Morphisec vs Qualys CyberSecurity Asset Management (CSAM) comparison


Comparison Buyer's Guide

Executive Summary

Categories and Ranking

Ranking in Vulnerability Management
Average Rating
Number of Reviews
Ranking in other categories
Endpoint Protection Platform (EPP) (43rd), Advanced Threat Protection (ATP) (23rd), Endpoint Detection and Response (EDR) (38th), Cloud Workload Protection Platforms (CWPP) (18th), Threat Deception Platforms (10th)
Qualys CyberSecurity Asset ...
Ranking in Vulnerability Management
Average Rating
Number of Reviews
Ranking in other categories
Patch Management (15th), Cyber Asset Attack Surface Management (CAASM) (4th), Attack Surface Management (ASM) (15th), Software Supply Chain Security (11th)

Featured Reviews

Rick Schibler - PeerSpot reviewer
Dec 13, 2022
Offers in-memory protection at a lower price than competitors
Morphisec's in-memory protection is probably the most valuable feature because it stops malicious activity from occurring. If something tries to install or act as a sleeper agent, Morphisec will detect and stop it. Morphisec's Moving Target Defense is critical to hardening our attack surface. If it detects something, it indicates whether it's valid. That means you've got a breach requiring investigation. It detects anomalies but doesn't necessarily point to what caused them. You still need to do that work. The solution is reasonably easy to administer. They made some changes last year, adding a cloud-based monitoring solution that makes deploying and monitoring our endpoints easy.
Brad Mathis - PeerSpot reviewer
Jun 10, 2024
Improves visibility, reliability, and scalability
The external attack surface management identified unexpected assets, suggesting some exist outside our known inventory. While these may not be directly managed by us, the process has brought valuable awareness to the fact that our core servers are externally hosted, prompting a review of similar situations. An external attack surface management scan revealed several outsourced name services, along with one unexpected third-party-linked IP. It's unclear if this was due to past consulting work or a registration error, but since it wasn't relevant to our company, it was easily excluded from future scans. The benefits of Qualys CyberSecurity Asset Management are immediate. We already had the cloud agents installed. They were already on all the servers and workstations. Once we upgraded from the VMDR included GAV (Global AssetView) to CSAM, it was no time before I could see the end-of-life, end-of-service software, and hardware. In addition to vulnerabilities, CSAM provides a better view of other risk factors, but VMDR is very powerful. VMDR was already seeing our limitations in hardening our vulnerabilities. CSAM enhanced our view by adding more visibility and insight into what we have. TruRisk scoring goes beyond traditional vulnerability scoring like CVSS to prioritize both vulnerabilities and assets based on real-world exploitability and industry targeting. This provides a clearer picture of our actual risk by considering factors like published exploits and what attackers are currently focusing on, allowing us to quickly identify critical issues and avoid wasting time on vulnerabilities with a high theoretical risk but low real-world threat. Qualys Cloud Agents can now be configured as passive sensors to discover all devices on our network in real-time, eliminating the requirement for separate virtual or physical passive sensor appliances. These cloud agent sensors monitor network broadcasts instead of egress traffic, and they can even designate a secondary sensor to take over if the primary becomes unavailable, ensuring continuous asset discovery and populating our CSAM platform with managed and unmanaged devices.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:


"Morphisec's in-memory protection is probably the most valuable feature because it stops malicious activity from occurring. If something tries to install or act as a sleeper agent, Morphisec will detect and stop it."
"All the alerts are on the dashboard, which is quite simple and useful for us. You can easily check all the alerts that are being blocked or allowed, or whatever the action is. You can easily see that and you can take the necessary actions. You can add a PowerShell extension or any activities for blocking at your network level or for endpoints."
"The simplicity of the solution, how easy it is to deploy and how small it is when deployed as an agent on a device, is probably the biggest aspect, given what it can do."
"The fact that Morphisec uses deterministic attack prevention that does not require human intervention has affected our security team's operations by making things much simpler. We don't have to really track down various alerts anymore, they've just stopped. At that point, we can go in and we can clean up whatever needs to be cleaned up. There are some things that Morphisec detects that we can't really remove, it's parts of Internet Explorer, but it's being blocked anyway. So we're happy with that."
"Morphisec is a straightforward solution that is efficient and very stable."
"We have seen it successfully block attacks that a traditional antivirus did not pick up."
"Morphisec has enabled us to become a lot less paranoid when it comes to staff clicking on things or accessing things that they shouldn't that could infect the whole system. Our original ransomware attack that happened came from someone's Google drive and then just filtered on through that. It has put our minds at ease a lot more in running it. It's also another layer of security that has been proven to be effective for us."
"What's valuable is really the whole kit and caboodle of the Morphisec agent. What it does is genius, in a way, until the bad guys get wise to it. You set it up and then you watch the dashboard. There isn't really much tinkering."
"The end-of-life and end-of-service software and hardware are some of my favorite features."


"Morphisec is a venture startup. They are still early in their growth stage. They need to get mature on their customer support and on how they interface with system tools. For example, they need to get multifactor in place and an API for the major multi-factor systems, e.g., Okta, Duo, Ping, and Microsoft. They don't have them built in yet. They are working on them. It is just not there yet. Also, their stability, customer support, and processes need improvement, which is just part of maturity."
"If anything, tech support might be their weakest link. The process of getting someone involved sometimes takes a little time. It seems to me that they should have all the data they need to let me know whether an alert is legitimate or not, but they tend to need a lot of information from me to get to the bottom of something. It usually takes a little longer than I would expect."
"I haven't been able to get the cloud deployment to work. When there's an update, I'm supposed to be able to roll it out for the cloud solution, but right now I'm continuing to use our SCCM solution to update it."
"Sometimes it generates false positive alerts. They need to continue working on that. They have provided solutions for it and have fixed issues with updated versions. The service is quite good but they need to work on it more so that there are no false positive alerts."
"It would be nice if they could integrate Morphisec with other traditional antivirus solutions beyond Microsoft Defender. That is probably my biggest gripe."
"Some of the filters for the console need improvement. There are alerts that show up and just being able to acknowledge that we've seen those and not turn them off, but dismiss them, would be a huge benefit."
"In the Windows Defender integration, they have put in a report of computers that need Windows Defender updates. If those updates could be kicked off directly from the dashboard, instead of having to go to another system entirely, that would be good."
"The weakest point of this product is how difficult it is to understand the reasons for an alert. This is a problem because it is hard to determine whether an attack is real or not."
"Qualys CyberSecurity Asset Management could be more cost-effective by offering a lower price point or integrating with existing VMDR features."

Pricing and Cost Advice

"We are still using a separate tool. I know for our 600 or I think we're actually licensed for up to 700 users, it runs me 23 or $24,000 a year. When you're talking to that many users plus servers being protected, that's well worth the investment for that dollar amount."
"It is a little bit more expensive than other security products that we use, but it does provide us good protection. So, it is a trade-off."
"Price-wise, it's on the higher side. A traditional antivirus solution is cheaper, but in terms of security and manageability, its ROI is better than a traditional antivirus. I would recommend it to anybody evaluating or considering an antivirus solution. If your system gets compromised, the cost of ransom would be a lot more. This way, it saves a lot of cost."
"The pricing is definitely fair for what it does."
"Licenses are per endpoint, and that's true for the cloud version as well. The only difference is that there is a little extra charge for the cloud version."
"It does not have multi-tenants. If South Africa wants to show only the machines that they have, they need their own cloud incidence. It is not possible to have that in a single cloud incidence with multiple tenants in it, instead you need to have multiple cloud incidences. Then, if you have that, it will be more expensive. However, they are going to change that, which is good."
"It is priced correctly for what it does. They end up doing a good deal of discounting, but I think it is priced appropriately."
"Morphisec is reasonably priced because our parent company's other subsidiaries use different products like CrowdStrike. CrowdStrike is four or five times more expensive than Morphisec. The competitive pricing saves us money in our overall security stack."
"Qualys CyberSecurity Asset Management can be expensive, especially if we already have VMDR."
Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
792,031 professionals have used our research since 2012.

Top Industries

By visitors reading reviews
Financial Services Firm
Computer Software Company
Manufacturing Company
Healthcare Company
No data available

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available

Questions from the Community

What do you like most about Morphisec Unified Threat Prevention Platform?
Morphisec's in-memory protection is probably the most valuable feature because it stops malicious activity from occurring. If something tries to install or act as a sleeper agent, Morphisec will de...
What is your experience regarding pricing and costs for Morphisec Unified Threat Prevention Platform?
Morphisec is reasonably priced because our parent company's other subsidiaries use different products like CrowdStrike. CrowdStrike is four or five times more expensive than Morphisec. The competit...
What needs improvement with Morphisec Unified Threat Prevention Platform?
We have discovered some bugs in the new releases that they've had to fix, so I would like to see more testing and QA on their side before they release.
What is your experience regarding pricing and costs for Qualys CyberSecurity Asset Management (CSAM)?
Qualys CyberSecurity Asset Management can be expensive since it is an add-on to VMDR. The cost seems to be a barrier to entry for some organizations, and a lower price point might lead to more auto...
What needs improvement with Qualys CyberSecurity Asset Management (CSAM)?
The CMDB Sync feature currently only works with ServiceNow, which is common in larger organizations. If the feature could integrate with other, more affordable CMDB options, like those used by smal...
What is your primary use case for Qualys CyberSecurity Asset Management (CSAM)?
Qualys Cybersecurity Asset Management helps us manage our technical debt by identifying end-of-life and end-of-service software and hardware within our IT infrastructure. Qualys CSAM is primarily a...

Also Known As

Morphisec, Morphisec Moving Target Defense
No data available

Learn More




Sample Customers

Lenovo/Motorola, TruGreen, Covenant Health, Citizens Medical Center
Find out what your peers are saying about Tenable, Wiz, SentinelOne and others in Vulnerability Management. Updated: July 2024.
792,031 professionals have used our research since 2012.