Application security player F5 announced its acquisition of real-time network observability company MantisNet for an undisclosed amount. The acquisition promises to enhance F5’s Application Delivery and Security Platform (ADSP) with eBPF-powered observability capabilities, specifically targeting the monitoring of encrypted traffic in containerized infrastructures.

MantisNet’s Containerized Visibility Fabric technology brings kernel-level telemetry without performance overhead, addressing a critical gap where traditional monitoring tools struggle with ephemeral, encrypted container traffic.

Who is Mantisnet?

Founded in 2012, MantisNet delivers cloud-native network observability software that focuses on extracting real-time network intelligence from complex, dynamic environments. The company specializes in providing visibility into containerized and ephemeral network traffic, particularly encrypted flows that traditional monitoring solutions struggle to track effectively.

MantisNet’s core offering centers on its Containerized Visibility Fabric (CVF), an eBPF-powered solution that operates within cloud-native infrastructures without requiring sidecars or heavy agents.

The technology captures and streams network metadata, including encrypted session details, flow identifiers, topology inventory, and protocol-specific insights, in real-time.

CVF agents deploy as lightweight microservices within secure kernel space, operating in an event-driven fashion to collect, filter, and serialize data into streaming metadata through high-performance messaging systems such as Kafka or NATS.

Strategic Rationale and F5 Integration

F5’s acquisition of MantisNet addresses a fundamental challenge in modern network architecture: maintaining visibility as organizations migrate to cloud-native technologies, such as Kubernetes. Traditional monitoring tools cannot effectively track transient, encrypted traffic within containerized environments, creating significant operational blind spots.

F5’s integration strategy focuses on embedding MantisNet capabilities into F5’s ADSP platform and cloud-native network functions, including BIG-IP Next for Kubernetes, BIG-IP DNS, BIG-IP Advanced Firewall Manager (AFM), BIG-IP Policy Enforcement Manager (PEM), and BIG-IP Carrier-Grade Network Address Translation (CGNAT).

F5 positions this as enabling “unparalleled observability across user, control, and application planes” for industries ranging from telecom and 5G to enterprise and government sectors.

The acquisition also aligns with F5’s broader platform consolidation strategy, building on recent moves, including the announcement of post-quantum cryptography readiness solutions in June 2024.

By integrating real-time observability with policy enforcement and analytics, F5 aims to create an automated pipeline from network insights to security actions.

Impact to IT Organizations

F5 claims the integrated solution will enable practitioners to gain visibility into TLS 1.3 encrypted sessions through metadata and pre-encryption context capture. The vendor states that real-time insights can feed directly into BIG-IP PEM or BIG-IP AFM for immediate policy enforcement actions.

Additionally, the solution promises programmatic packet capture and historical flow retention capabilities to support compliance requirements, while providing visibility into east-west container traffic that traditional tools typically miss.

Despite F5’s claims of “minimal performance overhead,” organizations must evaluate the actual resource impact of kernel-level eBPF operations in production environments. The complexity of integrating real-time telemetry streams with existing security and monitoring workflows requires careful planning and potentially significant staff training.

Organizations will need to assess whether the benefits of enhanced visibility justify the operational complexity of managing another telemetry layer, particularly in environments already utilizing multiple monitoring solutions.

Analysis

Acquiring MantisNet is a strategic response to legitimate market needs for cloud-native observability, particularly in the context of encrypted traffic monitoring.

The acquisition of MantisNet provides F5 with the tools necessary to address a genuine market gap in cloud-native observability, particularly for monitoring encrypted traffic. The combination of eBPF-powered telemetry with F5’s established security and policy enforcement capabilities creates a potentially differentiated offering in the network security market.

For the broader market, this acquisition signals continued consolidation in the network security space and validates the importance of addressing cloud-native observability challenges.

F5’s move to combine real-time visibility with automated policy enforcement creates a compelling value proposition that will help accelerate enterprise adoption of cloud-native architectures by reducing associated operational risks and complexity.

Competitive Outlook & Advice to IT Buyers

The network observability market is dominated by strong competitors, including Kentik, ThousandEyes, and emerging eBPF-focused vendors. Cloud providers continue to expand their native observability capabilities, potentially reducing the demand for third-party solutions.

The complexity of integrating acquired technology while maintaining performance and reliability presents execution risks that could impact customer adoption.

This section is only available to NAND Research clients and IT Advisory Members. Please reach out to [email protected] to learn more.