No more typing reviews! Try our Samantha, our new voice AI agent.

Morphisec vs Sophos Endpoint comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 19, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Sponsored
Ranking in Endpoint Protection Platform (EPP)
4th
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
114
Ranking in other categories
Endpoint Detection and Response (EDR) (6th), Extended Detection and Response (XDR) (4th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (1st)
Morphisec
Ranking in Endpoint Protection Platform (EPP)
48th
Average Rating
9.2
Reviews Sentiment
7.4
Number of Reviews
21
Ranking in other categories
Vulnerability Management (57th), Advanced Threat Protection (ATP) (30th), Endpoint Detection and Response (EDR) (61st), Cloud Workload Protection Platforms (CWPP) (35th), Threat Deception Platforms (15th)
Sophos Endpoint
Ranking in Endpoint Protection Platform (EPP)
19th
Average Rating
8.2
Reviews Sentiment
7.4
Number of Reviews
64
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2026, in the Endpoint Protection Platform (EPP) category, the mindshare of Cortex XDR by Palo Alto Networks is 3.8%, up from 3.7% compared to the previous year. The mindshare of Morphisec is 1.0%, up from 0.4% compared to the previous year. The mindshare of Sophos Endpoint is 1.4%, up from 0.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Endpoint Protection Platform (EPP) Mindshare Distribution
ProductMindshare (%)
Cortex XDR by Palo Alto Networks3.8%
Sophos Endpoint1.4%
Morphisec1.0%
Other93.8%
Endpoint Protection Platform (EPP)
 

Featured Reviews

ABHISHEK_SINGH - PeerSpot reviewer
Senior Process Expert at A.P. Moller - Maersk
Gained full visibility and streamlined threat detection through behavior-based insights and AI integration
Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.
Rick Schibler - PeerSpot reviewer
VP of Information Technology at Kentucky Trailer
Offers in-memory protection at a lower price than competitors
Morphisec's in-memory protection is probably the most valuable feature because it stops malicious activity from occurring. If something tries to install or act as a sleeper agent, Morphisec will detect and stop it. Morphisec's Moving Target Defense is critical to hardening our attack surface. If it detects something, it indicates whether it's valid. That means you've got a breach requiring investigation. It detects anomalies but doesn't necessarily point to what caused them. You still need to do that work. The solution is reasonably easy to administer. They made some changes last year, adding a cloud-based monitoring solution that makes deploying and monitoring our endpoints easy.
Ashutosh Jha - PeerSpot reviewer
Project Engineer at IT Solution
Endpoint protection has strengthened malware defense and simplifies web and peripheral control
I would give Sophos Endpoint a rating of nine out of ten because it is working very well. I have cut one point because it has no solution for on-premises. Additionally, it has no solution for any Linux-based system endpoints. I have to install the server protection on Linux machines, which is why I am cutting one point for Sophos Endpoint. Sophos Endpoint should include the Linux endpoint agent and should provide a solution for Linux endpoints as well, because the server license is costly and nobody wants to use the server license on an endpoint machine. Sophos Endpoint should have a Linux endpoint independent agent as well.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It's very stable. I've never experienced downtime for the ASM console or ASM core."
"If you are looking to deploy a security solution as a whole, this is a good option."
"We've had a significant increase in blocking with a decrease in false positives, because it's looking at how the files work, not just a list of files that it's been told to look for."
"We can use Cortex XDR to get the entire graph of the incidents from source to destination, and we can take remedial action."
"If any application performs suspicious activities, such as changing registries or modifying other applications, Cortex XDR detects and blocks the entire application."
"The ability to kind of stitch everything together and see the actual complete picture is very useful. I guess you'd call it a playbook. Some people call it the forensics analysis of what was happening on particular endpoints when they detected some malicious behavior, and what transpired before that to cause that. It is also very user friendly. The way they have done everything and integrated all the solutions that they've purchased over the years to make it a very seamless, effective product is very good. One thing about Palo Alto is that they take the products or services that they purchase and make them seamless for the end user as compared to some companies that purchase other companies and then just kind of have their products off to the side or keep different interfaces. Palo Alto doesn't do that."
"One of the things that I enjoy the most is using policy extensions. It's like having host firewalls to control USB connections. I think it's a wonderful tool to restrict use when connecting to our computers. Another important tool is Home Insights. That is an add-on to the Cortex solution. I like that because we can see all the vulnerabilities in the environment and control what assets are connected to our network."
"Cortex XDR's most valuable feature is its intelligence-based dashboards."
"In a month, we are saving the effort of four to five days, and earlier we used to have a dedicated person and now we don't need a dedicated resource, which has reduced our security spending and we are saving approximately $600 a month."
"We have seen it successfully block attacks that a traditional antivirus did not pick up."
"It's simple, it's easy, and it works."
"Morphisec makes it very easy for IT teams of any size to prevent breaches of critical systems because of the design of their tool."
"Since using Morphisec we have seen a downturn in attacks because Morphisec protects us versus Defenders and whatnot that are signature-based. I know we have not had any issues with ransomware or other zero-day attacks that we've seen with machines that, all of a sudden, have become before we instituted the product. Now the machine had to be re-imaged and there was a loss of data because something was on the machine. You couldn't really determine what was on the machine because nothing was picking it up. The products we were using weren't picking it up."
"The fact that Morphisec uses deterministic attack prevention that does not require human intervention has affected our security team's operations by making things much simpler. We don't have to really track down various alerts anymore, they've just stopped. At that point, we can go in and we can clean up whatever needs to be cleaned up. There are some things that Morphisec detects that we can't really remove, it's parts of Internet Explorer, but it's being blocked anyway. So we're happy with that."
"We haven't had any cybersecurity incidents on machines running Morphisec."
"Morphisec's in-memory protection is probably the most valuable feature because it stops malicious activity from occurring. If something tries to install or act as a sleeper agent, Morphisec will detect and stop it."
"The product is stable."
"The most valuable feature is data loss prevention."
"We were concerned about the threat posed by malware. The product's effectiveness in addressing this threat and capturing it within the network has been quite helpful."
"The central management console is valuable, as it consolidates everything into one place, allowing users to access logs and events without visiting multiple websites or consoles."
"Really I could give it a nine because I can recommend the product as an excellent solution."
"It's a stable product, and so far I haven't had any issues from an endpoint perspective with it blocking something that I'm trying to use or anything of that sort."
"Sophos EPP Suite is a powerful antivirus."
"The cloud management is great."
 

Cons

"The solution should add unwanted malicious hash values to a block list so that whenever the action is triggered, it will automatically prevent the malicious content."
"Product might have some bugs."
"It is not easy to sell Cortex XDR, not because it isn't a good tool. Its marketing needs to be improved."
"It'll help if customization was easier."
"We would also like to have advanced tech protection and email scanning."
"Cortex XDR by Palo Alto Networks could improve its user interface, which is more complicated compared to competitors such as SentinelOne."
"It's more focused on network communication. If a customer wants to increase the level of protection and start working with documents, it's impossible to integrate these features into the system. It's more of a communication-oriented system than a content security-oriented system."
"For Cortex XDR by Palo Alto Networks, if I had to point out improvements, I would say the UI is still somewhat difficult for beginners."
"It would be useful for them if they had some kind of network discovery. That kind of functionality I think would give IT administrators a little bit more confidence that they have 100 percent coverage, and it gives them something to audit against. Network discovery would be one area I would definitely suggest that they put some effort into."
"The weakest point of this product is how difficult it is to understand the reasons for an alert. This is a problem because it is hard to determine whether an attack is real or not."
"We wanted to have multi-tenants in their cloud platform, so every entity can look into their own systems and not see other systems in other entities. I have a beta version on that now. I would like them to incorporate that in the cloud solution."
"Automating reports needs improvement. I would like to have better reporting capabilities within it or automated reporting to be a little bit more dynamic. That's something I know they're working on. We literally are in the process. We started the process a week and a half ago of going to their latest version, so I've not seen their latest one up and running yet."
"We have discovered some bugs in the new releases that they've had to fix, so I would like to see more testing and QA on their side before they release."
"Morphisec is a venture startup. They are still early in their growth stage. They need to get mature on their customer support and on how they interface with system tools. For example, they need to get multifactor in place and an API for the major multi-factor systems, e.g., Okta, Duo, Ping, and Microsoft. They don't have them built in yet. They are working on them. It is just not there yet. Also, their stability, customer support, and processes need improvement, which is just part of maturity."
"We have only had four attacks in the last year, "attacks" being some benign PDF from a vendor that, for some reason, were triggered. There were no actual attacks. They were just four false positives, or something lowly like adware. There have been false positives with both the on-premises solution and the cloud solution."
"It would be useful for them if they had some kind of network discovery."
"It would be ideal if the price could be lowered a little bit."
"The solution isn't quite accurate enough. It provides a lot of false positives."
"Scalability is a bit limited. There are times you are supposed to open up the APIs for other vendors or developers to plug in their product information; however, currently, Sophos integrates well only with its own products."
"I am pretty much sure Sophos does not have this kind of policy available."
"The product is not secured and doesn't offer a fast connection."
"The solution is not easy to use in comparison to other endpoint security solutions."
"The support could be improved. The response times are slow."
"The solution has a strange technical support process where you need to move through all of these tiers before you can get to someone who can help you. They should streamline the process and make it easier to speak to the correct level of support from the outset."
 

Pricing and Cost Advice

"Traps pays for itself within the first 16 months of a three-year subscription. This is attributed to OPEX savings, as security teams spent less time trying to identify and isolate malware for analysis as a result of a reduction in malware incidents, false positives, and breach avoidance."
"The price was fine."
"I don't recall what the cost was, but it wasn't really that expensive."
"Its pricing is kind of in line with its competitors and everybody else out there."
"We didn't have to pay any additional fee for the cloud instance. It just came with the renewal, which was nice."
"It's way too expensive, but security is expensive. You pay for your licensing, and then you pay for someone to monitor the stuff."
"We pay about $50,000 USD per year for a bundle that includes Cortex XDR."
"The solution is expensive. It's pricing is on a yearly-basis."
"Price-wise, it's on the higher side. A traditional antivirus solution is cheaper, but in terms of security and manageability, its ROI is better than a traditional antivirus. I would recommend it to anybody evaluating or considering an antivirus solution. If your system gets compromised, the cost of ransom would be a lot more. This way, it saves a lot of cost."
"It does not have multi-tenants. If South Africa wants to show only the machines that they have, they need their own cloud incidence. It is not possible to have that in a single cloud incidence with multiple tenants in it, instead you need to have multiple cloud incidences. Then, if you have that, it will be more expensive. However, they are going to change that, which is good."
"We are still using a separate tool. I know for our 600 or I think we're actually licensed for up to 700 users, it runs me 23 or $24,000 a year. When you're talking to that many users plus servers being protected, that's well worth the investment for that dollar amount."
"It is priced correctly for what it does. They end up doing a good deal of discounting, but I think it is priced appropriately."
"It is a little bit more expensive than other security products that we use, but it does provide us good protection. So, it is a trade-off."
"Licenses are per endpoint, and that's true for the cloud version as well. The only difference is that there is a little extra charge for the cloud version."
"Compared to their competitors, the price of Morphisec is not that high. You can easily deploy it on a large-scale or small-scale network."
"Our licensing is tied into our contract. Because we have a long-term contract, our pricing is a little bit lower. It is per year, so we don't get charged per endpoint, but we do have a cap. Our cap is 80 endpoints. If we were to go over 80, when we renewed our contract, which is not until three years are over. Then, they would reevaluate, and say, "Well, you have more than 80 devices active right now. This is going to be the price change." They know that we are installing and replacing computers, so the numbers will be all over the place depending on whether you archive or don't archive, which is the reason why we just have to keep up on that stuff."
"The price of Sophos EPP Suite is reasonable."
"Willing to discount when you are switching from another product. Upgrading services will end up costing more, as expected."
"The solution for an enterprise license costs around 13 million Philippine pesos."
"The solution's cost is reasonable."
"Pricing could always be lower. It costs around $120 per seat per year."
"Sophos is cheaper than some competing products."
"If you compare this to other solutions from a pricing perspective, the enterprise version of Sophos turns out to be cost-effective."
"I would rate the price seven out of ten, for its cost-effectiveness."
report
Use our free recommendation engine to learn which Endpoint Protection Platform (EPP) solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Construction Company
12%
Financial Services Firm
11%
Manufacturing Company
10%
Comms Service Provider
9%
Outsourcing Company
16%
Manufacturing Company
12%
Construction Company
11%
Financial Services Firm
10%
Manufacturing Company
11%
Financial Services Firm
10%
Construction Company
8%
Outsourcing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business46
Midsize Enterprise21
Large Enterprise53
By reviewers
Company SizeCount
Small Business5
Midsize Enterprise8
Large Enterprise8
By reviewers
Company SizeCount
Small Business46
Midsize Enterprise7
Large Enterprise14
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...
Ask a question
Earn 20 points
What is your experience regarding pricing and costs for Sophos EPP Suite?
The setup cost is good and licensing is good. The pricing is slightly increased, but it is good because Sophos Endpoi...
What needs improvement with Sophos EPP Suite?
For endpoint protection, I do not see many weaknesses. The weakest point from Sophos is that in many cases, it is not...
What is your primary use case for Sophos EPP Suite?
I am conducting an information search to understand what other firewall solutions are doing rather than looking for a...
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
Morphisec, Morphisec Moving Target Defense
EPP Suite
 

Overview

 

Sample Customers

CBI Health Group, University Honda, VakifBank
Lenovo/Motorola, TruGreen, Covenant Health, Citizens Medical Center
EK Services
Find out what your peers are saying about Morphisec vs. Sophos Endpoint and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.