No more typing reviews! Try our Samantha, our new voice AI agent.

Morphisec vs Prisma Cloud by Palo Alto Networks comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 11, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Sponsored
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
112
Ranking in other categories
Endpoint Protection Platform (EPP) (4th), Endpoint Detection and Response (EDR) (6th), Extended Detection and Response (XDR) (4th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (1st)
Morphisec
Average Rating
9.2
Reviews Sentiment
7.4
Number of Reviews
21
Ranking in other categories
Vulnerability Management (58th), Endpoint Protection Platform (EPP) (47th), Advanced Threat Protection (ATP) (31st), Endpoint Detection and Response (EDR) (60th), Cloud Workload Protection Platforms (CWPP) (35th), Threat Deception Platforms (13th)
Prisma Cloud by Palo Alto N...
Average Rating
8.4
Reviews Sentiment
7.1
Number of Reviews
114
Ranking in other categories
Web Application Firewall (WAF) (8th), Container Security (2nd), Cloud Security Posture Management (CSPM) (2nd), Cloud-Native Application Protection Platforms (CNAPP) (2nd), Data Security Posture Management (DSPM) (2nd)
 

Mindshare comparison

Endpoint Protection Platform (EPP) Mindshare Distribution
ProductMindshare (%)
Morphisec0.9%
Microsoft Defender for Endpoint6.8%
CrowdStrike Falcon6.0%
Other86.3%
Endpoint Protection Platform (EPP)
Cloud-Native Application Protection Platforms (CNAPP) Mindshare Distribution
ProductMindshare (%)
Prisma Cloud by Palo Alto Networks10.7%
Wiz13.1%
Microsoft Defender for Cloud7.8%
Other68.4%
Cloud-Native Application Protection Platforms (CNAPP)
 

Featured Reviews

ABHISHEK_SINGH - PeerSpot reviewer
Senior Process Expert at A.P. Moller - Maersk
Gained full visibility and streamlined threat detection through behavior-based insights and AI integration
Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.
Rick Schibler - PeerSpot reviewer
VP of Information Technology at Kentucky Trailer
Offers in-memory protection at a lower price than competitors
Morphisec's in-memory protection is probably the most valuable feature because it stops malicious activity from occurring. If something tries to install or act as a sleeper agent, Morphisec will detect and stop it. Morphisec's Moving Target Defense is critical to hardening our attack surface. If it detects something, it indicates whether it's valid. That means you've got a breach requiring investigation. It detects anomalies but doesn't necessarily point to what caused them. You still need to do that work. The solution is reasonably easy to administer. They made some changes last year, adding a cloud-based monitoring solution that makes deploying and monitoring our endpoints easy.
reviewer2776578 - PeerSpot reviewer
Cyber Security Architect at a comms service provider with 10,001+ employees
Image scanning has supported consistent security practices during cloud deployment
On a scale of ten, we would say people are happy with Prisma Cloud by Palo Alto Networks for the part we use. People are okay with it. We probably would give an eight. We don't give ten because if we don't use the other parts of Prisma Cloud by Palo Alto Networks, it's because it was difficult to implement from an operational point of view. We could have deployed the runtime monitoring with Prisma Cloud by Palo Alto Networks, but within our organization at our company, it was very difficult to find who would be the owner for the alerts. People have other tools and in the end, we don't use the full capabilities of a product that we pay for. It's partially related to the difficulty to integrate Prisma Cloud by Palo Alto Networks runtime in our company's support process. We don't use the real-time monitoring part of Prisma Cloud by Palo Alto Networks. We don't know about the automated remediation feature of Prisma Cloud by Palo Alto Networks.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Cortex XDR is stable, offering high quality and reliable performance."
"The solution's most valuable feature is its ability to rapidly detect certain hardware files."
"There has been a significant reduction of approximately 70% to 80% in our internal MTTR and MTTD metrics, now around five to eight minutes whereas previously it was hours, which has helped tremendously."
"If you are looking for security, mainly for advanced threat prevention from ransomware and malware attacks, I would recommend Cortex."
"The solution allows us to gain remote access without the user's knowledge and take the necessary actions on the device."
"Based on my experience, I would recommend Cortex XDR by Palo Alto Networks to other people."
"The integrations are out-of-the-box, as are the playbooks."
"Cortex XDR alerts us on the dashboard when there's a threat, which allows us to restrict that user and helps secure our infrastructure."
"Morphisec makes it very easy for IT teams of any size to prevent breaches of critical systems because of the design of their tool."
"Morphisec makes it super easy for our IT team to prevent breaches of critical systems; it is a one-click install, then it takes care of the rest."
"We haven't had any cybersecurity incidents on machines running Morphisec."
"Morphisec stops attacks without needing to know what type of threat it is, just that it is foreign. It is based on injections, so it would know when a software launches. If a software launches and something else also launches, then it would count that as anomalous and block it. Because the software looks at the code, and if it executes something else that is not related, then Morphisec would block it. That is how it works."
"Morphisec has given our security team's operations peace of mind and more time for patching."
"Morphisec also provides full visibility into security events for Microsoft Defender and Morphisec in one dashboard... in the single pane of glass provided by Morphisec, it's all right there at your fingertips: easy to access and easy to understand. And if you choose to go down further to know everything from the process to the hash behind it, you can."
"Since using Morphisec we have seen a downturn in attacks because Morphisec protects us versus Defenders and whatnot that are signature-based. I know we have not had any issues with ransomware or other zero-day attacks that we've seen with machines that, all of a sudden, have become before we instituted the product. Now the machine had to be re-imaged and there was a loss of data because something was on the machine. You couldn't really determine what was on the machine because nothing was picking it up. The products we were using weren't picking it up."
"Morphisec has enabled us to become a lot less paranoid when it comes to staff clicking on things or accessing things that they shouldn't that could infect the whole system. Our original ransomware attack that happened came from someone's Google drive and then just filtered on through that. It has put our minds at ease a lot more in running it. It's also another layer of security that has been proven to be effective for us."
"One of the main reasons we like Prisma Cloud so much is that they also provide an API. You can't expect to give someone an account on Prisma Cloud, or on any tool for that matter, and say, "Go find your things and fix them." It doesn't work like that... We pull down the information from the API that Prisma Cloud provides, which is multi-cloud, multi-account—hundreds and hundreds of different types of alerts graded by severity—and then we can clearly identify that these alerts belong to these people, and they're the people who must remediate them."
"The reporting, dashboarding, and filtering capabilities which provide reports we can present to our senior staff are the most helpful features of Prisma Cloud (Annual Contract)."
"Prisma Cloud is a single tool that we can use to protect all of our cloud resources without having to manage and reconcile several security and compliance reports."
"The two most valuable features are container security and the capability to discover workloads."
"The most valuable feature is that the rule set is managed and that it can be run on a regularly scheduled basis."
"The policies that come prepackaged in the tool have been very valuable to us. They're accurate and they provide good guidance as to why the policy was created, as well as how to remediate anything that violates the policy."
"The application visibility is amazing. For example, sometimes we don't know what a particular custom port is for and what is running on it. The visibility enables us to identify applications, what the protocol is, and what service is behind it. Within Azure, it is doing a great job of providing visibility. We know exactly what is passing through our network. If there is an issue of any sort we are able to quickly detect it and fix the problem."
"Prisma Cloud offers robust runtime scanning capabilities, which is beneficial for security teams."
 

Cons

"One thing that was missing was the integration part. Currently, they don't have out-of-box integration with IBM QRadar, or if they have the integration, the integration doesn't work well."
"It is not very strong in terms of endpoint management. It should have additional features like DLP, encryption, or advanced device control. Currently, Cortex is good in terms of the security of the endpoints, but it is not as good as other vendors in terms of the management of the endpoint."
"There are some false positives."
"They have the worst support, as a company, that I have ever worked with, as they are difficult to get a hold of and keep on the phone. They don't know what they are talking about when you get them on the phone. They don't like to respond to messages when you send them to them. They like to "research problems" for weeks on end, then pass you off to somebody else."
"However, if you do not have Palo Alto in your environment, you are paying these additional services just for Cortex XDR by Palo Alto Networks, so it is not a cost-effective solution."
"It is an enterprise-level solution. Its price could be less expensive."
"The solution lacks real-time, on-demand antivirus."
"Based on our experience so far, its implementation is quite complex."
"We started in the Linux platform and we deployed to Linux. The licensing of that has been kind of confusing between Linux licensing and Windows licensing. The overall simplicity of licensing or offering an enterprise license to just cover everything and then we don't have to count needs improvement."
"We sometimes have to depend on the support team to know what action we should take. If the solution for an alert can be built into the report that we are getting, it will save time, and the interaction with support would be less. At times, corrective action is required, but at times, we don't need to take any action. It would be good if we get to know in the report that a particular infection doesn't require any action. It will save us time and effort."
"We have discovered some bugs in the new releases that they've had to fix, so I would like to see more testing and QA on their side before they release."
"It would be useful for them if they had some kind of network discovery."
"I haven't seen ROI because I haven't seen a threat that it has protected against, exactly."
"It would be useful for them if they had some kind of network discovery. That kind of functionality I think would give IT administrators a little bit more confidence that they have 100 percent coverage, and it gives them something to audit against. Network discovery would be one area I would definitely suggest that they put some effort into."
"The dashboard is the area that requires the most improvement."
"It would be nice if they could integrate Morphisec with other traditional antivirus solutions beyond Microsoft Defender. That is probably my biggest gripe."
"Based on my experience, the customization—especially the interface and some of the product identification components—is not as customizable as it could be. But it makes up for that with the fact that we can access the API and then build our own systems to read the data and then process and parse it and hand it to our teams."
"They could improve more features for the enterprise version of the solution."
"I think Prisma Cloud could improve its preventive governance policy and CWP run time modules."
"When an account is onboarded, if it is missing any permission, it should automatically be updated with the required permissions and policies."
"Prisma Cloud lags behind in terms of security automation capabilities."
"If I were to improve Prisma Cloud by Palo Alto Networks, I would enhance the integration with other vendors."
"In terms of securing cloud-native development at build time, a lot of improvement is needed. Currently, it's more a runtime solution than a build-time solution. For runtime, I would rate it at seven out of 10, but for build-time there is a lot of work to be done."
"The dashboard can be created at the user level instead of the cloud account level, which will help save time."
 

Pricing and Cost Advice

"The cost depends on your chosen license type, like Pro or other licenses."
"Cortex XDR’s pricing is very reasonable."
"This is an expensive solution."
"The pricing seems fair, and I do like the licensing model. You use wherever they are, and it is elastic."
"The return on investment is from the user side because we have seen the performance of it increase the delivery time of the product if we are using too many web-based and on-premise applications. In indirect ways, we saw the return of investment in terms of performance and user satisfaction increase."
"We pay about $50,000 USD per year for a bundle that includes Cortex XDR."
"I am using the Community edition."
"Its pricing is kind of in line with its competitors and everybody else out there."
"Compared to their competitors, the price of Morphisec is not that high. You can easily deploy it on a large-scale or small-scale network."
"It is an annual subscription basis per device. For the devices that we have in scope right now, it is about $25,000 a year."
"It is priced correctly for what it does. They end up doing a good deal of discounting, but I think it is priced appropriately."
"It is a little bit more expensive than other security products that we use, but it does provide us good protection. So, it is a trade-off."
"We are still using a separate tool. I know for our 600 or I think we're actually licensed for up to 700 users, it runs me 23 or $24,000 a year. When you're talking to that many users plus servers being protected, that's well worth the investment for that dollar amount."
"Price-wise, it's on the higher side. A traditional antivirus solution is cheaper, but in terms of security and manageability, its ROI is better than a traditional antivirus. I would recommend it to anybody evaluating or considering an antivirus solution. If your system gets compromised, the cost of ransom would be a lot more. This way, it saves a lot of cost."
"Morphisec is reasonably priced because our parent company's other subsidiaries use different products like CrowdStrike. CrowdStrike is four or five times more expensive than Morphisec. The competitive pricing saves us money in our overall security stack."
"The pricing is definitely fair for what it does."
"Prisma Cloud is a value-back cloud-managed solution; cloud-native solutions are quite expensive."
"Prisma Cloud's licensing system functions as expected with a solid licensing infrastructure."
"Prisma Cloud licensing works on credits."
"The pricing is competitive; for the most part, the security firms have similar prices."
"The pricing and licensing are expensive compared to the other offerings that we considered."
"We are encountering some resistance in the African market regarding the cost of Prisma Cloud."
"The pricing is competitive. From what I have seen in the past, it is on par with the others."
"The Prisma Cloud pricing is good."
report
Use our free recommendation engine to learn which Endpoint Protection Platform (EPP) solutions are best for your needs.
900,747 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Construction Company
12%
Financial Services Firm
11%
Manufacturing Company
10%
Comms Service Provider
9%
Outsourcing Company
16%
Manufacturing Company
13%
Construction Company
11%
Financial Services Firm
9%
Financial Services Firm
14%
Computer Software Company
9%
Manufacturing Company
9%
Government
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business46
Midsize Enterprise20
Large Enterprise52
By reviewers
Company SizeCount
Small Business5
Midsize Enterprise8
Large Enterprise8
By reviewers
Company SizeCount
Small Business37
Midsize Enterprise21
Large Enterprise57
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...
Ask a question
Earn 20 points
What is your primary use case for Prisma Cloud by Palo Alto Networks?
Prisma Cloud helps support DevSecOps methodologies, making those responsibilities easier to manage.
What Cloud-Native Application Protection Platform do you recommend?
We like Prisma Cloud by Palo Alto Networks, since it offers us incredible visibility into our entire cloud system. We...
What do you think of Aqua Security vs Prisma Cloud?
Aqua Security is easy to use and very manageable. Its main focus is on Kubernetes and Docker. Security is a very valu...
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
Morphisec, Morphisec Moving Target Defense
Prisma Public Cloud, RedLock Cloud 360, RedLock, Twistlock, Aporeto
 

Overview

 

Sample Customers

CBI Health Group, University Honda, VakifBank
Lenovo/Motorola, TruGreen, Covenant Health, Citizens Medical Center
Amgen, Genpact, Western Asset, Zipongo, Proofpoint, NerdWallet, Axfood, 21st Century Fox, Veeva Systems, Reinsurance Group of America
Find out what your peers are saying about CrowdStrike, Microsoft, SentinelOne and others in Endpoint Protection Platform (EPP). Updated: June 2026.
900,747 professionals have used our research since 2012.