Defining Network Observability And Assessing The Market Leaders

By Will Townsend, Patrick Moorhead - July 13, 2023

Network observability is a category of networking infrastructure tools that leverage diverse data sources to give perspective into a network’s underlying functions. Enterprise IT operators use observability products to get quick, automated insights and recommendations so they can remediate issues and improve performance. This helps eliminate the “alert fatigue” that beleaguers so many IT operations teams; in parallel, it helps those teams deliver exceptional user experiences.

This approach contrasts starkly with traditional network monitoring tools that focus only on collecting and displaying data. The deeper, more granular architectural design of network observability solutions set them apart and makes them a compelling option for enterprise IT organizations.

The pool of network infrastructure providers vying for market share in observability tools is sizeable. In my analysis of them, three companies have risen to the top: Cisco, Gigamon and Splunk. I want to dive deeper into each one and provide my insights on them.

Cisco AppDynamics + ThousandEyes promise full-stack observability

Cisco AppDynamics is an application performance management (APM) and IT operations analytics (ITOA) platform. It performs several tasks, including identifying application issues, optimizing infrastructure performance, detecting security vulnerabilities and monitoring digital experience. Meanwhile, Cisco ThousandEyes can determine what is impacting user experiences across the internet and multiple domains. It offers a real-time view through a global dashboard, with active and passive monitoring techniques and real-time internet outage detection under the hood.

While on the surface the solutions may seem to overlap, from my perspective they make a complementary pairing that covers everything from the application level to macro-scale network issue visibility. That is compelling functionality given the nature of modern hybrid work, in which the internet serves as the wide area network for many organizations. Cisco’s acquisition of AppDynamics and ThousandEyes facilitates a powerful set of capabilities, which the company calls “full-stack observability.” The adage that “The whole is greater than the sum of the parts” applies here.

Cisco is also quickly integrating observability features across its infrastructure portfolio to create new value for its enterprise customer base. These features include cost insights tied to SaaS application usage, security insights with risk scoring, container utilization, enhanced operational efficiency leveraging AI and extended functionality with the recent creation of a partner ecosystem. Just this week, Cisco also announced the acquisition of SamKnows, a London-based private company focused on network monitoring that utilizes deeply embedded device agents. I believe that this will further expand the depth and breadth of Cisco’s network observability capability once the planned integration of SamKnows into ThousandEyes is complete.

Forbes Daily: Get our best stories, exclusive reporting and essential analysis of the day’s news in your inbox every weekday.

Gigamon and its deep observability

Gigamon has quietly built compelling capabilities focusing on what it positions as “deep observability.” Proof lies in customer adoption, and the company now counts NASA, the Department of Defense, Intuit and Johns Hopkins and Clemson Universities as customers, among many others. Its deep observability pipeline aims to deliver network-derived intelligence to existing cloud, security and observability tools.

What I like about its architectural approach is that it does not rely exclusively on the logging of metrics, events, logs and traces (MELT). Instead, it offers real-time network intelligence from packets, flows and application metadata. Gigamon also provides visibility into encrypted network traffic in the cloud, a powerful capability that has the potential to mitigate security blind spots in hybrid cloud environments and across mobile network operator infrastructure, including LTE and 5G public networks. Based on my recent discussions with Gigamon’s senior leadership, I expect the company to further refine its capabilities to make them even more compelling.

Gigamon also works with an expansive ecosystem of partners, including Dynatrace. To expand its reach further through partnerships, Gigamon recently divested itself of its network detection and response (NDR) capabilities in the sale of ThreatInsight to Fortinet in February. The sale was a smart move and should extend its market reach with a host of NDR solution providers.

Splunk aims to bolster enterprise resilience

Splunk’s unified observability and security platform delivers the capabilities to maintain the hardened security and resiliency of an organization’s modern digital infrastructure. Like Cisco and Gigamon, Splunk leverages features such as deep visibility, threat detection and issue resolution. Its engine incorporates streaming commands, machine learning, scalable indexing, search and visualization, collaboration and orchestration to create and deliver a data-centric architecture to its customers. As a result, the company claims it can reduce network-related alert volume by 80%, improve alert fidelity twofold and provide a sub-two-minute mean time to acknowledgment.

What I like about Splunk is that it provides a degree of personalization, making it easy to build applications thanks to direct access to a wide range of resources through its developer portal. The company also boasts more than 2,200 partners, 13,000 active community members and 1,800 experts that can assist customers in architecting, deploying and scaling IT infrastructure with network observability capabilities. In March, Splunk announced several enhancements to its Mission Control and Observability Cloud as well as the general availability of its Edge Processor, which should go far to extend its functionality.

Wrapping up

The benefits of network observability are undeniable, and Cisco, Gigamon and Splunk are leading the pack today. My objective is not to call a winner in this field, but rather to highlight what each of these companies is doing well. Given the distributed nature of work and connectivity infrastructure, observability will remain an essential capability for enterprises of all sizes so they can ensure the highest levels of security, application responsiveness and infrastructure resiliency.

Will Townsend
+ posts

Will Townsend manages the networking and security practices for Moor Insights & Strategy focused on carrier infrastructure providers, carrier services, enterprise networking and security. He brings over 30 years of technology industry experience in a variety of product, marketing, channel, business development and sales roles to his advisory position.

Patrick Moorhead
+ posts

Patrick founded the firm based on his real-world world technology experiences with the understanding of what he wasn’t getting from analysts and consultants. Ten years later, Patrick is ranked #1 among technology industry analysts in terms of “power” (ARInsights)  in “press citations” (Apollo Research). Moorhead is a contributor at Forbes and frequently appears on CNBC. He is a broad-based analyst covering a wide variety of topics including the cloud, enterprise SaaS, collaboration, client computing, and semiconductors. He has 30 years of experience including 15 years of executive experience at high tech companies (NCR, AT&T, Compaq, now HP, and AMD) leading strategy, product management, product marketing, and corporate marketing, including three industry board appointments.