No more typing reviews! Try our Samantha, our new voice AI agent.

Morphisec vs WatchGuard Firebox comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Feb 15, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Sponsored
Ranking in Endpoint Detection and Response (EDR)
6th
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
114
Ranking in other categories
Endpoint Protection Platform (EPP) (4th), Extended Detection and Response (XDR) (4th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (1st)
Morphisec
Ranking in Endpoint Detection and Response (EDR)
61st
Average Rating
9.2
Reviews Sentiment
7.4
Number of Reviews
21
Ranking in other categories
Vulnerability Management (57th), Endpoint Protection Platform (EPP) (48th), Advanced Threat Protection (ATP) (30th), Cloud Workload Protection Platforms (CWPP) (35th), Threat Deception Platforms (15th)
WatchGuard Firebox
Ranking in Endpoint Detection and Response (EDR)
10th
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
140
Ranking in other categories
Data Loss Prevention (DLP) (11th), Firewalls (12th), Intrusion Detection and Prevention Software (IDPS) (4th), Anti-Malware Tools (6th), Application Control (3rd), Unified Threat Management (UTM) (3rd)
 

Mindshare comparison

As of July 2026, in the Endpoint Detection and Response (EDR) category, the mindshare of Cortex XDR by Palo Alto Networks is 3.6%, down from 3.9% compared to the previous year. The mindshare of Morphisec is 0.9%, up from 0.5% compared to the previous year. The mindshare of WatchGuard Firebox is 1.3%, up from 0.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Endpoint Detection and Response (EDR) Mindshare Distribution
ProductMindshare (%)
Cortex XDR by Palo Alto Networks3.6%
WatchGuard Firebox1.3%
Morphisec0.9%
Other94.2%
Endpoint Detection and Response (EDR)
 

Featured Reviews

ABHISHEK_SINGH - PeerSpot reviewer
Senior Process Expert at A.P. Moller - Maersk
Gained full visibility and streamlined threat detection through behavior-based insights and AI integration
Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.
Rick Schibler - PeerSpot reviewer
VP of Information Technology at Kentucky Trailer
Offers in-memory protection at a lower price than competitors
Morphisec's in-memory protection is probably the most valuable feature because it stops malicious activity from occurring. If something tries to install or act as a sleeper agent, Morphisec will detect and stop it. Morphisec's Moving Target Defense is critical to hardening our attack surface. If it detects something, it indicates whether it's valid. That means you've got a breach requiring investigation. It detects anomalies but doesn't necessarily point to what caused them. You still need to do that work. The solution is reasonably easy to administer. They made some changes last year, adding a cloud-based monitoring solution that makes deploying and monitoring our endpoints easy.
Abhishek Saini - PeerSpot reviewer
Professional Services Engineer at Next7 IT
Centralized security management has improved VPN reliability and simplified daily operations
WatchGuard Firebox is a strong and reliable platform overall, but there are a few areas where improvements could make the experience even better. One area is the user interface and navigation in some management tools. While the platform is powerful, certain configurations and troubleshooting workflows can feel less intuitive compared to some newer cloud-native firewall platforms. Another point is reporting and log analysis. Although the logging features are very useful, deeper analytics and more customizable reporting dashboards would make security monitoring much more effective. Firmware upgrades and policy synchronization can sometimes require careful planning to avoid security interruptions. Overall, the core security and VPN functionality are very solid, but improving usability, reporting, and automation would make the platform even stronger. One area that could be improved is the learning curve for new administrators. While experienced engineers can work with the platform effectively, some advanced networking and security configurations can be a bit complex for junior technicians. More guided configuration workflows, smarter recommendations, and simplified troubleshooting tools would make onboarding easier. Another improvement would be more flexible reporting customization for executive-level and client-facing reports.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"One of the things that I enjoy the most is using policy extensions. It's like having host firewalls to control USB connections. I think it's a wonderful tool to restrict use when connecting to our computers. Another important tool is Home Insights. That is an add-on to the Cortex solution. I like that because we can see all the vulnerabilities in the environment and control what assets are connected to our network."
"Automation and playbooks have helped me significantly, as Cortex Xnor's playbooks predefine the workflow of the automation, such as response processes, alert triggering, and enriching the context, efficiently detecting and blocking malicious attacks with firewalls while eliminating workload and speeding responses for next-generation operations."
"The behavior-based detection feature is valuable."
"One of the main benefits of the solution is its intelligence to correlate the events into an incident."
"On a scale from one to ten, I would rate Cortex XDR by Palo Alto Networks a nine."
"We can use Cortex XDR to get the entire graph of the incidents from source to destination, and we can take remedial action."
"Once you become familiar with it, Cortex XDR by Palo Alto Networks is a more powerful tool and I would say that I prefer it over MDE because it is a stronger tool for me."
"Traps has drastically reduced our endpoint attack surface via advanced detection capabilities, sandboxing of never before seen programs, and by drastically limiting where executables can launch in the first place."
"The biggest feature is that it hides everything from your operating system that's running in-memory from anything to try to run against it. That's the most unique thing that's on the market. There's nothing else out there that's quite like that. That's a big selling point and why we went with it. It does exactly what the design does. If you can't find it, you can't execute against it."
"Morphisec has absolutely helped save money on our security stack. The ransomware at the end of the day can cost organizations millions upon millions of dollars. Investing in tools like Morphisec is a great reduction in that cost. If I can spend $10,000 in a year to protect assets that could be ransomed for $20,000,000, that's definitely a bet that one should pursue. Morphisec absolutely it's worth the investment."
"It's simple, it's easy, and it works."
"The simplicity of the solution, how easy it is to deploy and how small it is when deployed as an agent on a device, is probably the biggest aspect, given what it can do."
"Morphisec as the last line of defense is as good as you can get."
"Since we started using Morphisec, that hasn't happened even once."
"We don't have to do anything as a user or as an admin. It does everything by default with its coding and inbuilt AI-based intelligence. We don't have to instruct it about what to do. It automatically takes corrective actions and quarantines or deletes a virus, malware, etc. That is the best part that I like about it."
"We haven't had any cybersecurity incidents on machines running Morphisec."
"The most valuable feature is the correlation of logs from different devices."
"It's user-friendly. And if you are using a WatchGuard device and you want to test that side of the software, it's quite easy to get the license to test it."
"HostWatch makes it so I can see, in real-time, activity in the event that there is something weird happening on the network. This simplifies my job."
"Firebox is 10 out of 10 at what it does."
"I find WatchGuard Firebox provides very good value, with configuration migration between boxes, more flexible traffic management, best performance, strong security layers and dependencies, protocol-oriented design, rapid deploy for remote configuration, total protection for inbound and outbound traffic with deep understanding of the traffic, powerful DNS security for both network and mobile users, SD-WAN features that manage line quality, extensive exception handling, and a rich set of integrated security services like Access Portal, Application Control, APT Blocker, Botnet Detection, DLP, Gateway AntiVirus, DNSWatch, Geolocation, IntelligentAV, IPS, Reputation Enabled Defense, spamBlocker, Threat Detection and Response, and WebBlocker."
"WatchGuard Firebox's two-factor authentication feature is particularly useful and provides an added layer of protection."
"It keeps our network secure and that's a good enough return for me."
"It has made firewall configuration really simple."
 

Cons

"The solution needs better reports. I think they should let the customer go in and customize the reports."
"The downsides of Cortex XDR by Palo Alto Networks are that in many incidents, when I enter the causality chain, there are numerous logs."
"Palo Alto Networks Cortex XDR does not detect malicious activity like in other anti-virus solutions like Trend Micro and Windows with Cisco."
"Data privacy is a matter of concern. You have to be careful with data privacy, it can be sensitive and Cortex can have most of your access."
"They are charging for Network Traffic Analyzer (NTA) services, so if the per GB data could be provided at a certain level free of cost or at the same cost which the customer is taking for the entire bundle, that would be better."
"Product might have some bugs."
"It'll help if customization was easier."
"There are some third-party solutions that are difficult to integrate with, which is something that can be improved."
"I haven't been able to get the cloud deployment to work."
"Overall, I don't know 100% if it's increasing our security posture, but it does give us a nice peace of mind."
"Right now, it's just their auto-update feature. I know they are currently working on that."
"If anything, tech support might be their weakest link."
"We have only had four attacks in the last year, "attacks" being some benign PDF from a vendor that, for some reason, were triggered. There were no actual attacks. They were just four false positives, or something lowly like adware. There have been false positives with both the on-premises solution and the cloud solution."
"The only area that really needs improvement is the reporting functionality. Gathering the detailed information that is in the system for an executive, or for me as a director, could be better. Some of the interface and reporting aspects are a little bit dated. They're working on it."
"It would be useful for them if they had some kind of network discovery."
"It would be nice if they could integrate Morphisec with other traditional antivirus solutions beyond Microsoft Defender. That is probably my biggest gripe."
"I think one area for improvement in this solution would be enhancing communication with tools like Active Directory. This would make the tool easier to integrate and effective for users."
"The reporting is a little on the weak side. I would like to see a better reporting set and easier drill-down options."
"There is room for improvement in the threat protection, data packet inspection, and performance of the solution. Generally, it's just a lower-end product. It does the job but doesn't do it very well."
"The way Secure Sign-On authentication is happening needs to be improved. When the Secure Sign-On portal is turned on, anybody who comes into the campus, whether he or she is a staff member or a guest, has to go past the initial portal. One of the shortcomings is the username. It shouldn't allow permutations or combinations with upper or lower cases. For example, when there is a username abc, it shouldn't allow ABC or Abc. It should not allow the same username, but currently, two separate people can go in. Therefore, its authentication or validation should be improved, and the case sensitiveness should be picked up. If I have restricted someone to two devices, they shouldn't be able to use different combinations of the same username and get into the third or fourth device. It shouldn't allow different combinations of alphabets to be used to log in."
"Like any other firewall, if it goes down, it's going to cause problems but these don't go down."
"WatchGuard technical support requires a license."
"The dashboard itself has an outdated appearance, just the looks of WatchGuard Firebox; it looks really outdated."
"WatchGuard Data Loss Prevention catches so little. When I've implemented it, it just can't look at the traffic in a thorough enough manner to capture as much as it should. And I find that I'm disenchanted with all data loss protection solutions I've tested and looked at."
 

Pricing and Cost Advice

"This is an expensive solution."
"I feel it is fairly priced."
"This is an expensive solution."
"It is "expensive" and flexible."
"We pay about $50,000 USD per year for a bundle that includes Cortex XDR."
"The tool's price is moderate."
"Very costly product."
"I don't recall what the cost was, but it wasn't really that expensive."
"The pricing is definitely fair for what it does."
"It is priced correctly for what it does. They end up doing a good deal of discounting, but I think it is priced appropriately."
"Licenses are per endpoint, and that's true for the cloud version as well. The only difference is that there is a little extra charge for the cloud version."
"It is a little bit more expensive than other security products that we use, but it does provide us good protection. So, it is a trade-off."
"Compared to their competitors, the price of Morphisec is not that high. You can easily deploy it on a large-scale or small-scale network."
"Morphisec is reasonably priced because our parent company's other subsidiaries use different products like CrowdStrike. CrowdStrike is four or five times more expensive than Morphisec. The competitive pricing saves us money in our overall security stack."
"It does not have multi-tenants. If South Africa wants to show only the machines that they have, they need their own cloud incidence. It is not possible to have that in a single cloud incidence with multiple tenants in it, instead you need to have multiple cloud incidences. Then, if you have that, it will be more expensive. However, they are going to change that, which is good."
"Our licensing is tied into our contract. Because we have a long-term contract, our pricing is a little bit lower. It is per year, so we don't get charged per endpoint, but we do have a cap. Our cap is 80 endpoints. If we were to go over 80, when we renewed our contract, which is not until three years are over. Then, they would reevaluate, and say, "Well, you have more than 80 devices active right now. This is going to be the price change." They know that we are installing and replacing computers, so the numbers will be all over the place depending on whether you archive or don't archive, which is the reason why we just have to keep up on that stuff."
"WatchGuard Firebox has good quality, but it is expensive."
"We had a trade-in offer at the end of our first three-year term. As a result, we pretty much got a free device by buying the three-year subscription. It was around $3,000 for the three-years."
"There is a license required to use the solution and we pay annually. The price could be reduced because it is a bit expensive."
"WatchGuard Firebox is a cheap solution."
"The licensing model for WatchGuard Application Control is based on the number of users. WatchGuard Application Control also has licensing models with several features."
"We are utilizing an MSP licensing model and are content with the minimal amount spent on the devices rather than committing to long-term licensing."
"The licensing costs are comparatively lower than other providers, and I would rate the pricing as five out of five."
"The primary reason that we went with Firebox was its cost. It is very economical and it provided us with all the security functions that we were looking for at the time. And the throughput was more than what we required, so it was a very cost-effective device to deploy on our network."
report
Use our free recommendation engine to learn which Endpoint Detection and Response (EDR) solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Construction Company
12%
Financial Services Firm
11%
Manufacturing Company
10%
Comms Service Provider
9%
Outsourcing Company
16%
Manufacturing Company
12%
Construction Company
11%
Financial Services Firm
10%
Comms Service Provider
12%
Manufacturing Company
8%
Computer Software Company
8%
Construction Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business46
Midsize Enterprise21
Large Enterprise53
By reviewers
Company SizeCount
Small Business5
Midsize Enterprise8
Large Enterprise8
By reviewers
Company SizeCount
Small Business101
Midsize Enterprise30
Large Enterprise17
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...
Ask a question
Earn 20 points
What is your primary use case for WatchGuard Firebox?
We are providing our services to all WatchGuard customers in the region.
What is your primary use case for WatchGuard Firebox?
We just use it as a secondary WiFi device. We're a small office and we needed to set up a WiFi device for a few of ou...
What is your primary use case for WatchGuard Firebox?
We're a hospital and we use it for developing our incoming and outgoing policies, and we also use it for VPN.
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
Morphisec, Morphisec Moving Target Defense
WatchGuard Threat Detection and Response, WatchGuard Application Control, WatchGuard Data Loss Prevention, WatchGuard Gateway AntiVirus, WatchGuard Intrusion Prevention Service
 

Overview

 

Sample Customers

CBI Health Group, University Honda, VakifBank
Lenovo/Motorola, TruGreen, Covenant Health, Citizens Medical Center
Ellips, Diecutstickers.com, Clarke Energy, NCR, Wrest Park, Homeslice Pizza, Fortessa Tableware Solutions, The Phoenix Residence
Find out what your peers are saying about Morphisec vs. WatchGuard Firebox and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.