Skip to content

SD-WAN & SASE Observability: Closing the Visibility Gap

Why native dashboards fail to see underlay issues like brownouts and packet loss—and how to gain the end-to-end visibility needed to fix them.

Create a clean modern digital illustration representing enterprise SDWAN architecture The scene should convey intelligent connectivity across branch offices cloud platforms and data centers Show abstracted network lines glowing nodes and seamless dat-1

Software-Defined WAN (SD-WAN) and Secure Access Service Edge (SASE) have revolutionized enterprise networking, offering incredible agility and cost savings. But this evolution introduced a critical paradox: the very abstraction that makes these technologies powerful also creates their biggest operational blind spot.

By design, SD-WAN and SASE solutions create a virtual overlay that simplifies management. However, this focus on the overlay means they are often blind to performance issues happening in the underlay—the messy, unpredictable public internet that your business-critical traffic relies on. This leaves IT teams struggling to identify the root cause of slowdowns, resulting in frustrating troubleshooting cycles and unresolved user complaints.

The Native Tool Blind Spot

Every SASE and SD-WAN vendor provides a dashboard, VeloCloud Orchestrator, Cato Management Application, Prisma SASE,  which offer a great view of the overlay. They show you if your tunnels are up and policies are working.

The problem? When a user complains that Microsoft 365 is unusably slow, that dashboard often shows all green lights. The tool is telling you the overlay is fine, but the user's experience is poor.

This is because the real issue, like a congested ISP peering point or BGP route flapping, is completely invisible to the native platform. This lack of correlated data leads to:

A "troubleshooting guessing game" that wastes valuable time.
Increased Mean Time to Resolution (MTTR) for critical incidents.
Unproductive finger-pointing between network teams, security teams, and service providers.

This problem is magnified in multi-vendor environments where performance data is locked in disconnected silos, making a unified view impossible.

Why Your "Fast" Internet Feels Slow: Underlay Issues Explained

The primary challenge in modern networking has shifted from complete outages ("blackouts") to intermittent performance degradation ("brownouts"). Your SD-WAN is great at handling a total link failure, but it struggles when a link is technically "up" but performing poorly. These brownouts are the source of most user complaints and are typically caused by two things:

Last-Mile Mayhem: A staggering 75-80% of SD-WAN performance issues originate in the "last mile"—the link between your site and the ISP. This segment is prone to packet loss, latency, and jitter. A more hidden issue is bufferbloat, where your router's oversized queue causes massive latency spikes during traffic bursts, making video calls choppy even on a high-speed connection.

Unstable Internet Core: The internet is a network of networks stitched together by the Border Gateway Protocol (BGP). When BGP has problems, your traffic gets lost or takes a scenic, high-latency route to its destination. This can be due to misconfigurations (route leaks) or commercial disputes between providers (de-peering), causing sudden and dramatic performance hits.
Without visibility into these underlay issues, you can't fix what you can't see.

How Leading SASE Platforms Measure Up

While single-vendor SASE is a growing trend, the reality is that no single platform can see the entire picture, especially across third-party ISP and cloud networks. This reinforces the need for an independent, vendor-agnostic observability solution. Here’s a look at the native capabilities of industry leaders.

Platform Comparison

Feature Cato Networks (Cato SASE Cloud) Palo Alto Networks (Prisma SASE w/ ADEM) Arista (VeloCloud SD-WAN)
Overlay Monitoring Excellent Excellent Excellent
Underlying Link Quality Good (Monitors links to Cato PoP) Excellent (Endpoint to App visibility) Good (DMPO measures link quality)
Hop-by-hop Underlay Path Limited (Mainly within Cato backbone) Good (Segment-wise visibility) Gap (Lacks visibility into ISP paths)
Synthetic Testing Limited Good (with ADEM)  Limited
BGP Route Monitoring Gap Gap Gap
Automated Root Cause Good (within CATO ecosystem) Good (within ADEMs scope) Gap (Limited to overlay)

The Bottom Line: Even the most advanced native tools, like Palo Alto's ADEM, have gaps. They are designed to monitor their own ecosystem and lack the global, hop-by-hop visibility into third-party internet paths needed to solve every problem.

Aegis PM: From Data Overload to Actionable Intelligence

Closing the visibility gap requires a purpose-built, vendor-agnostic solution. Intelligent Visibility's Aegis Performance Monitoring (PM) is our expert-led, co-managed service designed to provide the single source of truth for your entire network and security stack.
Aegis PM isn't just a tool; it's an observability service built on a best-in-class AIOps platform and enhanced with our proprietary development.

We deliver:

Unified Hybrid Monitoring: We correlate data from your SD-WAN overlay, ISP underlays, multi-cloud environments, and applications into a single, actionable view.
Automated Root Cause Analysis: Our AIOps engine cuts through alert noise to pinpoint the exact source of an issue—whether it's on your LAN, with an ISP, or in the cloud—slashing MTTR.
Proactive Optimization: By analyzing trends, we help you detect and fix "brownouts" before users notice and provide the data needed to fine-tune SD-WAN policies for optimal performance.
Objective Proof: We provide the empirical, hop-by-hop data needed to hold ISPs and vendors accountable and end the finger-pointing for good.
Our Co-Managed Model: Expertise Without Losing Control. We augment your team, we don't replace it. Our partnership model is designed to give you the best of both worlds: expert platform management and proactive analysis, while you retain full visibility and strategic control.

What We Do:

Manage the entire lifecycle of the observability platform.
Provide 24/7 proactive monitoring and expert-led analysis.
Reduce alert fatigue and create custom, role-based dashboards.

For customers looking for more comprehensive co-managed services for their SASE/SDWAN environment, Aegis PM serves as the foundation for additional services, including:

Aegis IR (Incident Response): Circuit and device incident response, cradle-to-grave management of circuit remediation, and case management for circuit, hardware, and configuration failures.

Aegis CM (Configuration Management): Offload moves/adds/changes for your modern WAN environment. IVI's managed services team manages site moves, site additions, and site shutdowns as well as changes to global configurations on your behalf.

Aegis LM (Lifecycle Management): Our team takes on the responsibility for keeping the underlying OS and firmware patched and up to date, taking on a necessary task that is typically constrained by resource availability for most customers.

What You Do:

Retain complete access and control over all your data and dashboards.
Collaborate with our experts on strategy and policy.
Focus your team on high-value initiatives that drive the business forward.

This collaborative model empowers your team with unparalleled data and expertise, transforming your IT operations from reactive firefighting to proactive optimization.