No more typing reviews! Try our Samantha, our new voice AI agent.

Kaspersky Next XDR Expert vs Morphisec comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Apr 9, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Sponsored
Ranking in Endpoint Detection and Response (EDR)
6th
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
114
Ranking in other categories
Endpoint Protection Platform (EPP) (4th), Extended Detection and Response (XDR) (4th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (1st)
Kaspersky Next XDR Expert
Ranking in Endpoint Detection and Response (EDR)
35th
Average Rating
7.8
Reviews Sentiment
6.3
Number of Reviews
19
Ranking in other categories
Extended Detection and Response (XDR) (20th)
Morphisec
Ranking in Endpoint Detection and Response (EDR)
61st
Average Rating
9.2
Reviews Sentiment
7.4
Number of Reviews
21
Ranking in other categories
Vulnerability Management (57th), Endpoint Protection Platform (EPP) (48th), Advanced Threat Protection (ATP) (30th), Cloud Workload Protection Platforms (CWPP) (35th), Threat Deception Platforms (15th)
 

Mindshare comparison

As of July 2026, in the Endpoint Detection and Response (EDR) category, the mindshare of Cortex XDR by Palo Alto Networks is 3.6%, down from 3.9% compared to the previous year. The mindshare of Kaspersky Next XDR Expert is 1.0%, down from 1.8% compared to the previous year. The mindshare of Morphisec is 0.9%, up from 0.5% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Endpoint Detection and Response (EDR) Mindshare Distribution
ProductMindshare (%)
Cortex XDR by Palo Alto Networks3.6%
Kaspersky Next XDR Expert1.0%
Morphisec0.9%
Other94.5%
Endpoint Detection and Response (EDR)
 

Featured Reviews

ABHISHEK_SINGH - PeerSpot reviewer
Senior Process Expert at A.P. Moller - Maersk
Gained full visibility and streamlined threat detection through behavior-based insights and AI integration
Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.
Manikumar David - PeerSpot reviewer
IT Manager at R K Khanna and Associates
Experienced weak security checks and increased system load with limited control
Kaspersky Endpoint Detection and Response is not up to the mark compared to what I have seen from earlier products. I was using CrowdStrike, and Kaspersky Endpoint Detection and Response is not up to the mark compared to CrowdStrike and other products. Kaspersky Endpoint Detection and Response sometimes seems to allow certain files which should not be allowed on its own. I trust Kaspersky Endpoint Detection and Response to check the files, but I cannot sit and check all the files that are coming in. Kaspersky Endpoint Detection and Response has its own weaknesses. Kaspersky Endpoint Detection and Response slows the system slightly. It uses more resources than what CrowdStrike does. When any attack happens or something is happening with other products I am using, Kaspersky Endpoint Detection and Response stops certain things. However, it does not take me to the file, and it is not user-friendly.
Rick Schibler - PeerSpot reviewer
VP of Information Technology at Kentucky Trailer
Offers in-memory protection at a lower price than competitors
Morphisec's in-memory protection is probably the most valuable feature because it stops malicious activity from occurring. If something tries to install or act as a sleeper agent, Morphisec will detect and stop it. Morphisec's Moving Target Defense is critical to hardening our attack surface. If it detects something, it indicates whether it's valid. That means you've got a breach requiring investigation. It detects anomalies but doesn't necessarily point to what caused them. You still need to do that work. The solution is reasonably easy to administer. They made some changes last year, adding a cloud-based monitoring solution that makes deploying and monitoring our endpoints easy.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Since they've done their most recent update, the ease to isolate endpoints is valuable. If we find one where there is a virus on it, we can easily isolate it. We don't even have to contact the user. We don't have to manually take them off the network. We can easily isolate them."
"The most valuable feature of Cortex XDR by Palo Alto Networks is the low consumption of system resources. The solution uses a lot of AI and machine learning."
"The most valuable aspect of Cortex XDR by Palo Alto Networks for me is its integration with AI detection, where we get to know the behavioral detection based on users, traffic patterns, and different services that we consume."
"I don't have to do much monitoring with it; I don't have to have anybody manually looking at this, it gives us reports, and it lets us know if something needs to be addressed, and we can easily address it."
"We use it for malicious connections from malicious websites, to identify payloads that might be inside the traffic, to identify malicious processes or bugs that are running on the network, and any activities that tend to lead to data infiltration."
"On a scale from one to ten, I would rate Cortex XDR by Palo Alto Networks a nine."
"Cortex XDR lets us manage several clients from the same console, and its endpoint defense is more advanced than traditional antivirus."
"Cortex XDR by Palo Alto Networks has helped lighten the load of our security analysts because it was the major tool that we were using and the one we utilized most."
"Kaspersky EDR is far superior to other products. It gives detailed information about malware, geolocation, and more. Also, the agent itself is very lightweight compared to other products. The packages and updates were quite small in size, just a few KBs."
"I do customize the policies to determine what to do and what not to do."
"It downloads essential security patches that are valuable for my PC."
"From my point of view, one of the best aspects of Kaspersky Endpoint Detection and Response is its high detection rate, which surpasses many other solutions. Its valuable features include behavior detection, threat prevention, device control, adaptive anomaly control, and centralized protection detection."
"The advanced detection features are valuable."
"The tool's performance and prevention are amazing."
"Kaspersky EDR offers automated response capabilities, enhancing efficiency by enabling quick investigation and response to potential threats on Android devices."
"We have a concept of working from home. Most endpoints are not in the domain. It is our first line of defense. While we had Kaspersky deployed, it gave good insight into the upcoming challenge or threat."
"What's valuable is really the whole kit and caboodle of the Morphisec agent. What it does is genius, in a way, until the bad guys get wise to it. You set it up and then you watch the dashboard. There isn't really much tinkering."
"Since we started using Morphisec, that hasn't happened even once."
"Morphisec's in-memory protection is probably the most valuable feature because it stops malicious activity from occurring. If something tries to install or act as a sleeper agent, Morphisec will detect and stop it."
"Morphisec has been a real lifesaver."
"Morphisec Guard enables us to see at a glance whether our users have device control and disk encryption enabled properly. This is important because we are a global company operating with multiple entities. Previously, we didn't have that visibility. Now, we have visibility so we can pinpoint some locations where there are machines that are not really protected, offline, etc. It gives us visibility, which is good."
"The simplicity of the solution, how easy it is to deploy and how small it is when deployed as an agent on a device, is probably the biggest aspect, given what it can do."
"Morphisec makes use of deterministic attack prevention that doesn’t require investigation of security alerts. It changes the memory locations of where certain applications run. If you think of Excel, opening a PDF, running an Excel macro, or opening a webpage and clicking on a link, all of those actions run in a certain area of memory. Morphisec changes the memory locations of where those run."
"Morphisec makes it super easy for our IT team to prevent breaches of critical systems; it is a one-click install, then it takes care of the rest."
 

Cons

"If he is using a smaller company, he can depend on some other tools because Cortex XDR by Palo Alto Networks is a bit expensive."
"The GUI could be improved. It's a little bit cumbersome. It could be more user-friendly."
"Currently, if you use Palo Alto endpoint protection as the only solution it's very complicated to remove pre-existing threats."
"The negative aspect I see is the economic model used by Palo Alto."
"A potential area of improvement for Cortex XDR by Palo Alto Networks is the cost."
"The solution can never really be an on-premises solution based simply on the way it is set up. It needs metadata to run and improve. Having an on-premises solution would cut it off from making improvements."
"The product's pricing needs improvement. They could provide more discounts. Additionally, the dashboard and control panel could be enhanced."
"The connection to the internet has not performed as expected."
"Enhancing user-friendliness should be a priority."
"The main issue was compatibility with the cloud itself. The CPU usage immediately spiked, causing the machines to hang and sometimes even forcing server or computer restarts."
"My team was struggling with the reporting when we were doing an audit. The console features are a little more interactive and user-friendly. There's some issue, or maybe some fixing has to be done."
"The product does not detect zero-day threats."
"Kaspersky Endpoint Detection and Response lacks configuration options."
"I want to be able to use the product as a patch management tool for my endpoints since it is an area that is not working effectively for me."
"Incorporating an AI protection tool with the capability to detect and prevent zero-day threats, particularly those with a five-star rating in terms of severity would be beneficial."
"One of the main areas where the tool could improve is its integration capabilities. For example, I find it challenging to integrate it with other solutions. It would be helpful if the tool could make it more open to integration with other tools."
"If anything, tech support might be their weakest link."
"We wanted to have multi-tenants in their cloud platform, so every entity can look into their own systems and not see other systems in other entities. I have a beta version on that now. I would like them to incorporate that in the cloud solution."
"If anything, tech support might be their weakest link. The process of getting someone involved sometimes takes a little time. It seems to me that they should have all the data they need to let me know whether an alert is legitimate or not, but they tend to need a lot of information from me to get to the bottom of something. It usually takes a little longer than I would expect."
"It would be useful for them if they had some kind of network discovery."
"The weakest point of this product is how difficult it is to understand the reasons for an alert. This is a problem because it is hard to determine whether an attack is real or not."
"It might be a bit much to ask, but we are now beginning to use Morphisec Scout, which provides vulnerability information. At this time, it's recognizing vulnerabilities and reporting them to us, but it's not necessarily resolving them. There's still a separate manual process to resolve those vulnerabilities, primarily through upgrades. We have to do that outside of Morphisec. If Morphisec could somehow have that capability built into it, that would be very effective."
"Those are some of the features that I was looking for on my on-prem platform that they've already instituted in the cloud and that I'm sure will be instituting on their on-prem platform as well. Having to have an on-prem server required a lot of administration. Being able to push that to the cloud and have it managed up there for us is a real nice addition."
"We have only had four attacks in the last year, "attacks" being some benign PDF from a vendor that, for some reason, were triggered. There were no actual attacks. They were just four false positives, or something lowly like adware. There have been false positives with both the on-premises solution and the cloud solution."
 

Pricing and Cost Advice

"Every customer has to pay for a license because it doesn't work with what you get from a managed services provider."
"It has a yearly renewal."
"The price of the solution is high for the license and in general."
"Our license will require renewal in August, after which the maintenance will continue as usual."
"It is present, but when compared to other competitive products, I would say it is not less expensive; however, when all of the other added values are considered, the price is reasonable."
"The price of the solution could be reduced. I have customers that have voiced that the solution is good for the value but if I want to sell more of the solution the price reduction would help."
"I don't like that they have different types of licenses."
"I don't have any issues with the pricing. We are satisfied with the price."
"The tool's pricing was high during the last renewal."
"The product is cheap."
"It is cost-effective in terms of services and features compared to other more expensive EDR solutions like CrowdStrike and Trend Micro."
"The pricing falls within the average range."
"Yearly payments are to be made toward the licensing costs of the solution."
"I was satisfied with the pricing of Kaspersky."
"The tool's pricing is reasonable."
"I rate the solution's pricing model a seven on a scale of one to ten, where one is cheap, and ten is expensive."
"It is an annual subscription basis per device. For the devices that we have in scope right now, it is about $25,000 a year."
"Morphisec is reasonably priced because our parent company's other subsidiaries use different products like CrowdStrike. CrowdStrike is four or five times more expensive than Morphisec. The competitive pricing saves us money in our overall security stack."
"We are still using a separate tool. I know for our 600 or I think we're actually licensed for up to 700 users, it runs me 23 or $24,000 a year. When you're talking to that many users plus servers being protected, that's well worth the investment for that dollar amount."
"Our licensing is tied into our contract. Because we have a long-term contract, our pricing is a little bit lower. It is per year, so we don't get charged per endpoint, but we do have a cap. Our cap is 80 endpoints. If we were to go over 80, when we renewed our contract, which is not until three years are over. Then, they would reevaluate, and say, "Well, you have more than 80 devices active right now. This is going to be the price change." They know that we are installing and replacing computers, so the numbers will be all over the place depending on whether you archive or don't archive, which is the reason why we just have to keep up on that stuff."
"It does not have multi-tenants. If South Africa wants to show only the machines that they have, they need their own cloud incidence. It is not possible to have that in a single cloud incidence with multiple tenants in it, instead you need to have multiple cloud incidences. Then, if you have that, it will be more expensive. However, they are going to change that, which is good."
"The pricing is definitely fair for what it does."
"It is priced correctly for what it does. They end up doing a good deal of discounting, but I think it is priced appropriately."
"Price-wise, it's on the higher side. A traditional antivirus solution is cheaper, but in terms of security and manageability, its ROI is better than a traditional antivirus. I would recommend it to anybody evaluating or considering an antivirus solution. If your system gets compromised, the cost of ransom would be a lot more. This way, it saves a lot of cost."
report
Use our free recommendation engine to learn which Endpoint Detection and Response (EDR) solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Construction Company
12%
Financial Services Firm
11%
Manufacturing Company
10%
Comms Service Provider
9%
Comms Service Provider
12%
Financial Services Firm
9%
Manufacturing Company
9%
Construction Company
7%
Outsourcing Company
16%
Manufacturing Company
12%
Construction Company
11%
Financial Services Firm
10%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business46
Midsize Enterprise21
Large Enterprise53
By reviewers
Company SizeCount
Small Business7
Midsize Enterprise6
Large Enterprise6
By reviewers
Company SizeCount
Small Business5
Midsize Enterprise8
Large Enterprise8
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...
What needs improvement with Kaspersky Endpoint Detection and Response?
Kaspersky Endpoint Detection and Response is not up to the mark compared to what I have seen from earlier products. I...
What advice do you have for others considering Kaspersky Endpoint Detection and Response?
It seems okay. CrowdStrike was not heavy on my network or usage. I would rate this product an 8.
Ask a question
Earn 20 points
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
No data available
Morphisec, Morphisec Moving Target Defense
 

Overview

 

Sample Customers

CBI Health Group, University Honda, VakifBank
Information Not Available
Lenovo/Motorola, TruGreen, Covenant Health, Citizens Medical Center
Find out what your peers are saying about Kaspersky Next XDR Expert vs. Morphisec and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.