Compete

ITOps & Observability
Battle Cards

PAN + Chronosphere (acquired Jan 2026, Gartner MQ Leader) versus Datadog, Splunk Observability, Dynatrace, New Relic, and Elastic. Cloud-native observability meets security for the AI era.

Post-Acquisition Integration Advantage (Jan 29, 2026)

The Chronosphere acquisition makes Observability the 5th pillar of the PAN platform — no competitor can match native integration of cloud-native observability with security across network, cloud, SOC, and identity.

Chronosphere + AgentiX Planned integration enables AI agents to autonomously find and fix security and IT issues. Observability data flows directly into AgentiX for autonomous remediation — not just alerting.
Chronosphere + XSIAM Telemetry signals feed into XSIAM for correlated security incidents. ITOps and SecOps see the same data, eliminating silos between performance and security investigations.
Telemetry Pipeline Standalone ingestion layer reduces data volumes 30%+, requires 20× less infrastructure than legacy approaches. Sits in front of any existing tool — immediate cost savings without ripping and replacing.
Observability as the 5th Pillar Nikesh Arora: "Great security starts with deep visibility into all your data." Chronosphere extends PAN's platform across Network, Cloud, SOC, Identity, and now Observability.

Feature Comparison

Observability Platform Matrix

PAN + Chronosphere across metrics, logs, traces, cost control, and security integration vs. the field.

Capability PAN + Chronosphere Datadog Splunk Obs Dynatrace New Relic Elastic
Metrics Leader Leader Strong Strong Moderate Moderate
Logs Growing Leader Leader Strong Strong Leader
Traces Strong Leader Moderate Leader Strong Moderate
Cost Control Leader Weak Weak Moderate Moderate Moderate
Security Integration Leader Growing Strong (SIEM) Basic Basic Growing
AI/ML AgentiX Watchdog SPL AI Davis AI NR AI Basic
OpenTelemetry Native Partial Partial Partial Partial Native
Cloud-Native Scale Leader Strong Moderate Strong Moderate Moderate

Battle Cards

Competitor Deep Dives

Datadog

The market mindshare leader in modern observability. Strongest integration ecosystem, best-in-class APM and distributed tracing, polished UX. However, notorious for billing explosions at scale, proprietary formats create lock-in, and security capabilities are a monitoring overlay — not a real SecOps platform.

APM Infrastructure Logs RUM Security

Where PAN Wins

  • Unified security + observability: One platform for both disciplines — no separate SIEM needed. Datadog Cloud SIEM is a monitoring overlay, not a full SecOps platform.
  • Control Plane eliminates surprise billing: Chronosphere charges only for useful retained data. Datadog bills explode with cardinality at scale — a known pain point at every enterprise account.
  • AgentiX auto-remediation: AgentiX agents act autonomously to fix issues. Datadog Watchdog alerts and detects — but doesn't remediate. That's the next level.
  • Telemetry Pipeline cost savings: Reduces data volumes 30%+ before storage. Customers can keep Datadog for APM while Telemetry Pipeline immediately cuts costs.

Where They're Strong

  • Broadest integration ecosystem: 600+ integrations, most polished dashboards and UX, deeply embedded in DevOps toolchains.
  • APM and distributed tracing: Strong end-to-end tracing and developer-facing observability experience. Market leader mindshare in DevOps teams.

Landmines

  • Ask about total cost at scale — Datadog bills explode with cardinality. Finance teams are often shocked when they see the bill after a growth spike.
  • Proprietary format lock-in — No easy migration path off Datadog. No OTel-native architecture. When they want to leave, they're stuck.
  • No native SIEM/SOAR capability — Security is bolted on. No endpoint, no network security, no automated response beyond alerting.

Traps & Counter-Traps

  • "Datadog does security too" — Counter: Datadog Cloud SIEM is a monitoring overlay, not a full SecOps platform. No endpoint, no network security, no SOAR, no automated response. It detects; it doesn't stop anything.

Key Objections

We already use Datadog.

Response: Keep Datadog for APM if you want — that's fine. Chronosphere's Telemetry Pipeline can sit in front to control costs starting day one. The real play is observability + security convergence. Datadog can't do SecOps. That's where the platform conversation begins.

Splunk Observability (Cisco)

Massive SIEM installed base, strong log analytics heritage, now owned by Cisco. The combination of Splunk O11y, AppDynamics, and IT Service Intelligence creates a broad portfolio — but legacy architecture, complex pricing, and Cisco acquisition confusion are significant weaknesses.

Splunk O11y AppDynamics IT Service Intelligence

Where PAN Wins

  • Cloud-native from the ground up: Chronosphere was purpose-built for cloud-native environments by ex-Uber engineers. Splunk is legacy architecture retrofitted for cloud — it shows at scale.
  • No cardinality explosions: Chronosphere handles hundreds of millions of datapoints/second without the cardinality explosions that plague Splunk at Kubernetes scale.
  • No Splunk tax: Chronosphere charges on retained useful data, not raw ingestion. Splunk's ingestion-based pricing is punishing at scale.
  • AgentiX autonomous remediation: AgentiX acts. Splunk playbooks require manual orchestration. That's the difference between autonomous SecOps and manual SOAR.

Where They're Strong

  • Massive SIEM installed base: Deep enterprise penetration especially in regulated industries. Switching costs are real and buyers know it.
  • Log analytics heritage: SPL (Search Processing Language) expertise is embedded in security and ops teams. Cisco network telemetry integration is a genuine differentiator.

Landmines

  • Ask about cloud-native Kubernetes observability — Splunk struggles at the cardinality and scale that modern microservices environments demand.
  • Total cost of ownership — Splunk Enterprise + Observability + SOAR stacks are massive. Finance teams feel this every renewal cycle.
  • Cisco acquisition confusion — AppDynamics roadmap unclear, Cisco and Splunk portfolios overlapping. Integration story is messy.

Traps & Counter-Traps

  • "Splunk is our SIEM so observability makes sense" — Counter: XSIAM replaces Splunk SIEM at a fraction of the cost. Why keep paying the Splunk tax when PAN gives you better SIEM AND better observability? That's the full platform displacement play.

Key Objections

We're a Splunk shop — everything is built around it.

Response: Many of our XSIAM customers are former Splunk shops. The migration path is proven: XSIAM for SecOps, Chronosphere for observability, one platform, one vendor relationship. The Splunk tax gets eliminated, not just reduced.

Dynatrace

Genuinely impressive Davis AI for causal analysis and auto-discovery. Strong enterprise APM, full-stack monitoring, and Kubernetes support. However, autonomous action is absent — Dynatrace alerts and analyzes while AgentiX acts. Security is a narrow bolt-on with no SIEM, SOAR, network, or endpoint coverage.

OneAgent Davis AI Application Security Log Management

Where PAN Wins

  • Autonomous action vs. analysis only: AgentiX agents take action — remediate, contain, respond. Dynatrace's Davis AI finds and explains the problem. Only PAN actually fixes it autonomously.
  • Cost-efficient at extreme cardinality: Chronosphere's M3-based backend handles massive time-series cardinality more cost-efficiently than Dynatrace's per-host model at scale.
  • Native security platform: PAN security is not a bolt-on — it's the core product. Full stack: endpoint, network, cloud, SIEM, SOAR, identity, and now observability.
  • Breadth of coverage: Network + cloud + endpoint + identity + observability in one platform. Dynatrace is observability with a narrow security add-on.

Where They're Strong

  • Davis AI causal analysis: Genuinely impressive deterministic root cause analysis. Auto-discovery and topology mapping are best-in-class for complex environments.
  • Enterprise APM and full-stack monitoring: Strong Kubernetes and microservices support. Trusted by large enterprises for application performance management.

Landmines

  • Dynatrace Application Security is limited — Narrow RASP-like runtime coverage compared to Cortex Cloud + AIRS. No endpoint, no network, no SIEM, no SOAR, no identity protection.
  • High per-host pricing model — Costs escalate quickly in dynamic cloud environments with ephemeral workloads. Chronosphere's retained-data pricing scales more predictably.

Traps & Counter-Traps

  • "Dynatrace does security" — Counter: Dynatrace runtime app security is narrow — RASP-like coverage of running applications. No endpoint, no network, no SIEM, no SOAR, no identity. PAN covers the full security stack plus observability. Dynatrace covers one narrow slice of application security.

Key Objections

Davis AI is better than anything else for root cause analysis.

Response: Davis AI is genuinely strong for finding root cause. But AgentiX doesn't just find the problem — it fixes it. Autonomous remediation with human-in-the-loop guardrails, trained on 1.2 billion real-world playbook executions. That's the next level beyond what any observability-only AI can offer.

New Relic

Developer-friendly observability with transparent consumption-based pricing and strong browser/mobile monitoring. Good for smaller DevOps teams. However, there is no security story whatsoever — New Relic is observe-only with no path to SecOps convergence. Limited at enterprise scale.

APM Infrastructure Logs Browser Mobile

Where PAN Wins

  • No security capabilities at all: New Relic is observe-only. There is no security product, no SIEM, no XDR, no SOAR, no endpoint. The platform conversation begins and ends at observability.
  • Control Plane for cost governance: Chronosphere's pricing model (retained useful data) provides better cost governance than New Relic's consumption-based model at enterprise scale.
  • AgentiX autonomous response: New Relic alerts and dashboards. AgentiX acts. The gap between observe-and-alert and autonomous-remediation is the entire value of the platform story.
  • Platform breadth is unmatched: PAN spans network, cloud, SOC, identity, and observability. New Relic is a single-discipline tool with no expansion path into security.

Where They're Strong

  • Developer-friendly UX: Low friction onboarding, strong browser and mobile monitoring (RUM), consumption-based pricing that's transparent for smaller teams.
  • Good for smaller DevOps teams: No seat licensing complexity. Simple ingestion-based model is easy to budget for teams without enterprise procurement requirements.

Landmines

  • Zero security story — New Relic will never be a security platform. This is an existential gap in a world where observability and security data must converge.
  • Limited at enterprise scale — Narrower integration ecosystem than Datadog or Dynatrace, and no enterprise-grade cost governance tools for large cardinality environments.

Traps & Counter-Traps

  • "New Relic is cheaper" — Counter: Compare total security + observability cost. New Relic for observability + another vendor for SIEM + another for SOAR + another for XDR equals more total spend and more operational complexity. One PAN platform beats four point tools on total cost.

Key Objections

We use New Relic and it works fine for our developers.

Response: New Relic is a good developer observability tool. But when a security incident happens, your developers and your SOC team are looking at completely different data. PAN converges those signals — observability, threat detection, and automated response in one platform. Ask your CISO if they'd rather have one unified dataset or keep bridging two siloed tools during an active incident.

Objection Handling

Common Field Objections

Prepared responses for the objections you'll hear most in ITOps and observability conversations.

We already have an observability tool.

Response: Chronosphere's Telemetry Pipeline can sit alongside your existing tool, reducing data costs 30%+ immediately — no rip-and-replace required. Start there as a wedge. Once they see the cost savings and the security convergence story, the platform conversation opens naturally.

Observability and security are different teams — we don't buy together.

Response: That separation is exactly why platformization matters. Converged telemetry means faster MTTR when a performance issue is also a security event. AgentiX agents can span both ITOps and SecOps workflows — your teams stay separate, but the data and automation become unified. That's a competitive advantage, not a procurement problem.

Chronosphere is too new at Palo Alto — we don't know if they'll integrate.

Response: Chronosphere was a Gartner Magic Quadrant Leader before the acquisition closed January 29, 2026. Martin Mao, the co-founder and CEO, is now SVP and GM of Observability at PAN — the team and technology are proven. Integration with AgentiX is already on the roadmap, and the 5-pillar platform story is the company's top strategic priority.

ITOps Field Tips

Lead with cost control: Chronosphere's pricing model — pay for retained useful data, not everything ingested — is a killer differentiator. Every Datadog and Splunk customer has a cost story. Find it.
Play the convergence card: "Would you rather have 5 tools for security + observability, or one platform?" The consolidation ROI calculation always lands with CFOs and CISOs alike.
Start with Telemetry Pipeline: Low-friction entry point that sits in front of any existing tool and immediately saves 30%+ on data costs. No rip-and-replace. Prove value on day one.
Connect every call to XSIAM: Every observability conversation is a door to an XSIAM conversation. Observability data + security data + AgentiX automation = the full platform story.