address translation (NAT), as well as the effects those changes have on the network‑intent policies defined by the network operators.

• Security observability: Forward Enterprise is able to address security use cases such as attack surface management, which provides detailed information on all devices connected to a compromised host in a single intuitive interface; vulnerability management; security posture management for validating that global network security posture complies with zero trust design goals for multicloud and on-prem networks; and exposure analysis to identify end hosts impacted by critical vulnerabilities that can be accessed from any exposure point.

• Visualization: The tool can display network Layer 2 to 4 topology and all possible traffic paths within a single pane of glass, including on-prem, cloud, and virtualized environments. It can then drill down to specific devices and traffic flows, including configuration and state data, and view the global network in a single view or drill down to a single device.

Opportunities

Forward Networks has room for improvement in a few decision criteria, including:

• Traffic analysis: The solution does not focus on traffic analysis and provides only basic capabilities, such as reporting on statistics in the context of a path search or in the device card in case of device CPU and memory utilization.

• Application and Layer 7 monitoring: While the vendor can add Layer 7 filters on the path analysis feature and can model HTTP, HTTPS, and DNS traffic, it does not currently support L7 protocols such as Kafka and gRPC or monitor network-related application health.

• Container network monitoring: Currently, Forward Networks does not monitor microservices or containers through integrations with Kubernetes telemetry or container networking interfaces, but container support is targeted for upcoming releases.

Purchase Considerations

Forward Network’s observability solution is inherently different from those of the rest of the vendors featured in this report. It allows enterprises to take a much more proactive approach to managing network performance compared to the reactive approach that monitors real traffic to identify degradations after they occur. What the solution can’t provide in terms of traffic analysis it compensates for with comprehensive validation features and associated security posture monitoring.

Forward Networks offers a yearly licensing model per physical or virtual network device used on-prem, while for cloud monitoring, the licensing is per compute instances.

Use Cases

Forward Networks’ comprehensive digital twin platform can model a wide range of type overlay and underlay networks. The solution can model network devices such as switches, routers, firewalls, and load balancers, as well as SD-WAN and wireless solutions, data center networks, radio networks, and virtualized cloud environments. Modeling for containers and microservices will be supported in future releases.

Kentik: Network Intelligence Platform

Solution Overview

Kentik’s solution provides comprehensive network observability across infrastructures, including data centers, private and public clouds, WAN and SD-WAN edge, CDNs, ISPs, and the various service provider networks on the internet.

The Kentik offerings include a unified, intuitive map and topology view that shows intra- and inter-infrastructure traffic flows and provides real-time and historical traffic, performance, and health information for immediate assessment, issue identification, and troubleshooting. The solution is fully delivered as SaaS but can also be deployed physically within the customer’s control if needed to support compliance requirements. In this case, the solution is managed by Kentik and delivered in a similar SaaS fashion.

Kentik’s network intelligence solution supports monitoring for very large networks. It includes excellent security monitoring capabilities from its broad partner ecosystem as well as built-in threat intelligence data that can correlate with customer-supplied data. Kentik Kube uses a kernel-based eBPF agent to generate flow records and performance characteristics such as session latency and transmission control protocol (TCP) retransmit statistics. The eBPF nature of the agent means it is lightweight and offers very high performance, generating flow records for 10Gb/s of traffic consuming a single CPU core. Kentik is currently developing eBPF features to generate records identical to VPC Flow Logs from traffic generated in cloud provider environments, typically done to avoid the flow log charges.

Launched in November 2025, Kentik AI Advisor is an LLM-based agent that leverages Kentik data and context to support use cases such as incident triage, troubleshooting, and RCA, optimizing cloud performance and costs, capacity planning, and security-related investigations. While Claude is the default language model, Kentik also supports models such as Google Gemini and OpenAI models GPT-5 and o3.

Another differentiating feature in Kentik’s solution is the visibility into network spending. Customers can input their connectivity service provider’s pricing model into Kentik, and based on traffic attributes, Kentik can provide spending estimates. This information allows enterprises to forecast OpEx spending for network usage and scenario-based budget planning.

Kentik also caters to NetDevOps audiences, with integrations for infrastructure-as-code tools such as Terraform and a full Python software development kit. The solution can write API calls from queries written in its interface. Kentik also manages several open source projects, including tooling that facilitates integration with third-party tools and eBPF-based Kubernetes observability.

Kentik is positioned as a Leader and Fast Mover in the Innovation/Platform Play quadrant of the network observability Radar chart.

Strengths

Kentik scored well on a number of decision criteria, including:

• Dynamic discovery and mapping: Kentik can identify and visualize cloud networking elements and their associated context, Kubernetes nodes, pods, and connections, along with CDN PoPs, internet applications, and upstream connectivity providers. While these capabilities are extensive, Kentik’s solution also lets customers add devices through the API, which the solution then automatically discovers.

• Visualization: With intuitive and easy-to-navigate network representations, Kentik provides a granular level of detail across third-party infrastructures. Kentik enables the analysis of traffic paths throughout cloud virtual network constructs with trace-route and path views, including all nodes and test result metrics. This functionality lets administrators see nodes, links, and paths along a route and quickly find performance issues.

• Traffic analysis: Kentik provides deep traffic intelligence across hybrid and multicloud networks using full-fidelity flow data, device telemetry, cloud metadata, synthetic tests, and global internet observations. Kentik uses machine learning, dynamic baselining, anomaly detection, and AI-driven correlation to surface operational, performance, and security issues.

Opportunities

Kentik has room for improvement in a few decision criteria, including:

• Validation: Kentik deliberately chose to limit its network validation capabilities. This means the solution has limited awareness of device and network configuration and its impact on performance, and it does not use intent-based mechanisms for defining networking constructs. Kentik is partnering with third-party companies like Itential and has begun exploring the use of LLM capabilities to make configuration suggestions that can help mitigate misconfiguration-related risks and performance degradations.

• Security observability: While Kentik can ingest flow data for security processing, the tool does not currently offer an inventory or configuration management feature to identify unpatched devices or NDR features that can identify suspicious behavior. Kentik maintains a continuously updated inventory of devices it monitors, along with interface roles, traffic patterns, and behavior. Although Kentik is not a full configuration management tool, it can detect behavioral indicators of misconfiguration, such as unexpected traffic patterns, asymmetric routing, missing redundancy, or unusual policy enforcement.

• Troubleshooting and optimization: While Kentik can perform RCA and identify optimization improvements, it does not perform direct auto-remediation or self-healing actions like restarting devices.

Purchase Considerations

Kentik’s licensing model comes in three tiers that are publicly documented. Each tier includes an initial number of flows per second, which includes VPC flows, synthetic testing credits, and metrics per second. Customers can purchase additional flows, VPC flows, metrics, and synthetic credits using “Paks,” paying only for what they use.

Use Cases

Kentik’s network observability solution can be used for a wide range of use cases, including monitoring data centers, LANs, campuses, WANs, and internet. The solution supports both on-prem and cloud environments, distinguishing between overlays and underlays. The solution’s cloud network monitoring is well developed and enables the monitoring of containers and microservices. Kentik also offers synthetic monitoring, which allows customers to monitor the digital experience of their environment.

LogicMonitor

Solution Overview

LogicMonitor’s SaaS-based observability platform offers extensive infrastructure monitoring and provides comprehensive visibility into dynamic IT environments from on-prem data centers to public clouds. Data correlation capabilities within the platform provide insights for intelligent troubleshooting and predicting bottlenecks. LogicMonitor’s agentless infrastructure monitoring delivers an extensible solution with more than 3,000 integrations, customizable dashboards, and automated discovery.

In December 2025, LogicMonitor acquired CatchPoint, whose capabilities include monitoring unmanaged networks and end-user digital experience monitoring. CatchPoint runs more than 2,000 globally distributed PoPs, which are used to proactively monitor third-party services like hypescaler datacenters or internet exchange points.

LogicMonitor’s modular observability solution allows customers to select products to match their requirements. Products include LM Envision, CatchPoint, Edwin AI, LM Infrastructure Monitoring, LM Cloud, LM Container Monitoring, LM Logs, and LM Application Performance Monitoring.

LogicMonitor is positioned as a Leader and Fast Mover in the Maturity/Platform Play quadrant of the network observability Radar chart.

Strengths

LogicMonitor scored well on a number of decision criteria, including:

• Troubleshooting and optimization: LogicMonitor’s AIOps capabilities can be used for dynamic thresholds, anomaly detection, forecasting, RCA, and unbalanced service detection. For a given alert condition, LogicMonitor Platform can correlate data points among various metrics, traffic flows, configuration changes, logs, and topology. Future developments include automated remediation.

• Dynamic discovery and mapping: The LogicMonitor solution features a well-developed network discovery function by which collectors use its NetScan feature to discover network devices. NetScans can be executed via the Internet Control Message Protocol (ICMP). Native algorithms provide automatic tech-stack discovery via tools such as Windows Management Instrumentation (WMI), Perfmon, SNMP/SSH, Java Database Connectivity (JDBC), HTTP and HTTPS, PowerShell, and Groovy APIs for virtual infrastructure.

• Traffic analysis: The solution offers good traffic analysis capabilities, which achieve use cases such as extracting DNS info graphically based on traffic source, predictive analytics for fault pattern detection, capacity planning and forecasting, identifying and forecasting usage depending on seasons or events, and detecting link failures by identifying the increased number of connections on the backup link.

Opportunities

LogicMonitor has room for improvement in a few decision criteria, including:

• Validation: While the platform can detect configuration changes, automatically identify the associated impact on network performance metrics, and generate synthetic traffic, the solution can further improve its validation capabilities by offering digital twin capabilities.

• Container network monitoring: LogicMonitor can monitor ingress controllers, API gateways, and service meshes, but it can further improve this by monitoring container networking interfaces for pod-to-pod monitoring.

Purchase Considerations

LogicMonitor recently introduced Platform Packages, which provide greater flexibility in meeting customer needs as they grow. Customers can move their licenses between features as their needs change with the Hybrid Unit, for example, from on-prem to cloud monitoring.

Use Cases

LogicMonitor’s network observability solution can deliver on a wide range of use cases, including Wi-Fi and wireless monitoring, digital experience monitoring for end users, and performance monitoring for both overlay and underlay networks in data centers, LANs, and campus networks. The solution can also monitor WAN and internet performance, along with virtualized cloud networks.

ManageEngine: OpManager Plus and Site24x7

Solution Overview

ManageEngine OpManager Plus is a comprehensive network observability solution that helps monitor and manage network devices and virtual infrastructure, as well as network traffic, configuration changes, security appliances, and applications. OpManager Plus can be deployed in physical appliances, virtual appliances, or as a public cloud image. Site24x7, a wide-ranging monitoring solution for applications, websites, servers, cloud services, and networks, is available as a SaaS solution.

In addition to the comprehensive OpManager Plus platform, ManageEngine offers dedicated standalone solutions for network performance monitoring, network traffic management, network configuration, change management, and application performance management. A separate network performance monitoring solution is tailored for MSPs.

ManageEngine is positioned as a Leader and Outperformer in the Maturity/Platform Play quadrant of the network observability Radar chart.

Strengths

ManageEngine scored well on a number of decision criteria, including:

• Visualization: A distinguishing aspect of the ManageEngine solution is its visualization capabilities. The platform provides topological and geographical maps and can generate 3D server room representations that can be used by on-site engineers to diagnose and fix hardware-related issues.

• Dynamic discovery and mapping: OpManager Plus dynamic discovery enables the discovery of new locations, physical appliances, and virtual appliances and the updating of network visualizations such as Layer 2 topology maps, inventory, and reports. For troubleshooting, ManageEngine offers workflows that help IT teams automate routine tasks based on predefined conditions. These workflow actions include stopping processes to reduce CPU usage and restarting devices. Workflows can be scheduled for routine maintenance or executed automatically based on user-defined conditions.

• Troubleshooting and optimization: OpManager Plus ships with thousands of predefined vendor templates for alarms and alerts. The solution can perform self-healing via automated workflows that can be defined using a drag-and-drop workflow builder with more than 70 actions. In case of server failure, the solution allows IT admins to take remote control of the servers and remediate. In case of network device failure, administrators can change the configurations manually or automate this process through workflows and remediate remotely.

ManageEngine was classified as an Outperformer due to improvements in key features such as traffic analysis and troubleshooting and optimization, along with LLM-based developments.

Opportunities

ManageEngine has room for improvement in a couple of decision criteria, including:

• Validation: While ManageEngine’s Network Configuration Manager enables users to push configuration changes through “configlets” (configuration scripts), allowing deviations to be identified using compliance rules and corrective actions to be taken, it does not currently offer digital twin capabilities where customers can simulate how network changes will impact the services. Predeployment configuration validation is also on the roadmap, with planned availability this year.

• LLM modularity and guardrails: ManageEngine’s current implementation of LLMs uses a bring-your-own-API key, where models are hosted by third parties and accessed via APIs. The solution can improve on this feature by allowing customers to bring their own AI or by hosting or managing the models themselves.

Purchase Considerations

OpManager Plus and Site24x7 must be purchased separately, and ManageEngine offers multiple product tiers. Solutions are available as either perpetual licenses or subscription models based on the number of managed devices, and a dedicated plan is offered for MSPs with no additional costs for deploying probes.

Use Cases

OpManager Plus can monitor a wide range of network types, which include on-prem overlays and underlays for data centers, LANs, campuses, and WANs, as well as Wi-FI and wireless monitoring. It can also monitor virtualized public cloud networks and microservices. The Site24x7 solution provides end-user experience monitoring using both real user traffic and synthetic traffic.

Motadata: ObserveOps

Solution Overview

Motadata ObserveOps is a unified observability platform that delivers end-to-end visibility across networks, infrastructure, applications, and cloud environments. The platform integrates metrics, logs, flows, traces, topology, and configurations into a single analytics and automation fabric, enabling operations teams to proactively detect anomalies, accelerate root cause analysis, and optimize performance across hybrid and

multicloud environments.

ObserveOps combines scalable data ingestion, real-time analytics, and intelligent automation to provide comprehensive network observability spanning device health, traffic behavior, routing intelligence, performance baselines, and service dependencies. Built on an extensible and API-first architecture, the platform centralizes monitoring for diverse environments while offering granular control through an observability data pipeline and AI-native insights.

Motadata ObserveOps is delivered as a single, unified observability platform composed of modular capabilities operating on a common data, analytics, and automation fabric.

Motadata is positioned as a Challenger and Fast Mover in the Maturity/Platform Play quadrant of the network observability Radar chart.

Strengths

Motadata scored well on a number of decision criteria, including:

• Application and Layer 7 monitoring: Motadata ObserveOps provides deep insight into Layer 7 traffic patterns, application communication behavior, and service-level health from a network perspective, including L7 flow visibility (HTTP, HTTPS, DNS, database protocols, API traffic, etc.), distributed tracing insights for instrumented services, application error patterns extracted from logs, and network and transport-layer KPIs such as latency, retransmissions, packet loss, and throughput.

• Troubleshooting and optimization: Motadata ObserveOps provides an integrated troubleshooting framework built on telemetry concepts such as metrics, logs, flows, traces, configurations, routing, AI-driven correlation, and automated remediation workflows. For example, ObserveOps can trigger automated remediation actions, including restarting services, resetting interfaces, flushing ARP tables, clearing routing entries, initiating configuration rollback, or executing device-level commands (API or CLI-based).

• Dynamic discovery and mapping: Motadata automatically discovers the network devices whenever new network and security functions are created in the network environment. The reports and visualization dashboards also get updated based on the discovery of new locations and appliances. Motadata can conduct scans at regular intervals, such as daily or weekly. It discovers the assets asynchronously as new devices are provisioned and automatically updates topology maps, service maps, and reporting dashboards to reflect the changes. It also discovers applications and other services, including databases and SaaS applications.

Opportunities

Motadata has room for improvement in a few decision criteria, including:

• Validation: The platform can automate network configuration management for configuration changes, backups, and restores. These are mature features that provide the capabilities of asset management software. However, the platform isn’t able to achieve validation, which entails correlating configuration with network performance impact.

• Visualization: While the solution has good visualization capabilities, it can further improve by offering more advanced features such as flow and traceroute visualizations of traffic across appliances and services hosted in IaaS providers, including awareness of public cloud infrastructure constructs such as VPCs and transit gateways (TGWs) in AWS.

• Container network monitoring: While Motadata ObserveOps provides comprehensive visibility into microservices, containers, and cloud-native networking constructs by correlating flow telemetry, tracing data, logs, and routing intelligence, it does not monitor network usage for microservices, service meshes, or containers.

Purchase Considerations

Motadata ObserveOps is sold using a flexible, modular commercial model designed to align cost with customer scale, observability maturity, and deployment preferences. The core licensing model is based on the scope and scale of monitored environments, such as monitored entities (which include network devices, servers, virtual machines, containers, and cloud resources) and telemetry volume for metrics, logs, flows, and traces.

Use Cases The solution is able to monitor a good range of networking use cases. For on-prem networks, it can monitor underlays and overlays for data centers, LAN, campus, and WAN environments. The solution also has awareness of public cloud networking constructs and can monitor these within the same product. Motadata can also monitor Wi-Fi and wireless networks.

NetBrain: Next-Gen*

Solution Overview

NetBrain Next-Gen is a network automation platform that relies on a strong observability foundation to provide its no-code automation features. Its approach to observability, achieved by creating a live digital twin of the hybrid cloud, multivendor network used to validate the network and preserve policies during key operation workflows, differentiates it from most other solutions featured here.

The solution can assess the network continuously using no-code automation for rules, policies, and vulnerabilities to identify deviations from the expected golden configuration or state. NetBrain’s Replication Wizard applies intents as automation to the entire multivendor hybrid cloud network to scale no-code automation. It identifies, replicates, and scales automation across the entire network. The solution can discover and visualize real-time traffic flow based on routing and forwarding tables, overlay and underlay network topology, and device and operating details. These form the baseline to create a live digital twin that is a representation of a customer’s network.

NetBrain is positioned as a Challenger and Fast Mover in the Maturity/Feature Play quadrant of the network observability Radar chart.

Strengths

NetBrain scored well on a number of decision criteria, including:

• Visualization: The Flow Layer is used to create an edge-to-cloud control plane with live, historical, and baseline application paths. The Topology Layer provides real-time Layer 2, Layer 3, and VPN overlay and underlay detail for all devices and neighbors and supports end-to-end visibility for public cloud and software-defined networks (SDNs). Lastly, the device layer offers real-time inventory of device configuration, state, and interface details of multivendor networks.

• Validation: NetBrain’s Triple-Defense network protection produces a shareable automation dashboard for each change. It evaluates the network in three phases: before, during, and after a change. Before a change, the solution assesses the desired change against all rules and policies to ensure no violations will occur. During the change, it assesses the impact of each requested change on the network. Finally, after the change, NetBrain confirms the network is delivering services properly, then adds this new configuration requirement to the automation library to verify the impact of a future change on current requirements. It also offers a built-in rollback mechanism that allows administrators to mitigate unexpected changes by quickly undoing them to prevent outages and downtime.

• Troubleshooting and optimization: NetBrain’s solution captures the knowledge of subject matter experts as automation without coding. This includes information about network state, condition, design, configuration, and policies. The Intent technology allows administrators to define how to measure the success of all network conditions and continuously assess them against those desired conditions, such as resiliency, application performance, capacity, latency, security rules, and controls.

Opportunities

NetBrain has room for improvement in a few decision criteria, including:

• Security observability: While the solution can help define security boundaries, access control, and configuration detail, it does not monitor security appliances or traffic for security anomalies.

• Application and Layer 7 monitoring: The solution’s Layer 7 capabilities include path-level assurance of conditions, which could be further improved by offering monitoring for Layer 7 load balancers and web application firewalls (WAFs) and providing visibility into protocols such as HTTP, HTTPS, and gRPC.

• Container network monitoring: While the vendor can monitor IP-based entities that include containers, it does not have awareness of container and microservices concepts such as CNIs, API gateways, or ingress controllers to provide low-level visibility into how containers and microservices communicate.

Purchase Considerations

The subscription is annual, with a three-year term as the default. Licensing is per managed device, per concurrent user, and is also based on extended feature modules used. NetBrain includes its robust assessment library with hundreds of the most common assessments that network professionals need to maintain production. Its ready-to-use network assessment templates can be customized into rich drill-down dashboards.

Use Cases

NetBrain’s no-code automation and modeling engine can be deployed to observe a wide range of overlay and underlay networks. The solution can model networking hardware and security appliances such as switches, routers, firewalls, and load balancers, as well as SD-WAN solutions, data center networks, and virtualized cloud environments. It does not currently support containerized, microservice, Wi-Fi, wireless, or radio networks.

NETSCOUT: nGeniusONE

Solution Overview

NETSCOUT is a key player in the network observability space, with established solutions developed over 30 years of working with some of the largest network operators in the world. Its network observability suite, nGenius, is a mature and well-rounded solution that is tailored to customers based on varied industry requirements, such as carriers, public sector, finance, healthcare, and MSPs.

The nGenius solutions for observability include nGeniusONE, InfiniStreamNG, nGenius Edge Sensor, Omnis Analytics, Omnis AI Insights, and vSTREAM.

NETSCOUT’s flagship product, nGeniusONE, is highly scalable and supports a good selection of data sources, making it a versatile tool for CSPs and large enterprises with complex networks. nGeniusONE is offered as an on-prem solution featuring the nGeniusONE server unit or as a virtual appliance for private clouds. It also provides network visibility as a managed service with its NETSCOUT VaaS (visibility as a service) offering.

A key aspect of NETSCOUT’s solutions is its patented Adaptive Session Intelligence (ASI) technology, which performs real-time data mining of user and application traffic at the network source. The ASI metadata includes key traffic and performance indicators and Layer 4 through 7 problem indicators for the discovered applications and servers, with no need to install device agents. NETSCOUT’s ASI technology supports more than 1,000 applications out of the box, providing monitoring for voice, video, web/URL-based, server-based, SaaS, unified communications as a service (UCaaS), and custom applications.

In October 2025, NETSCOUT introduced the Omnis KlearSight Sensor for Kubernetes solution, which uses eBPF to identify the root cause of problems throughout the communications path, including those that originate in a Kubernetes environment.

NETSCOUT is positioned as a Leader and Outperformer in the Maturity/Platform Play quadrant of the network observability Radar chart.

Strengths

NETSCOUT scored well on a number of decision criteria, including:

• Traffic analysis: NETSCOUT’s Omnis Analytics product uses ML to detect business impact by correlating KPIs with network performance and performing outlier detection. At the time of writing, Omnis Analytics is currently available for Wi-Fi, 5G, multiple-access edge computing (MEC), and voice networks. The product supports other types of networks, such as LAN, WAN, cloud, and edge.

• Security observability: The vendor ranks high on traffic security, with its Omnis Cyber Intelligence solution supporting use cases such as verification of zero trust policies, retrospective analysis using new threat intelligence against historical metadata and packets, threat hunting, and threat blocking via integrations with security service providers. NETSCOUT Arbor Sightline can gather and analyze multiple versions of NetFlow to identify baseline behavior and detect anomalies. It can also provide data associated with attacks, such as source address, target addresses, and protocols used, which can be used for automated attack mitigation.

• Application and Layer 7 monitoring: NETSCOUT can monitor applications via the nGeniusPULSE product. Using synthetic testing, nGeniusPULSE can monitor the performance of SaaS applications and remote users using an active synthetic testing solution for instrumentation at remote edges. It performs tests, including on business transactions, network SLAs, VoIP, Wi-Fi, and infrastructure performance management. nGenius PULSE is integrated with ISNG/vSTREAM and nGeniusONE and can capture packets on synthetic transactions for smart data triage.

NETSCOUT was classified as an Outperformer due to the anticipated release of ChatDPI, an LLM-based copilot and agent, as well as its recent release of its eBPF-based sensor, Omnis KlearSight Sensor for Kubernetes, and associated improvements in visibility.

Opportunities

NETSCOUT has room for improvement in a few decision criteria, including:

• Visualization: The solution can improve its visualization capabilities by adding features such as outsourced infrastructure flows, which provide a view of traffic in areas such as cloud environments and middle mile, available in observability platforms as more and more of enterprise infrastructure is being hosted by third parties. It could also add traceroutes, which provide a hop-by-hop analysis as a request traverses the network from one endpoint to the other.

• Validation: While the solution can detect misconfigurations such as QoS misalignment, it can improve on this by offering automatic configuration rollbacks upon performance degradation or the ability to simulate how traffic patterns will be impacted before being deployed in production.

• End-use experience monitoring: Even though NETSCOUT provides good visibility into end-user experience with synthetic testing and real user monitoring, it does not provide client device analytics to gain visibility into device metrics like bandwidth, latency, jitter, and packet loss.

Purchase Considerations

Licensing can be either perpetual or a subscription. NETSCOUT subscription options combine NETSCOUT instrumentation with nGeniusONE performance management software. This subscription enables enterprise performance management customers to eliminate blind spots that have emerged with digital transformations by cost-effectively expanding instrumentation to new vantage points across their network. The subscription option can be used for both physical and software-based instrumentation or for virtual instrumentation.

Use Cases

NETSCOUT caters to a wide range of network monitoring use cases, which include both on-prem and cloud networks. The solution can differentiate between on-prem underlays and overlays, monitoring data center, LAN, campus, and WAN environments, and WiFi and wireless networks. The solution can also monitor public cloud networking constructs. Moreover, NETSCOUT’s solution is one of the few that can monitor cellular and radio networks, differentiating the solution in this respect.

OpenText: OpenText Network Observability

Solution Overview

After acquiring Micro Focus in 2023, OpenText entered the network observability space with its OpenText Network Observability solution. This is a mature and well-featured tool that provides management for enterprise networks, integrating capabilities to monitor fault, performance, configuration, and compliance of physical, virtual, wireless, and SDN infrastructure.

The Network Operations Management Causal Engine dynamically assesses the root causes of network faults, leveraging analytics against polled data, SNMP traps, and real-time topology data from Spiral Discovery, reducing the volume and noise of incidents up to 50%. Any time the state poller sends updated state values for an object, the causal engine reanalyzes status, conclusions, and incidents and updates this information if needed.

One of OpenText’s newly released features is the ability to view the instances of network configuration changes on nodes to assess the correlation of historical performance data with configuration changes. The solution can now also monitor cloud networks to construct topology maps that provide end-to-end network observability for multicloud elements with data overlays.

OpenText is integrating LLM-based capabilities in the Network Operations Platform through its wider product, the IT Operations Aviator, which is a secure, domain-

tuned GenAI service that augments its Observability & Service Management (OSM) products.

OpenText Network Observability provides real-time security and compliance monitoring to ensure adherence to standards, along with vulnerability policy content updated monthly to help users quickly identify vulnerability issues and secure and prevent threats to the network. If network failures or security threats are detected, automated configuration change, automated provisioning, and automated upgrade capabilities are available for administrators to use to recover or proactively manage the network infrastructure.

OpenText is positioned as a Leader and Fast Mover in the Maturity/Platform Play quadrant of the network observability Radar chart.

Strengths

OpenText scored well on a number of decision criteria, including:

• Dynamic discovery and mapping: The solution’s dynamic Spiral Discovery technology continuously gathers information about network inventory; displays the relationships between devices, such as subnets, VLANs, and virtual resource pools; and offers near-real-time updates of device connectivity maps. OpenText Network Observability shows operators how device configuration changes might be impacting network performance (which happens frequently) to enable faster MTTR for problems introduced by such changes. It can then deploy automated configuration changes to remediate the problems found.

• Validation: The solution can examine a configuration’s fitness for purpose before deployment by automatically assessing pre-change conditions to validate a change and determine whether it should proceed, deploying the configuration change, and then automatically assessing post-change conditions to determine whether an automated rollback action should be triggered. It provides real-time compliance analysis of any changes to any network device configurations detected, any network device running state diagnostics, and network OS patch levels. It also includes automated remediation features regardless of whether those changes were automatically deployed by the solution or by third-party tools.

• Troubleshooting and optimization: The Network Operations Management Causal Engine is a mature feature that can generate notifications about problems or issues, including sending conclusions, correlation, or suppression of incidents; closing incidents that are no longer valid; creating parent-child relationships among incidents that are all related to one problem; and creating parent-child relationships between any two incidents that are correlated using the custom correlation configuration.

Opportunities

OpenText has room for improvement in a couple of decision criteria, including:

• Application and Layer 7 monitoring: OpenText can improve these features by offering monitoring for Layer 7 load balancers and WAFs and providing visibility into protocols such as HTTP, HTTPS, and gRPC.

• Container network monitoring: The solution doesn’t integrate with appliances such as CNIs, API gateways, or ingress controllers, nor does it monitor traffic between microservices. This is a strategic decision made by OpenText.

Purchase Considerations

OpenText Network Observability supports multiple licensing models, including a perpetual license, subscription, and SaaS. The solution uses a unit-based approach with a Foundation 2000 Unit SKU and an Additional Unit SKU. Units serve as a common currency across use cases so customers activate only the capabilities they need. The use cases include discovery and monitoring, traffic analysis, configuration management, compliance, and cloud network observability.

Use Cases

The solution can support a wide range of use cases. For on-prem networks, the solution can monitor both underlays and overlays for data center, LAN, campus, WAN, Wi-Fi, and wireless environments. The solution has awareness of and can monitor cloud-native networking constructs such as VPCs and networking services. It can also monitor end-user experience by deploying intelligent response agent probes on client devices for real user monitoring or deliver synthetic user monitoring via QA iSPI.

Paessler: PRTG

Solution Overview

Paessler PRTG is a unified infrastructure monitoring solution that offers all-in-one monitoring for IT, OT, and IoT environments. It provides deep visibility into network devices, bandwidth, servers, applications, virtual environments, and cloud services. The solution utilizes a sensor-based architecture where individual elements (for example, CPU load, switch port traffic, and URL response time) are monitored via specific sensors. PRTG supports standard protocols, including SNMP, WMI, SSH, and Flow technologies (NetFlow, jFlow, sFlow, IPFIX).

The solution consists of PRTG Network Monitor, which is the on-prem solution for small to midsize infrastructures; PRTG Enterprise Monitor, designed for large, distributed environments and offering a specialized set of additional capabilities including Data Exporter and Grafana with predetermined high-level service views; and PRTG Hosted Monitor, the SaaS version hosted by Paessler, offering the same feature set without hardware maintenance.

Instead of natively developing analysis engines, PRTG has carved out a specialty in extensive monitoring scope and metrics. PRTG has great integrations with specialized tools for automation, insights, and more. Paessler has a very good partner ecosystem, collaborating with, for example, IP Fabric to provide validation and with ScriptRunner for automation workflows.

Paessler is positioned as a Challenger and Fast Mover in the Maturity/Feature Play quadrant of the network observability Radar report.

Strengths

Paessler scored well on a number of decision criteria, including:

• Application and Layer 7 monitoring: PRTG can monitor a range of applications and cloud services, which include cloud-based applications from AWS and Azure, and a range of SaaS solutions such as Dropbox and GitHub. It can also monitor web applications and services using HTTP loading time, response codes, web page rendering, HTTP transactions or activity, and performance stats of an Apache web server.

• Security observability: PRTG can monitor network security appliances, including firewalls, antivirus software, and other security products. It can perform automated integrity checks of files, folders, and logs to uncover file modifications or unusual log data that might otherwise be overlooked. It notifies users in case of any changes to their data that deviate from the norm, alerting them via custom notifications so they can react as quickly as possible to mitigate the potential threat.

• Visualization: The solution offers some good visualization capabilities, which include customizable maps with drag-and-drop widgets, status icons, traffic graphs, rack-view style visualizations, and traffic flows to and from cloud endpoints using Flow technologies (NetFlow and IPFIX) or Cloud Watch and Azure metrics.

Opportunities

Paessler has room for improvement in a few decision criteria, including:

• Validation: While PRTG can determine whether a change was completed successfully by monitoring the status of the service or device before and after the change, it could further develop these features by correlating performance degradations with configuration changes, enabling alerting or automatic rollbacks, implementing synthetic traffic to simulate how changes would behave in production, or offering digital twin features. It’s worth noting that PRTG integrates with specialized tools such as IPFabric to achieve these use cases.

• Traffic analysis: PRTG provides network administrators with the tools to perform traffic analysis, but the solution has limited capabilities to autonomously analyze traffic to detect, alert, or respond to changes in traffic patterns. It does not perform more complex types of analysis, such as forecasting usage or identifying link failures by correlating an increase in the number of connections on the backup link.

• Troubleshooting and optimization: PRTG provides information for network operators to perform RCA and supports script-based automation but does not identify network optimization opportunities, conduct automatic RCA, or present network administrators with potential solutions.

Purchase Considerations

PRTG’s licensing uses a per-sensor pricing model, where licenses are sold in blocks of sensors. The subscription includes all features, updates, and support. There are no paid add-ons for specific modules (like NetFlow or application monitoring); everything is included in the sensor count. Large-scale deployments use volume-based subscription licensing.

Use Cases

PRTG supports a good variety of use cases, as it is especially proficient in monitoring devices and hardware infrastructure. The solution can be used to monitor data center, LAN, and campus networks, as well as requests made to web services for organizations that use cloud-based or third-party solutions. PRTG can also monitor Wi-Fi and wireless networks.

Park Place Technologies: Entuity Software

Solution Overview

Park Place Technologies’ network observability platform, Entuity Software, is a comprehensive network performance and analytics software solution built on a distributed multiple-server architecture that acts as a single system to scale from tens to hundreds of thousands of devices, and it is highly configurable. Designed for today’s multivendor, multicloud environments, Entuity enables ITOps teams to more efficiently and effectively monitor, visualize, and manage their infrastructure. By combining its event and configuration management systems, Entuity achieves strong troubleshooting and validation capabilities. The solution also provides good traffic analysis.

The platform has strong troubleshooting capabilities provided by Entuity’s Event Management System (EMS). Automated actions can be defined based on conditions and specific workflows, configured either by network administrators or out of the box, which can process and correlate events to consolidate actionable incidents. The Entuity Event Management System can both detect anomalous situations and initiate actions to remediate them. Built-in root cause analysis techniques help isolate a device or circuit outage that is preventing access to multiple other devices.

A recent development is the remote polling agent for lightweight extensions to remote and small office/home office (SOHO) locations. This enables scalable monitoring of servers, storage, and OS environments outside of a traditional network environment without compromising insight or control.

Park Place Technologies is positioned as a Challenger and Fast Mover in the Maturity/Platform Play quadrant of the network observability Radar chart.

Strengths

Park Place Technologies scored well on a number of decision criteria, including:

• Dynamic discovery and mapping: The solution can conduct autodiscovery scans either manually or on a scheduled basis. Newly discovered devices can either be taken under management automatically or added to a list for administrator assessment. The managed devices can be spread across multiple views—hierarchical containers whose contents are not mutually exclusive. Views can be auto-populated so newly managed devices appear in the appropriate view(s) without manual intervention. Dashboards and reports will adopt the latest view updates. Topology maps are automatically populated based on view contents, and the links between devices are automatically discovered. Operating system services that underpin application services can be autodiscovered and monitored.

• Traffic analysis: The solution uses machine learning to evaluate long-term drift in monitored metrics. This capability can be used both interactively and in the form of planning reports that warn when upward drift indicates the need for intervention before service degradation occurs. Metrics such as bandwidth, CPU, memory, and storage volume use are considered in conjunction with spare port capacity in the LAN switch fabric to report on both current and projected concerns for planning. Hour-by-hour baselines can be auto-generated for circuits, and significant deviation from baseline values can generate alerts. Linear regression analysis of historic behavior can be used either interactively or in reports to provide traffic forecasting.

• Troubleshooting and optimization: The Event Management System within Entuity allows actions to be performed when defined error conditions are detected. These actions can include, but are not limited to, automated CLI-initiated actions such as shutting down a port that has been determined to have been continuously flapping for more than a determined period of time. A root cause analysis mechanism correlates patterns of outage with the known routing topology of the network to isolate and identify when a node or port is responsible for multiple observed outages.

Opportunities

Park Place Technologies has room for improvement in a few decision criteria, including:

• Validation: The solution can improve its validation capabilities by correlating performance degradations with configuration changes, enabling alerting or automatic rollbacks, and implementing synthetic traffic.

• Container network monitoring: While the vendor can monitor IP-based entities that include containers, it does not have awareness of container and microservices concepts such as CNIs, API gateways, or ingress controllers to provide low-level visibility into how containers and microservices communicate. Recently added support for Telegraf-based Streaming Telemetry allows container monitoring through additional configuration.

• Application and Layer 7 monitoring: While the vendor supports DPI-based L7 inspection via NBAR, it could improve by monitoring Layer 7 load balancers and WAFs.

Purchase Considerations

Entuity’s licensing model is based on the number of devices under management, with the exception of NetFlow, which is an enterprise license. An important aspect of the licensing for network devices is that it is based on the number of devices, not the number of ports on those devices. When a full device license is allocated to a network device, all ports are automatically included for monitoring. Entuity SurePath is an agent-based technology for monitoring the network paths taken by client-server connections. There is no licensing for the SurePath agents, only the individual paths being monitored.

Use Cases

The solution is particularly proficient in monitoring on-prem networks with low-level device information. It can be used to monitor data centers, LANs, campuses, WANs, Wi-Fi, and wireless networks. Using SurePath, the solution can also monitor the end-user experience of on-prem, cloud, and SaaS-based applications using an agent-based deployment.

Plixer: Plixer One

Solution Overview

Plixer One is a network‑performance monitoring and diagnostics (NPM/NPMD) platform that provides network visibility and analytics using flow‑based telemetry to deliver real-time and historical insight across on-prem, cloud, and hybrid environments. The solution helps operations teams identify performance bottlenecks, understand path and traffic behavior, validate changes, and plan capacity using evidence derived directly from the network.

It consists of the following: Scrutinizer, the central flow analytics engine providing performance monitoring, investigation timelines, path analysis, reporting, and capacity insights; Plixer ML Engine, the machine learning module that baselines normal network behavior and surfaces performance anomalies and deviations that impact user experience; FlowPro, the high-fidelity analytics probe for selective packet capture and enriched flow generation when deeper visibility is required; Replicator, the packet and flow replication fabric supporting large or distributed environments and feeding multiple monitoring tools; Endpoint Analytics, the optional module adding device and behavior context to network investigations; and Plixer AI Assistant, a natural-language assistant that helps create reports and navigate product workflows such as searches, dashboards, and configuration tasks.

Plixer’s network observability offering includes Plixer One Core and Plixer One Enterprise. It provides a unified network and security observability solution. Plixer One Enterprise offers carrier-grade features such as high-availability configurations and machine learning capabilities.

Plixer continuously ingests and analyzes a broad range of hybrid IT infrastructure data sources from multiple domains, including NetFlow, IPFIX, SNMP, SD-WAN, Active Directory, LDAP, RADIUS, and DHCP. This process provides comprehensive Layer 2 to Layer 7 visibility and context for RCA without the need to deploy and maintain packet processing technologies.

Plixer is positioned as a Challenger and Fast Mover in the Maturity/Platform Play quadrant of the network observability Radar chart.

Strengths

Plixer scored well on a number of decision criteria, including:

• Traffic analysis: Plixer’s differentiating feature is its traffic analysis capabilities, which provide a “clear box” that offers detection transparency and visualization of ML models. Traffic analysis can support threshold-based analytic algorithms, both supervised and unsupervised ML, and deep learning. These features are combined with user-customizable detection sensitivity thresholds, baselined seasonality, customizable modeling dimensions, encrypted traffic analytics (ETA), and threat intelligence feed integration. This array of detection techniques also allows Plixer to identify potential poisoning attacks on ML learning.

• Container network monitoring: Plixer can monitor Kubernetes pods and containers when they generate flow telemetry or when FlowPro captures traffic from the container network. This includes pod-to-pod, pod-to-service, and pod-to-external communication. The solution has awareness of container networking interfaces, service meshes, API gateways, proxies, and load balances.

• Visualization: The solution provides end-to-end visibility into the path of a flow through the extended network on a router hop-by-hop basis, as well as the ability to design a topology by arranging the flow and sending exporters and other types of network devices in a desired format. Custom background images, custom objects, and text boxes can also be added. These maps can reflect exactly how the network is laid out by including an image of the wiring closet as a background and then overlaying the flow exporting devices. Connections representing utilization between devices can be added and hierarchies can be established to allow alerts to roll up to the top map. Integration with Google Maps is also available to provide a geographical representation of the network.

Opportunities

Plixer has room for improvement in a few decision criteria, including:

• Validation: The solution can improve its validation capabilities by correlating performance degradations with configuration changes, enabling alerting or automatic rollbacks, and implementing synthetic traffic.

• Troubleshooting and optimization: While the solution highlights traffic shifts, path changes, and interface conditions to help administrators quickly identify where failures occurred and how they affected service paths, it does not currently offer self-healing capabilities or automation engines to define remediation actions.

• End-user experience monitoring: While Plixer can indicate when network conditions (latency, congestion, path changes, abnormal traffic behavior) impact user experience, it does not generate formal digital experience scores based on application transactions, offer synthetic testing for end users, or real-user monitoring.

Purchase Considerations

Plixer One Core is the foundation of the Plixer One platform, monitoring networks in data centers, clouds, branch offices, or across SD-WAN. Plixer One Enterprise is a premium package that includes AI and ML, network planning, and MITRE ATT&CK-aligned network detection and response features. Plixer One runs in data centers, public and private clouds, VMs, containers, and on appliances.

Use Cases

Plixer’s network observability solution can be used to monitor enterprise networks across data centers, LANs, campuses, and WANs, and it has awareness of and monitoring features for cloud networking constructs. However, while it can also monitor Wi-Fi and wireless networks, it does not support radio or cellular use cases.

Progress Software: WhatsUp Gold and Flowmon

Solution Overview

Progress Software’s observability solution consists of comprehensive infrastructure monitoring provided by Progress WhatsUp Gold and advanced network traffic analysis provided by Progress Flowmon. WhatsUp Gold monitors the infrastructure for visibility of network devices, while Flowmon analyzes network traffic data with deep drill-down capabilities for troubleshooting, RCA, application performance measurement, and network anomaly detection.

WhatsUp Gold and Flowmon features complement each other, and with deeper integration they can provide full-stack, end-to-end observability over network infrastructure, security appliances, and applications.

WhatsUp Gold allows administrators to monitor devices, track bandwidth usage, and improve network, server, and application performance. It gives them a complete picture of the network by monitoring and categorizing wired, wireless, and virtual environments. This enables administrators to find and fix problems before users are impacted, ensure that bandwidth is optimized for critical applications and services, and automate configuration, log, and asset management.

Progress Software is actively developing AI-based functions, such as automated suggestions for tuning the detection engine and turning average users into Flowmon-proficient experts who can maximize detection accuracy without having to involve consultants.

Progress Software is positioned as a Challenger and Fast Mover in the Maturity/Platform Play quadrant of the network observability Radar chart.

Strengths

Progress Software scored well on a number of decision criteria, including:

• Troubleshooting and optimization: WhatsUp Gold provides the ability to respond to alerts in several automated ways, including using application performance monitors to specify what actions can be taken when the application or monitored component changes state. Administrators can also quickly generate custom application profiles and modify existing profiles to meet specific monitoring needs with an intuitive profile development utility. In case of network failures or security threats, Flowmon provides automatic detection and data evidence of the threats for network admins to respond to and analyze. The solution can support automated troubleshooting via self-healing actions such as triggering a server reset and activating PowerShell scripts whenever alerts are triggered.

• Application and Layer 7 monitoring: The platform measures user experience and extracts Layer 7 flow data such as DNS, DHCP, and server message block (SMB). Flowmon monitors real user experience by decrypting and measuring web and database application transactions, correlating user-to-web and web-to-database requests, uncovering errors, and differentiating between network versus application response times, transport times, or delays. Session-level performance monitoring without decryption that includes round-trip time, server response time, jitter, delay, retransmissions, and out-of-order packets is available for any IP communication, including third-party and SaaS apps. Flowmon is deployed by another Progress Software portfolio product called LoadMaster to monitor the performance and effect of the load balancer on application experience. Flowmon also supports synthetic testing of application performance and functionality.

• Security observability: Flowmon Anomaly Detection System (ADS) is a security solution within the Flowmon suite that uses AI/ML to detect anomalies hidden in the network traffic. Its ML-powered detection engine, combining multiple detection mechanisms, identifies malicious behaviors, attacks against mission-critical applications, and data breaches at any point of the threat's lifecycle, allowing it to uncover unknown and insider threats even in encrypted traffic. It also leverages external threat intelligence feeds and community blacklists.

Opportunities

Progress Software has room for improvement in a few decision criteria, including:

• Validation: The solution can improve its validation capabilities by correlating performance degradations with configuration changes, enabling alerting or automatic rollbacks, implementing synthetic traffic to simulate how changes would behave in production, or offering digital twin features.

• Container network monitoring: While the vendor can monitor IP-based entities, which include containers, it does not have awareness of container or microservices concepts such as CNIs, API gateways, or ingress controllers to provide low-level visibility into how containers and microservices communicate.

• Traffic analysis: While Flowmon leverages multiple approaches such as historical trending and forecasting for capacity and performance planning, machine learning, adaptive baselining, heuristics, signature-based detection, and threat intelligence to expose malicious behaviors, it does not offer features such as predictive analytics or autoscaling of resources.

Purchase Considerations

Currently, Whatsup Gold and Flowmon can be deployed as virtual appliances, as cloud instances, or as hardware, and Whatsup Gold ITIM gets deployed as software on Windows Servers. WhatsUp Gold 360 is a SaaS offering that extends WhatsUp Gold with cloud‑delivered monitoring and centralized visibility.

WhatsUp Gold’s subscription model provides a cost-effective means of software access that offers a lower entry barrier and ensures consistent version and security updates. The subscription package includes continuous maintenance and dedicated customer support, assuring users that any potential issues will be swiftly addressed.

Flowmon offers a subscription similar to WhatsUp Gold. Standard and extended support tiers are comprehensive services that offer different levels of technical support for perpetual licenses.

Use Cases

Progress Software’s network observability solution is suitable for a wide range of use cases, including data center, LAN, campus, and WAN monitoring, where these on-prem networks can be both overlays and underlays. The solution can also monitor Wi-Fi and wireless corporate networks, cellular and radio networks for service providers, and virtualized cloud networking constructs such as VPCs and VNets. Lastly, the solution can monitor end-user experience using real and synthetic traffic.

Riverbed: Network Observability Suite

Solution Overview

The Riverbed Platform supports full-stack observability across infrastructure, network, cloud, applications, digital experience management, and application acceleration. It applies AI, correlation, and automation. Riverbed IQ integrates data from across observability tools and applies causal AI to identify the root cause of issues, predictive AI to forecast future problems, and agentic AI to autonomously plan and take action.

Riverbed Network Observability Suite includes full packet capture and storage, network flow monitoring, and infrastructure monitoring. The Unified Agent is a single agent platform for deploying and managing Riverbed end-user experience and endpoint-based network visibility modules.

Riverbed can be used to model current and future network configurations to plan for network changes and validate them post-deployment. It can also validate device configuration against desired policies of an organization. The solution uses AI-based analytics to correlate events across a variety of data sources to determine whether the configuration performs as intended.

The solution can analyze traffic patterns, correlate network behavior to seasonal events, and assess current performance against expected or typical levels to highlight unusual traffic loads.

Riverbed’s AI/ML engine can detect anomalies and incidents and populate them with leading indicators or probable root causes. The solution's agentic engine continuously watches for new alters, metrics, and incidents. The output from this engine either feeds a low-code automation system to codify institutional and expert knowledge in runbooks for remediation and resolution or it feeds an agentic skills library that deploys reasoning loops to iterate though more complex problems.

Riverbed is positioned as a Leader and Fast Mover in the Innovation/Platform Play quadrant of the network observability Radar chart.

Strengths

Riverbed scored well on a number of decision criteria, including:

• Dynamic discovery and mapping: Riverbed creates a topological view of autodiscovered networks that is continuously updated. Network traffic analyzers collect and examine flows from switches and routers, collecting information that helps illustrate a view of the network’s topology under observation.

• Application and Layer 7 monitoring: The solution can monitor web transactions in real time and autodiscover URLs and end-user activity. It can also monitor SQL databases to identify the impact of the database on end-to-end application performance and provide real-time and historical analysis of voice and video performance calls. For other application monitoring features, Riverbed offers a standalone APM product.

• Security observability: Riverbed offers comprehensive security observability features that provide analysis such as lateral movement tracking, suspicious behavior detection, traffic decryption and inspection, and DNS threat detection. The solution can also track compliance and integrate with security operations tools such as SIEM and SOAR.

Opportunities

Riverbed has room for improvement in a few decision criteria, including:

• Visualization: While the solution has good visualization capabilities, it could improve by offering more advanced features such as flow and traceroute visualizations of traffic across appliances and services hosted in IaaS providers, including awareness of public cloud infrastructure constructs such as VPCs and TGWs in AWS.

• Container network monitoring: Riverbed can further improve its capabilities by monitoring API requests across microservices, their payloads, and container-specific appliances such as CNIs, load balancers, service meshes, API gateways, or ingress controllers.

• Network modeling and planning: While Riverbed can mix analysis of observed devices and traffic with segments built from models, the solution does not currently offer digital twin capabilities that let users simulate how topology and configuration changes would affect in-production traffic before being deployed.

Purchase Considerations

Riverbed offers perpetual and subscription-based licenses, tiered licensing based on volume, and a variety of support options with different levels of SLAs. Pricing for the AIOps functionality is based on consumption of automation, which includes AI/ML analysis, while pricing for end-user digital experience is based on the number of endpoints monitored. Riverbed has a large professional services organization that can create custom solutions.

Use Cases

Riverbed’s solution can monitor a wide range of use cases, which include edge, data center, and cloud environments, as well as campus, LAN, and WAN deployments. The solution can also monitor SaaS applications and managed network solutions such as SASE. The company also offers a code-level APM solution and a digital experience monitoring solution that monitors the end-user experience using real and synthetic traffic.

ScienceLogic: ScienceLogic AI Platform

Solution Overview

The ScienceLogic AI Platform delivers end‐to‐end network observability and compliance, with automated RCA, remediation, and automation. It consists of Skylar One for observability, Skylar Compliance for network compliance auditing and configuration backup, Skylar Analytics and Skylar Advisor for AIOps capabilities, and Skylar Automation for IT workflow automation.

The platform ingests telemetry across hybrid and multicloud infrastructure, builds dynamic topology and service models, and applies AIOps analytics for anomaly detection and root cause analysis. Skylar One presents a single, consistent UX on top of a portfolio of tightly integrated platform services. It unifies metrics, logs, events, configurations, and topology into a single data foundation across hybrid and multicloud environments, giving teams end-to-end service context instead of siloed views. Skylar Analytics layers always-on, unsupervised anomaly detection, predictive alerting, and rich visual exploration over hundreds of observability data sources (apps, services, networks, cloud), so customers can spot risk early and make data-driven decisions.

Skylar Compliance adds multivendor configuration backup, compliance, and drift detection, and Skylar Advisor provides natural language advisories with next-step recommendations and remediations. Skylar automation allows bidirectional multivendor complex workflows.

ScienceLogic is positioned as a Challenger and Fast Mover in the Innovation/Platform Play quadrant of the network observability Radar chart.

Strengths

ScienceLogic scored well on a number of decision criteria, including:

• Dynamic discovery and mapping: Skylar One automatically discovers physical, virtual, and cloud-native infrastructure using credential‐based discovery, APIs, and scheduled scans. It detects new devices and services as they are provisioned, updates L2 and L3 topology and service maps asynchronously, and refreshes dashboards without manual intervention. Skylar distinguishes overlays versus underlays and hardware versus virtual appliances, and Skylar Compliance adds detailed inventory and configuration data across more than 100 network and security vendors.

• Traffic analysis: Skylar One and Skylar Analytics use a mix of thresholding, baselining, and always-on unsupervised machine learning to analyze traffic and performance data. Anomaly Detection continuously scans time series metrics from network and infrastructure devices to find outliers and patterns, while Predictive Alerting models utilization trends on key resources such as interfaces, CPU, and file systems to forecast oversubscription and other issues.

• LLM modularity and guardrails: Skylar AI reasons over telemetry and the stored knowledge of an organization, including documentation, historical events, internal knowledge bases, service tickets, spreadsheets, and diagrams, along with environment configurations. Advisor uses a retrieval-augmented approach: it pulls relevant metrics, events, topology, and knowledge articles into the prompt rather than relying on the base model alone. This gives it comprehension of both current state and historical patterns for each device or service.

Opportunities

ScienceLogic has room for improvement in a few decision criteria, including:

• Application and Layer 7 monitoring: While Skylar One provides application-aware monitoring by discovering applications, the solution could improve by providing more granular application-layer information and reporting, such as methods used in API calls.

• Container network monitoring: Skylar One ingests metrics and events from Kubernetes and other orchestrators but could improve by extracting and analyzing information from container networking interfaces and service meshes.

• End-user experience monitoring: Even though the tool tracks path and device metrics such as latency, jitter, loss, and errors for the links, the solution is mainly used for infrastructure and service health and does not provide real-use monitoring or synthetic testing.

Purchase Considerations

Customers can license Skylar One and Skylar Compliance capabilities independently or as a combined platform, then add Skylar Analytics, Skylar Advisor, and Skylar Automation as needed. All components share a common data model, topology, service construct, and REST API, with unified bidirectional workflows into common ITSM and automation tools like ServiceNow and Ansible.

Deployment options include on‐prem appliances, virtual images, public cloud images, SaaS, and hybrid models.

Use Cases

Key network‐centric use cases include hybrid and multicloud network performance and availability monitoring; multivendor configuration backup, compliance, and drift detection; closed‐loop network validation and remediation; application‐aware service assurance using topology and service models; multitenant operations for MSPs and large enterprises; and audit‐ready reporting for regulated industries.

SolarWinds: SolarWinds Observability

Solution Overview

SolarWinds offers two network observability options. SolarWinds Observability Self-Hosted is optimized for on-prem or self-hosted cloud deployments, while SolarWinds Observability SaaS is a cloud-native as-a-service offering. Both options are powered by the SolarWinds Platform and provide full-stack observability focused on meeting the requirements of a complete IT estate.

SolarWinds Observability Self-Hosted is designed for on-prem and hybrid networks and infrastructure and commercial cloud apps. SolarWinds Observability SaaS also covers cloud, hybrid, and on-prem networks and infrastructure and provides additional support for the needs of DevOps, application development teams, and site reliability engineers with code-level observability for in-house custom and cloud-native apps. Its AI/ML-powered Health Scores provide a holistic view that simplifies troubleshooting of complex modern applications across multiple clouds.

Both the self-hosted and SaaS-delivered solutions were developed following a “secure by design” model, working in collaboration with security experts such as the Krebs Stamos Group, CrowdStrike, and KPMG to devise a secure software development lifecycle and product architecture.

The solution integrates with solutions from Cisco, Palo Alto Networks, Fortinet, HPE Aruba, and others. Looking at Cisco ACI as an example, the solution surfaces health scores for Application Policy Infrastructure Controller (APIC) tenants, spines, and leaves. Cisco ACI information is gathered through a combination of SNMP and API calls.

SolarWinds Observability Self-Hosted can make bulk configuration changes to wired and wireless devices by designing change templates and creating standardized configurations, and it can compare configuration changes to adjust and push configurations to remediate issues. It can also help validate SD-WAN deployments by displaying the control plane and data plane deployments in a single map.

SolarWinds is positioned as a Leader and Fast Mover in the Innovation/Platform Play quadrant of the network observability Radar chart.

Strengths

SolarWinds scored well on a number of decision criteria, including:

• Dynamic discovery and mapping: The solution can automatically discover and map both physical and virtual topologies across different types of infrastructures and services, including cloud environments. The topology maps also include a “time travel” feature, giving users the option to enable historical tracking of the map to determine what occurred prior to an event or to detect related patterns and behaviors.

• Application and Layer 7 monitoring: SolarWinds Observability provides a visualization of the application stack elements supporting it, including transactions, databases, physical and virtual hosts, network-attached storage (NAS) volumes, and APIs. SolarWinds Observability SaaS provides a dashboard of distributed services representing an application built on a microservices-based architecture. The platform also provides application dependency mapping, which polls dependencies and creates maps to monitor incoming network connections for a managed server or application.

• Container and microservices monitoring: The solution allows users to track details about their container infrastructure, including hosts, host clusters, environment dependencies, and deployments. It also enables the review of metrics for containers, hosts, and other infrastructure elements to plan capacity, analyze container activity in the AppStack Environment, and organize containers on SolarWinds Observability Intelligent Maps. SolarWinds can monitor container networking interfaces, ingress controllers, API gateways, Kubernetes services, and clusters. The solution can also monitor distributed applications built using microservices and API requests made to web services.

Opportunities

SolarWinds has room for improvement in a few decision criteria, including:

• Validation: The solution can improve its validation capabilities by correlating performance degradations with configuration changes, enabling alerting or automatic rollbacks, implementing synthetic traffic to simulate how changes would behave in production, or offering digital twin features.

• LLM modularity and guardrails: While SolarWinds has had extensive LLM-related developments since the last iteration of the report, it could improve these features by implementing capabilities such as prompt management and versioning, parallel execution of agents, and self-hosted LLM options.

• Security observability: While SolarWinds has strong security observability features, including a newly released Vulnerability and Risk Dashboard for automatically flagging devices with known common vulnerabilities, it does not currently offer security-related automated response capabilities.

Purchase Considerations

The self-hosted observability option is licensed by the number of nodes, while the SaaS observability option offers customizable licenses based on a combination of applications, such as APM, DEM networking, logs, infrastructure, and database applications, each measured in its relevant units.

Both versions of the product are sold via monthly or annual subscription licenses. The license model is fixed rather than consumption-based, meaning that customers can easily predict costs based on their subscription tier.

Use Cases

SolarWinds’ solutions offer a comprehensive feature set that can deliver on use cases including data center, LAN, campus, and WAN deployments and can distinguish between underlays and overlays. The solutions can also monitor public cloud networking constructs such as VPCs and VNets, and they are among the few solutions in this report with comprehensive container monitoring capabilities. They can also monitor end-user performance using both synthetic and real-user traffic and can monitor wireless and Wi-Fi networks but not cellular or radio networks.

Sycope: Sycope Network Observability Platform

Solution Overview

The Sycope Network Observability Platform consists of multiple modules, which include Visibility, Performance, Security, and Asset Discovery.

The Visibility module serves as the foundation of the Sycope platform, providing complete insight into all network activity at Layers 3 and 4. The module ingests flow data from multiple sources and performs sophisticated analysis, including data deduplication, DNS traffic analysis, and contextual search capabilities.

The Performance module extends visibility from Layers 3 to 4 to Layer 7, providing deep insight into application behavior and network performance metrics. Key capabilities include TCP analytics (round-trip time, retransmissions, connection establishment timing), application response time measurement, and QoS queue congestion identification.

The Security module transforms Sycope from a visibility platform into a comprehensive NDR solution. Built on the MITRE ATT&CK framework, the module provides systematic coverage of network-related attack tactics and techniques. Detection capabilities include volumetric and protocol-based DDoS attacks, command-and-control communication patterns, lateral movement between network segments, data exfiltration indicators, and ransomware behavioral signatures.

Lastly, the Asset Discovery module provides real-time, NetFlow-based inventory of all network assets without requiring agents or active scanning. The module automatically discovers devices, hosts, and applications communicating on the network and builds a continuously updated asset inventory. Dependency mapping visualizes relationships between assets, showing which systems communicate with each other and identifying critical dependencies.

Sycope is positioned as a Challenger and Fast Mover in the Maturity/Feature Play quadrant of the network observability Radar chart.

Strengths

Sycope scored well on a number of decision criteria, including:

• Visualization: The solution’s visualization capabilities include features such as viewing data center network topologies such as leaf-spine or three-tier models and a topology map of all guest and host machines in virtualized or containerized environments. The tool can create dynamic and static graphs, graphs on backgrounds with fixed positions, and graphs on maps with positions based on coordinates.

• Troubleshooting and optimization: Sycope offers capabilities such as configurable threshold-based alerts, multi-condition rules, and dynamic baseline alerts that trigger when traffic deviates from learned normal patterns. Alerts can be correlated with asset information, geolocation data, and business context through lookups. The solution offers more than 90 preconfigured security detection rules aligned with the MITRE ATT&CK framework that users can enable and tweak according to their needs.

• Security observability: The solution offers visibility into actual traffic patterns versus intended segmentation policy, detection of unauthorized cross-segment communication, mapping of communication relationships that reveal de facto segmentation, and identification of assets that communicate outside their expected segment. It also provides automatic detection of policy violations, dependency mapping that shows which assets communicate across segment boundaries, and visualization of traffic flows between subnets, VLANs, and network zones.

Opportunities

Sycope has room for improvement in a few decision criteria, including:

• Dynamic discovery and mapping: The solution discovers assets using passive monitoring and requires integrations with other sources such as a configuration management database (CMDB) to discover entities that do not have traffic flowing through them. It can also be improved by asynchronously updating airports and dashboards as new devices are discovered.

• Traffic analysis: While Sycope provides dynamic baseline calculation and trend analysis that can identify patterns and anomalies deviating from normal behavior, it does not offer features such as predictive analytics or autoscaling of resources.

• Container network monitoring: While Sycope monitors container and microservice network traffic through standard flow protocols (including NetFlow, IPFIX, and sFlow), it does not integrate directly with CNI APIs or configurations to understand CNI-specific features or policies. It does not offer integrations with other appliances, such as ingress controllers or API gateways.

Purchase Considerations

Sycope is sold through a network of authorized channel partners and distributors. The commercial model is designed using volume-based licensing. The core pricing metric is flows per second (FPS) processed by the system. There are no per-seat or per-user fees, and customers get unlimited user accounts and unlimited dashboards regardless of the license size. Sycope offers both CapEx (perpetual license with annual maintenance) and OpEx (annual subscription) options to align with customer budget preferences.

Use Cases

The solution can fulfill use cases such as network traffic visibility and analysis, network observability and unified visibility, network performance monitoring and troubleshooting, security threat detection and response (NDR), network segmentation validation and compliance, asset discovery and dependency mapping, APM, WAN and multisite network optimization, and DDoS detection and mitigation.

Network observability is not revolutionary, but the technology is constantly moving forward. Features such as providing real-time data, discovering and mapping assets, and offering visibility across most types of network infrastructure are becoming the norm in this space. We expect this evolution to continue, with capabilities such as automation becoming the standard rather than a differentiating selling point. How such automation is achieved is another story because it can be static and defined by humans or contextual and actioned by AI.

ML and AI are the critical elements that will dictate whether vendors remain competitive in the market. We can categorize vendors into three groups depending on how they will implement AI and ML:

1. AI-centric: Vendors will develop AI/ML capabilities in-house or work with AI specialists to embed these features within the platform.

1. AI-compatible: Vendors will integrate their solutions with third-party AI tools, bearing the risk that these tools will not be purpose-built for network observability.

1. AI-reluctant: Vendors won’t leverage AI and ML but will continue to develop features around workflow automation.

The most consistent capability across all vendors is visualization. This makes sense as visualization has been a focus of traditional network performance monitoring, with all developments in this area carrying forward into network observability.

Interestingly, most vendors have gone beyond Layers 2 through 4 monitoring to provide Layer 7 and application observability as well. This illustrates a market-wide shift in priorities, by which network teams are no longer siloed but actively involved in supporting business applications. Business leaders acknowledge that application performance is heavily dependent on network performance, and observability tools provide the required insights to support applications via the network.

The widest variance in vendors’ capabilities occurs around validation and dynamic discovery and mapping. Validation is the result of multiple features such as configuration management, network performance, and automation. If a vendor offers all these capabilities independently, they will not be able to perform validation. However, if they can correlate performance changes to configuration while also being able to assess configurations created through automated deployment features, the vendor will be a leading contender for the validation use case.

Dynamic discovery and mapping has a low barrier to entry. With asset discovery as a table stake for observability, a vendor can achieve minimum dynamic discovery and mapping by scheduling discovery scans. The difference becomes apparent with more advanced features, such as discovering SaaS applications and other services, which is not something most vendors support.

SaaS deployments are not yet the industry standard, but this is one aspect recognized as a deal breaker for a growing number of network operators. It is thus unsurprising that most vendors are accelerating SaaS deployment models in their development pipelines.

While network observability is mainly a platform-based solution (that is, the more features supported, the better the offering), a vendor’s capabilities need to go only as far as organizational requirements and future needs dictate. For example, if an organization already owns a security observability solution, employing a network observability solution with security capabilities may not add any value. This is why modular solutions can be beneficial, allowing for the ability to pick and choose the features needed. Likewise, if an organization needs to deploy the observability solution as a physical appliance on-prem, whether the solution offers a SaaS deployment model is irrelevant. When assessing vendors, we recommend drafting a high-level view of requirements to help narrow down network observability vendor selection to a manageable number of prospects.

To learn about related topics in this space, check out the following GigaOm Radar reports:

• GigaOm Radar for Cloud Networking

• GigaOm Radar for Data Center Switching

• GigaOm Radar for Network Validation

*Vendors marked with an asterisk did not participate in our research process for the Radar report, and their capsules and scoring were compiled via desk research.

For more information about our research process for Radar reports, please visit our Methodology.

Andrew Green is an enterprise IT writer and practitioner with an engineering and product management background at a tier 1 telco. He is the co-founder of Precism.co, where he produces technical content for enterprise IT and has worked with numerous reputable brands in the technology space. Andrew enjoys analyzing and synthesizing information to make sense of today's technology landscape, and his research covers networking and security.

GigaOm provides technical, operational, and business advice for IT’s strategic digital enterprise and business initiatives. Enterprise business leaders, CIOs, and technology organizations partner with GigaOm for practical, actionable, strategic, and visionary advice for modernizing and transforming their business. GigaOm’s advice empowers enterprises to successfully compete in an increasingly complicated business atmosphere that requires a solid understanding of constantly changing customer demands.

GigaOm works directly with enterprises both inside and outside of the IT organization to apply proven research and methodologies designed to avoid pitfalls and roadblocks while balancing risk and innovation. Research methodologies include but are not limited to adoption and benchmarking surveys, use cases, interviews, ROI/TCO, market landscapes, strategic trends, and technical benchmarks. Our analysts possess 20+ years of experience advising a spectrum of clients from early adopters to mainstream enterprises.

GigaOm’s perspective is that of the unbiased enterprise practitioner. Through this perspective, GigaOm connects with engaged and loyal subscribers on a deep and meaningful level.

© Knowingly, Inc. 2026 "GigaOm Radar for Network Observability" is a trademark of Knowingly, Inc. For permission to reproduce this report, please contact sales@gigaom.com.