Morphisec vs NetWitness NDR comparison

Morphisec and NetWitness are both solutions in the Endpoint Protection Platform (EPP) category. Morphisec is ranked #55, while NetWitness is ranked #59. Morphisec holds a 0.4% mindshare in EPP, compared to NetWitness’s 0.3% mindshare. Additionally, 100% of Morphisec users are willing to recommend the solution, compared to 87% of NetWitness users who would recommend it.

Morphisec

Read 21 Morphisec reviews

1,094 Views
314 Comparison Views

100% willing to recommend

NetWitness NDR

Read 15 NetWitness NDR reviews

565 Views
312 Comparison Views

87% willing to recommend

Morphisec

NetWitness NDR

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Sep 9, 2024

NetWitness NDR and Morphisec are two prominent solutions in network detection and response. Morphisec stands out due to its proactive approach to security, though some users feel it is worth the higher price.

Features: Users highly value NetWitness NDR for its comprehensive network monitoring and analytics. NetWitness NDR excels in detailed forensic analysis. Morphisec is praised for its advanced threat prevention capabilities and lightweight design. Morphisec's strength lies in its proactive defense mechanisms.

Room for Improvement: NetWitness NDR users seek enhancements in its integration capabilities. They also desire a more intuitive learning curve and better scalability. Morphisec users desire expanded reporting features and better scalability. Enhanced integration is also sought after in both products.

Ease of Deployment and Customer Service: NetWitness NDR offers flexible deployment options but receives mixed feedback on complexity. Customer service for NetWitness is well-regarded. Morphisec, noted for its simplicity in deployment, garners positive reviews for customer service efficiency. Morphisec’s ease of deployment is a distinct advantage.

Pricing and ROI: NetWitness NDR is perceived to have higher initial setup costs, yet users acknowledge substantial long-term ROI. Morphisec, despite a higher price point, is seen as an investment worth the cost due to its effective threat mitigation. Morphisec users report quicker ROI due to reduced incidents.

To learn more, read our detailed Morphisec vs. NetWitness NDR Report (Updated: May 2025).

Buyer's Guide

Morphisec vs. NetWitness NDR

May 2025

Download the complete report

Helped 859,129 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Morphisec

Ranking in Endpoint Protection Platform (EPP)

55th

Ranking in Endpoint Detection and Response (EDR)

62nd

Average Rating

9.2

Reviews Sentiment

7.4

Number of Reviews

Ranking in other categories

Vulnerability Management (65th), Advanced Threat Protection (ATP) (35th), Cloud Workload Protection Platforms (CWPP) (33rd), Threat Deception Platforms (16th)

NetWitness NDR

Ranking in Endpoint Protection Platform (EPP)

59th

Ranking in Endpoint Detection and Response (EDR)

60th

Average Rating

8.0

Reviews Sentiment

6.9

Number of Reviews

Ranking in other categories

Threat Intelligence Platforms (39th), Security Orchestration Automation and Response (SOAR) (25th), Network Detection and Response (NDR) (21st), Extended Detection and Response (XDR) (38th)

Mindshare comparison

As of June 2025, in the Endpoint Protection Platform (EPP) category, the mindshare of Morphisec is 0.4%, up from 0.3% compared to the previous year. The mindshare of NetWitness NDR is 0.3%, up from 0.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Endpoint Protection Platform (EPP)

Featured Reviews

Rick Schibler

VP of Information Technology at Kentucky Trailer

Offers in-memory protection at a lower price than competitors

Morphisec's in-memory protection is probably the most valuable feature because it stops malicious activity from occurring. If something tries to install or act as a sleeper agent, Morphisec will detect and stop it. Morphisec's Moving Target Defense is critical to hardening our attack surface. If it detects something, it indicates whether it's valid. That means you've got a breach requiring investigation. It detects anomalies but doesn't necessarily point to what caused them. You still need to do that work. The solution is reasonably easy to administer. They made some changes last year, adding a cloud-based monitoring solution that makes deploying and monitoring our endpoints easy.

Read full review

SupravatMaji

Associate Vice President - IT Security at Inspira Enterprise

Beneficial single unified dashboard, good native application integration, and high availability

My advice to those wanting to implement RSA NetWitness Network is they have to first do a little due diligence, such as the exact requirement based on their needs. That will give them a direction for their investment because otherwise, the bill of material or bill of quantity (BOQ) may be higher side. It is important to do good due intelligence on the environment, see the exact requirement, and then go ahead with the solution. The solution is perfectly stable. I rate RSA NetWitness Network a nine out of ten.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"It also provides full visibility into security events from Microsoft Defender and Morphisec in one dashboard. We've always had that capability with Morphisec. The more recent version appears to do that even a little bit more natively and it's given us visibility that we didn't have otherwise."

"All the alerts are on the dashboard, which is quite simple and useful for us. You can easily check all the alerts that are being blocked or allowed, or whatever the action is. You can easily see that and you can take the necessary actions. You can add a PowerShell extension or any activities for blocking at your network level or for endpoints."

"It provides full visibility into security events and from both solutions in one dashboard. I'm not a big security guy, if I have a threat that looks like there's a problem, I will ask Morphisec to dissect it for me, and tell me what might be happening. Because it tends to be all hash codes, so I can tell what's going on. They've been pretty good with that."

"We have seen it successfully block attacks that a traditional antivirus did not pick up."

"Morphisec is a straightforward solution that is efficient and very stable."

"Since using Morphisec we have seen a downturn in attacks because Morphisec protects us versus Defenders and whatnot that are signature-based. I know we have not had any issues with ransomware or other zero-day attacks that we've seen with machines that, all of a sudden, have become before we instituted the product. Now the machine had to be re-imaged and there was a loss of data because something was on the machine. You couldn't really determine what was on the machine because nothing was picking it up. The products we were using weren't picking it up."

"Morphisec makes it very easy for IT teams of any size to prevent breaches of critical systems because of the design of their tool. When we evaluated Morphisec, the CIO and I sat and listened. What attracted us to them is the fact that it stops activity at the point of detection. That saves a lot of time because now we are not investigating and trying to trace down what to turn off. We have already prevented it, which makes it very much safer and more secure."

"What's valuable is really the whole kit and caboodle of the Morphisec agent. What it does is genius, in a way, until the bad guys get wise to it. You set it up and then you watch the dashboard. There isn't really much tinkering."

More Morphisec pros

"They have recently updated the features and the most valuable ones are the instant threat response, ease of use, web interface, integration, and easy access. RSA NetWitness Endpoint is very compatible with other solutions and technologies. However, they do not rely on third-party solutions and have most features built-in."

"This solution allows us to locate the malware in real-time."

"It's a scalable solution. We have around five to eight customers using RSA NetWitness Endpoint, and we hope to increase the number of users."

"The most valuable feature of RSA NetWitness Network is the single unified dashboard from which you can manage all the different products of RSA. Additionally, the integration with native applications is good."

"Ability to isolate the machine when there are malicious files."

"Technical support is knowledgeable."

"We've contacted technical support several times. They've been very good. They have been able to help us resolve our issues."

"The most valuable feature is the way it captures the traffic, and it contains every detail of the communication."

More NetWitness NDR pros

Cons

"Sometimes it generates false positive alerts. They need to continue working on that. They have provided solutions for it and have fixed issues with updated versions. The service is quite good but they need to work on it more so that there are no false positive alerts."

"We have discovered some bugs in the new releases that they've had to fix, so I would like to see more testing and QA on their side before they release."

"It would be nice if they could integrate Morphisec with other traditional antivirus solutions beyond Microsoft Defender. That is probably my biggest gripe."

"The dashboard is the area that requires the most improvement. We have about, I would say 5,500 computers currently, and searching through all of those takes some time to filter. So as soon as you apply the filter, it takes a few seconds. It crunches, it thinks, and then it brings up the clients that match."

"Those are some of the features that I was looking for on my on-prem platform that they've already instituted in the cloud and that I'm sure will be instituting on their on-prem platform as well. Having to have an on-prem server required a lot of administration. Being able to push that to the cloud and have it managed up there for us is a real nice addition."

"Morphisec is a venture startup. They are still early in their growth stage. They need to get mature on their customer support and on how they interface with system tools. For example, they need to get multifactor in place and an API for the major multi-factor systems, e.g., Okta, Duo, Ping, and Microsoft. They don't have them built in yet. They are working on them. It is just not there yet. Also, their stability, customer support, and processes need improvement, which is just part of maturity."

"The weakest point of this product is how difficult it is to understand the reasons for an alert. This is a problem because it is hard to determine whether an attack is real or not."

"We wanted to have multi-tenants in their cloud platform, so every entity can look into their own systems and not see other systems in other entities. I have a beta version on that now. I would like them to incorporate that in the cloud solution."

More Morphisec cons

"NetWitness Endpoint's blocking feature does not work properly - if there's a malicious process, it's not possible to kill it via a custom rule unless and until it's flagged as malicious."

"The solution is modular, for example you can buy the RSA ePack, which you buy as a module is not part of the conduit solution. They could include it and have it as an all-in-one solution."

"The solution lacks a reporting engine."

"Threat detection could be better."

"The integration of the solution needs to be improved. The dashboard needs lots of updates as well. In the next release, we would like to see advanced fraud detection features."

"When analyzing something, you have to click several times. It requires a lot of effort to find something."

"The initial setup requires a high level of skill."

"The contamination feature could be improved."

More NetWitness NDR cons

Pricing and Cost Advice

"Price-wise, it's on the higher side. A traditional antivirus solution is cheaper, but in terms of security and manageability, its ROI is better than a traditional antivirus. I would recommend it to anybody evaluating or considering an antivirus solution. If your system gets compromised, the cost of ransom would be a lot more. This way, it saves a lot of cost."

"It does not have multi-tenants. If South Africa wants to show only the machines that they have, they need their own cloud incidence. It is not possible to have that in a single cloud incidence with multiple tenants in it, instead you need to have multiple cloud incidences. Then, if you have that, it will be more expensive. However, they are going to change that, which is good."

"Our licensing is tied into our contract. Because we have a long-term contract, our pricing is a little bit lower. It is per year, so we don't get charged per endpoint, but we do have a cap. Our cap is 80 endpoints. If we were to go over 80, when we renewed our contract, which is not until three years are over. Then, they would reevaluate, and say, "Well, you have more than 80 devices active right now. This is going to be the price change." They know that we are installing and replacing computers, so the numbers will be all over the place depending on whether you archive or don't archive, which is the reason why we just have to keep up on that stuff."

"It is a little bit more expensive than other security products that we use, but it does provide us good protection. So, it is a trade-off."

"It is an annual subscription basis per device. For the devices that we have in scope right now, it is about $25,000 a year."

"Morphisec is reasonably priced because our parent company's other subsidiaries use different products like CrowdStrike. CrowdStrike is four or five times more expensive than Morphisec. The competitive pricing saves us money in our overall security stack."

"Licenses are per endpoint, and that's true for the cloud version as well. The only difference is that there is a little extra charge for the cloud version."

"We are still using a separate tool. I know for our 600 or I think we're actually licensed for up to 700 users, it runs me 23 or $24,000 a year. When you're talking to that many users plus servers being protected, that's well worth the investment for that dollar amount."

More Morphisec pricing and cost advice

"With RSA, there is flexibility in choosing the service, products, and the range that meets your requirement, as well as they are flexible in terms of pricing."

"The pricing is not very economical. It is a quite costly product for India. One thing is that when you purchase it, you have to purchase a module separately."

"The cost depends on the number of endpoints that you want to monitor, but it is not expensive."

"We are on a three-year contract to use RSA NetWitness Network."

"NetWitness Endpoint is less costly than its competitors, but it offers fewer features."

"I do not have any opinion on the pricing or licensing of the product."

"It is highly scalable. It can be bought based on your requirements."

"It is an expensive product."

More NetWitness NDR pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Endpoint Protection Platform (EPP) solutions are best for your needs.

See recommendations

859,129 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Outsourcing Company

15%

Computer Software Company

13%

Financial Services Firm

11%

Manufacturing Company

Computer Software Company

17%

Financial Services Firm

16%

Government

Manufacturing Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Comparisons

CrowdStrike Falcon vs Morphisec

Compared 30% of the time

Halcyon vs Morphisec

Compared 15% of the time

SentinelOne Singularity Complete vs Morphisec

Compared 12% of the time

Hyver vs Morphisec

Compared 8% of the time

Cisco Secure Endpoint vs Morphisec

Compared 6% of the time

More Morphisec Competitors

Darktrace vs NetWitness NDR

Compared 13% of the time

Fidelis Elevate vs NetWitness NDR

Compared 11% of the time

Cortex XDR by Palo Alto Networks vs NetWitness NDR

Compared 8% of the time

Vectra AI vs NetWitness NDR

Compared 8% of the time

ExtraHop Reveal(x) vs NetWitness NDR

Compared 7% of the time

More NetWitness NDR Competitors

Product Reports

Buyer's Guide

Morphisec

June 2025

Download Morphisec product report

Buyer's Guide

NetWitness NDR

June 2025

Download NetWitness NDR product report

Also Known As

Morphisec, Morphisec Moving Target Defense

RSA ECAT, NetWitness Network

Overview

Morphisec integrates seamlessly with platforms like Microsoft Defender, offering signatureless protection against zero-day threats and ransomware. It enhances existing endpoint solutions with minimal maintenance through its set-and-forget deployment, providing heightened security and reduced false positives.

Morphisec strengthens defense strategies by merging memory morphing and signatureless protection to effectively block zero-day attacks and ransomware. It operates efficiently within existing infrastructure, reducing system impact and maintenance needs. Users find its full visibility dashboard invaluable. Despite its strengths, cloud deployment and reporting features can be improved. Stability, alerts, and integration with other systems pose challenges for users, impacting usability and support quality.

What are Morphisec's key features?

Seamless Integration: Works with Microsoft Defender for comprehensive dashboard visibility
Memory Morphing: Hides processes to reduce attack surfaces
Signatureless Protection: Prevents threats without impacting performance
Automatic Threat Blocking: Uses inbuilt intelligence to detect risks
Set-and-Forget Deployment: Simplifies management and reduces maintenance

What benefits should users consider in reviews?

Quick Deployment: Fast setup without disrupting operations
Enhanced Protection: Provides an additional defense layer against advanced threats
Cost-Effectiveness: Works with existing licenses, minimizing extra investments
Improved Compatibility: Integrates smoothly with current antivirus systems
Minimal System Impact: Operates efficiently without overloading resources

In security-focused industries, Morphisec is crucial for protecting workstations and servers against sophisticated attacks like ransomware. Its signatureless technology offers early threat detection, while compatibility with existing systems ensures seamless integration, providing advanced protection without additional licensing costs.

Morphisec

Using a centralized combination of network and endpoint analysis, behavioral analysis, data science techniques and threat intelligence, NetWitness NDR helps analysts detect and resolve known and unknown attacks while automating and orchestrating the incident response lifecycle. With these capabilities on one platform, security teams can collapse disparate tools and data into a powerful, blazingly fast user interface.

NetWitness

Sample Customers

Lenovo/Motorola, TruGreen, Covenant Health, Citizens Medical Center

ADP, Ameritas, Partners Healthcare

Buyer's Guide

Morphisec vs. NetWitness NDR

May 2025

Free Report: Morphisec vs. NetWitness NDR

Find out what your peers are saying about Morphisec vs. NetWitness NDR and other solutions. Updated: May 2025.

DOWNLOAD NOW

859,129 professionals have used our research since 2012.

See our Morphisec vs. NetWitness NDR report.

See our list of best Endpoint Protection Platform (EPP) vendors and best Endpoint Detection and Response (EDR) vendors.

We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.