Morphisec Breach Prevention Platform Reviews

We've been using Morphisec as a layered defense in our security plan. We have beefy firewalls and another antivirus; Morphisec isn't technically an antivirus. It's a protection agent. It's one of the layers of our security plan. We use it to defend ourselves from any sort of CryptoLocker attacks or ransomware drive-bys, and it should catch auto-executes that come from ads. We haven't been breached, as far as I'm aware.

We started with it on-prem and we had no complaints. It made sense. A cost analysis was done and on-premises cost less than the cloud, which is how things normally are. We used our own network so the cost was cut because they didn't have to use any of the load on their servers or network. It was all on us. But about a year ago they approached us and we were torn away from the on-premises solution. They made such a compelling cost-savings case for us to go to the cloud that it made sense to go to the cloud. We also got another service from them along with the protector, some sort of BI.

We're using it on all of our endpoints, servers and desktops that users touch. For servers that don't get touched by users, we don't have Morphisec on them because we just don't need it.

I wouldn't be doing Morphisec any favors saying, "Well I can't tell if it's working because the rest of our security posture seems to be taking care of anything else that gets through." Maybe it's not working at all. I can't tell. It would be useful to set up a virtual machine—and this is something I should bring up with our Morphisec person—and get some triggers that are actually on our dashboard so we can prove to management that Morphisec is doing what they said it was going to do. Worst case scenario, we have an infected virtual machine that I just blow away. The short answer is that we haven't seen it protect us from something yet. 

It hasn't taken anything off my plate. It's just a "gun under my pillow at night". It's something that we can tell our cyber-insurance people, "We have this, and this was used." In "Pretend-Land," where we got compromised, we can say, "We have all these layers of security and it managed to get through all of them, so we did our due diligence. Now please pay us for our losses."

What's valuable is really the whole kit and caboodle of the Morphisec agent. What it does is genius, in a way, until the bad guys get wise to it. You set it up and then you watch the dashboard. There isn't really much tinkering. As long as you did the install correctly, it should be pointing at your server and it will tell you a bunch of information on each client.

We have only had four attacks in the last year, "attacks" being some benign PDF from a vendor that, for some reason, were triggered. There were no actual attacks. They were just four false positives, or something lowly like adware. There have been false positives with both the on-premises solution and the cloud solution.

I'd rather see false positives than not seeing anything. If I see nothing then I literally cannot tell if it's working or not. But there are some false positives that are ambiguous enough to be caught.

We have been using Morphisec for about two years.

I don't look at the dashboard every day, but the on-premises solution was flawless. If the network was down between the clients and the server in our local area, we would be in trouble. But Morphisec's AWS implementation has been stable as a rock.

I believe it's scalable. I don't know what the upper limit is. Our company is a medium-sized business, with about 100 end-users and 500 employees in total. Morphisec easily holds those 100 users.

All the end-users are using the solution, meaning the solution is attempting to protect them from the silly mistakes that they make. But there are only two of us who actually look at the dashboard.

The business is growing so we do increase the number of clients. Whenever we add a new computer, we add Morphisec to it. Once we get to version 5, we'll revisit the ATP integration.

We didn't have a solution before Morphisec for this specific layer of defense, for the CryptoLocker/ransomware niche. We had an antivirus.

The demos worked great. They would open a bad file on a virtual machine and we watched the CryptoLocker being stopped in real time. It's hard to compare with that.

The initial setup was definitely straightforward. It has to go on every computer. There's a different installer for desktops versus servers. You just choose which one is which. We use PDQ Deploy, and a script that the onboarding technician helped us with, and it worked. It ran perfectly. We even have scripts for uninstalling it and installing the newer version, and Morphisec assisted us with that. It was definitely easy to do.

Before I saw the version 5 update and the notes on that, about how it's going to update automatically, I'd say the implementation was a slight pain. It wasn't a huge pain but you can't really get away from how you have to install this on all your computers. However, they actually made that process very easy, and I can do it with just a couple clicks to almost an entire organization, as long as computers are online.

Over the course of a day, it took about two hours to get the script going and select all the computers for each kind of installer. I kept running it over the course of the day because certain computers would be turned off or they were restarting. I had to do a good couple of runs of it, but it was very simple and quick.

Since there was nothing already doing what Morphisec does, on the computers, and Morphisec plays well with the current antivirus that we are using, we just installed on each computer remotely and it started working. We watched the dashboard fill right up in a matter of minutes.

We're not on the latest version but I'm actually excited for the latest version because it will do away with the manual updating process. The clients will start to update themselves. We will have to wait until one of our Morphisec representatives reaches out to us so that we can get the installer for the newest version. Version 5 is where it begins self-updating. Until now, I've had to manually update each time we wanted to do an update. The new one will mean I won't need to be worrying about updating or if the versions are out of date.

In terms of working with the solution, if Morphisec says, "Hey you're going over the number of licenses," we look to see how many are offline and we look at the versions. We look at it just to make sure that everything is going okay. We have alerts for when there's a threat. We get emailed saying, "Hey, look at this. There's a threat going on on XYZ computer."

I haven't seen ROI because I haven't seen a threat that it has protected against, exactly. If you're always wearing a bulletproof vest and you never get shot, was the vest worth it? I'd rather have it than not have it.

We looked across the rest of the security field and we spent more money on Morphisec than other solutions that do a similar thing, but the demos that we've seen were impressive enough to sway management. The technology behind it is clever enough for us to think it's cutting edge. It didn't save us money but we spent money on it because we thought it would be a good product.

The way that they explained how their solution works was more in-depth than other solutions that we were looking at. It looks cleaner. It has a good UI for the dashboard. It's not overbearing with security tabs and a lot of other stuff. It tells you, "Here's the list of all of your protectors. Here are all the threats. Here's the dashboard that gives you a little bit of everything," but not in an overwhelming way.

It sells itself, honestly. My advice to others looking into implementing Morphisec would be to use PDQ Deploy. The hardest part was getting all of the endpoints protected in a timely manner, but Morphisec assisted us with that. They suggested PDQ Deploy, which is a great tool. Implementation went so smoothly because of that.

Morphisec provides full visibility into security events from Microsoft Defender and Morphisec in one dashboard, although we're not currently utilizing that feature. We're definitely interested in it. The reason we're not using it is because you have to purchase the upgraded version of Defender for Microsoft. We thought it was the regular Defender that each one comes with, but it's actually ATP, Advanced Threat Protection. That's what integrates with Morphisec. We're just waiting for the CFO to say, "All right, who wants a bigger budget?" and we'll say, "Yes, us, please: ATP." We would do it if we could bend our CFO's arm to get that kind of protection.

We purchased Morphisec to protect our endpoints from anomalous behavior. The biggest use case would be to prevent ransomware, but also to detect other unnecessary programs running on devices. So, the use case has been endpoint protection, both for servers and endpoints, e.g., laptops and desktops.

We do a multi-layered defense in-depth. They are our primary prevention at the endpoints for anomalous behavior. I would classify it as a preventative tool, since Morphisec blocks and prevents execution. So, I would put it at the preventative layer.

We have agents on all of our endpoints and servers pointing to their cloud instance.

Morphisec makes it very easy for IT teams of any size to prevent breaches of critical systems because of the design of their tool. When we evaluated Morphisec, the CIO and I sat and listened. What attracted us to them is the fact that it stops activity at the point of detection. That saves a lot of time because now we are not investigating and trying to trace down what to turn off. We have already prevented it, which makes it very much safer and more secure.

The biggest feature is its ability to prevent. Here is the interesting thing with a tool like Morphisec. You implement it almost as an insurance policy. If it works, nothing happens. If it fails, you have bad things occurring. So far, nothing terrible has happened. It does a good job of reporting when it detects anomalous behavior so we can research it. However, the key is that we can research in a much calmer fashion, since we do not need to uninstall because it blocks the activity.

Morphisec is a venture startup. They are still early in their growth stage. They need to get mature on their customer support and on how they interface with system tools. For example, they need to get multifactor in place and an API for the major multi-factor systems, e.g., Okta, Duo, Ping, and Microsoft. They don't have them built in yet. They are working on them. It is just not there yet. Also, their stability, customer support, and processes need improvement, which is just part of maturity.

My company has been using Morphisec since mid-December of 2020.

I have been aware of Morphisec since I worked for Optiv and met one of the key sales people back in 2015 or 2016. When I was at that company, I was a consultant helping companies with their roadmaps. So, we connected there and got Morphisec introduced to Optiv, the company I was working with then, who is also a VAR. Therefore, it was getting the product in via another sales route or sales channel.

It takes less than one person to deploy and maintain the solution. So far, we have not had to do maintenance. The biggest thing that we are working with Morphisec right now on is the multi-factor interface enhancement.

We have had no issues with scalability. It's worked fine.

We have probably 10 people between our help desk, Tier 2, and executives accessing the system and using the dashboards, which has been pretty straightforward and easy to do.

In the system, our IT people research alerts. We get a daily report of all the events from the prior day. If there was a critical alert, the help desk will go out and research to see if they need to do anything with the endpoint. They have to go into the system to monitor and look at it. If we are running into an issue on a particular server and endpoint, we may go out there to see if there was any indication of an issue or if the actual agent is causing a problem. We have yet to find that the agent is causing a problem, but that is why they potentially would go out there.

It is on every endpoint, e.g., laptops, desktops, and servers, which is pretty extensive. We may expand into their incident response process and a number of other things that we can use them for, but that will be evaluated as we go into our budget cycle at the end of the year.

I would rate Morphisec technical support as eight out of 10. They have just been very responsive. They are very strong at follow-up. They won't close tickets until we tell them to. They are very much a customer service focused group. They have been very good at tech support, providing knowledge, information, etc.

Morphisec makes use of deterministic attack prevention that doesn’t require investigation of security alerts. We didn't have a protection layer prior to Morphisec, so we added it. The key is the amount of work by the team is minimal. So, it did not increase our workload. We did not have to add staff. It has been a positive benefit that way.

This solution was an additive layer that we didn't have before. So far, it has been successful in the sense that it has not caused us to add resources. So, we have been able to get layer protection without additional expense, in terms of staff. That is a good thing.

The initial setup was very straightforward. It was simple to install the agent. They provided good support. It was just a push, then it just took minutes to get the process rolling. We could monitor how well it rolled out, and they were there to support us. This was one of the easiest that we have ever done.

The deployment took a day or two in total actual work time, so we could confirm it reporting in on the dashboard. 

It probably took us a week or two to get it rolled out to all the devices because of our change control windows. 

We put it in the most conservative setting that we could for prevention. We did roll through certain applications for the logic of what not to include, but they had a pretty good baseline for what we should reference. We then just pushed the agents with some logic on the change windows. So, we did all the desktops and laptops first, then the servers. It was a pretty straightforward implementation.

Morphisec helps us save money on our security stack. We probably would have spent $100,000 more on a different solution. So, it did save us on that expense.

It is an annual subscription basis per device. For the devices that we have in scope right now, it is about $25,000 a year.

We also evaluated CrowdStrike, Cylance, and SentinelOne. CrowdStrike and Cylance were way too expensive. You could also throw in Sophos and Symantec in there. All those were too expensive and burdensome. SentinelOne was interesting. We were able to get better pricing and better access to the top people at Morphisec, and that is why we went with Morphisec.

We do not use Morphisec for antivirus at this time. We are using another tool for antivirus, but we will look at Morphisec Guard when that license is up.

Don't overthink it. Just do it. Follow the directions of Morphisec and go for it, but make sure you understand what your application stack is before you go full bore, so you don't create false positives. However, they are easy to work with in those terms.

The reality is nobody ever gets to a single pane of glass or a single dashboard. Those claims are made by vendors, even Morphisec will make it. The problem is you have so many layers in your security stack that you will never get to a single pane of glass. So, I never have that as a requirement because I know it is not attainable.

We do not have Microsoft Defender in place, but so far it is providing visibility for what it is installed on.

While I have known of the company since 2016, they are still a startup. They are still equity-backed. I don't know where they are going to end up, but right now I am confident that they have good backing and financial resources. They got a new round of funding just after the first of the year. That is always a good sign.

Biggest lesson is the amount of discipline required in our company to stay current. Morphisec highlights breakdowns that we have in process and procedure, which is a good thing, but it's highlighted to us that we need to be a little bit more disciplined.

I would rate Morphisec as nine out of 10.

We use it for ransomware protection.

It is the first product that we are using globally. Beside that, it is a good security solution. It is good for centralizing our IT, the way we think about security, people, and processes.

Morphisec Guard enables us to see at a glance whether our users have device control and disk encryption enabled properly. This is important because we are a global company operating with multiple entities. Previously, we didn't have that visibility. Now, we have visibility so we can pinpoint some locations where there are machines that are not really protected, offline, etc. It gives us visibility, which is good.

It easily prevents breaches of critical systems. It stops them before you detect them, then you don't have to delve into an attack since it was stopped.

There is no performance degradation on remote working. We work on PDIs at home without any performance degradation, which is great.

The solution provides full visibility into security events from Microsoft Defender and Morphisec in one dashboard. This is important because it is always good to have less dashboards and panes of glass. If it is all in one, then it is so easy to manage, see, and report on it. This makes the world a much easier place. We use this in our South African entity. However, at our HQ and other entities, we do not use Windows Defender. We have another antivirus or endpoint security tool, so that is not in one dashboard, though we are probably going to move to Windows Defender. The single dashboard is a factor in our consideration for moving to Microsoft Defender as well as cost.

We use Morphisec Guard for antivirus first. It offers visibility into and control over Windows 10-native device control, disk encryption, and personal firewalls. It is one of the key features for why we are using it since we are all Windows 10 users. Morphisec Guard is very important.

We wanted to have multi-tenants in their cloud platform, so every entity can look into their own systems and not see other systems in other entities. I have a beta version on that now. I would like them to incorporate that in the cloud solution.

I have been using Morphisec for a year.

It has been very stable.

There are two dedicated IT maintenance, and that's it. We also have other people who are now engaged with the implementation of Morphisec. We also train them on administration tasks, e.g., how to look at the dashboard and see if there are any problems.

Not much maintenance is required. Upgrading and pushing the upgrades to the endpoints is done by Morphisec. We only have to look to see if it works on all our machines. If not, then we contact Morphisec.

It is very scalable.

My company has multiple entities, i.e., multiple suborganizations and locations. One entity can be a location or a geographically dispersed organization.

There are about 3,000 end users who have their own endpoints. We have a large number of servers and are a logistics company. Administrators, operations staff, and clerks all do the same types of tasks.

Morphisec is used for every system in the organization. It is on every system, server, and endpoint. Everybody is using it, not actively, but they have it on their machines.

Every week. I speak with someone from Morphisec. If there is something wrong, I can immediately tell them. Then, in the next meeting, they will provide me with a solution.

Their tech support is very good, understanding, and flexible. They know exactly how to work with different people and cultures. 

Positive

There wasn't a solution like this one, previously. We only had the endpoint security, endpoint protection platforms, EDRs, XDRs, and MDRs, but they don't really have the stuff that Morphisec is doing.

Previously, we didn't investigate false positives. Our company was security immature. If something happened, we didn't investigate it deeply. We just reacted to the fact that something didn't work, then we recovered it and it worked again. Now, we are seeing less false positives using Morphisec.

Our organization is complex and the network is complex, so the initial setup was complex. There was some friction with GPO. We technically implemented it the right way, but it didn't go in automatically. They had to rewrite and recode some parts of it before it could be done automatically.

We are still deploying it. In the end, it has taken more than a year.

We started at HQ and another entity (South Africa), then we wanted to move forward to entities who were in the same network domain as the HQ. We are now in phrase three. It is a global program. We are now implementing, during phase three, in the entities who have their own network structure. 

We worked with Morphisec for deployment and implementation. We worked side by side with Morphisec for many of the problems that we encountered during implementation.

Morphisec has given our security team's operations peace of mind and more time for patching.

In the end, it saves us money on our security stack because we use a very expensive endpoint protection platform. We are planning on moving towards Office 365, then having Windows Defender integrated into that so we can save money on our endpoint protection.

We are paying per endpoint/machine. We have a two-year contract with Morphisec.

We have had some additional costs because of their cloud. We have needed to make some changes within the cloud environment of the Morphisec tooling, which have added some additional costs.

It does not have multi-tenants. If South Africa wants to show only the machines that they have, they need their own cloud incidence. It is not possible to have that in a single cloud incidence with multiple tenants in it, instead you need to have multiple cloud incidences. Then, if you have that, it will be more expensive. However, they are going to change that, which is good.

We evaluated other solutions, but they were quite expensive nor did they do what Morphisec does.

Morphisec Guard has more control than Windows 10-native security tools. For example, with Windows Defender, you can configure it, but you don't have a dashboard. Monitoring with it is a bit difficult. It is better with Morphisec Guard. However, Morphisec combines well with Windows Defender.

I am quite happy with the way they perform, providing us with information, new possibilities, and new features. My advice, "Just do it," if you are looking at implementing this solution.

Morphisec makes use of deterministic attack prevention that doesn’t require investigation of security alerts. If you want, you can deep dive into an attack, but you don't need to. In the future, we may have more security personnel and want to deep dive into an attack to see where it happened, what happened, and learn from it. Then, maybe we can have some other controls in place in other areas of our IP environments. Because of the deep dive and benefit analysis, it is good. However, we don't do that now.

The solution has added some workload because there previously wasn't a security team in place. Now, with the focus on security getting higher, the board of directors wanted to have some more security in place. One of the first tools that we bought was Morphisec, besides endpoint protection, antivirus, and firewalls. Our dedicated security tooling was Morphisec. It added focus in the company on security. Also, some people are busy with security now, besides their normal jobs. 

If we have more machines, then we will definitely increase usage. Also, Linux is now out of scope because they don't have it in their suite yet. If this is added into their suite, then we could have Linux protection as well.

Biggest lesson learnt: It is quite difficult to have an organization with a lot of complexity in their networking as well as differences in the way the network is architectured. It is always more difficult than you think. 

I would rate this solution as nine out of 10.

Morphisec is deployed to our desktops and servers, and we're running a server for it. We're switching to their cloud server and then it will be managed through that.

When I started at my company five years ago, they did not have a lot of protection in place. I ran across Morphisec at a technology show that I was at, got to really speaking with them and understanding the technology. I felt that this would be one cheaper way to help block anything from actually running in memory or execute against anything we had running in-memory on our endpoints.

We're not only using Microsoft Defender we also use Sophos. Morphisec plays well with Sophos also, which was another selling feature, because we wanted to make sure we had a traditional anti-malware and antivirus platforms also.

Prior to me starting with using it, we had infections and machines that were taken down. We have not had one machine that has been taken down due to malware now in almost four and a half years. That's huge. We have 600 machines right now that we don't have routine infections because nothing can execute.

It has definitely affected our team's productivity. 

Morphisec has reduced the amount of time we spend investigating false positives. It doesn't allow anything false to execute against anything. So if something does get triggered to an alert, it was definitely a problem that was resolved and isolated immediately. We have Morphisec as a base layer and we have Sophos as a secondary layer. Between those three tools or those three levels of security, nothing is getting run on those machines.

It has also reduced my team's workload. They're not rebuilding machines and reformatting and remediating problems as nearly what we were when we first started. We were dealing with a ton of infections. The company was much smaller then. We were 300 employees and we're at 600 now. I don't have anything to quantify that because we have grown so much and we don't have the problems as I did a couple of months ago before we put that in place.

Morphisec helps us to save money on our security stack. First and foremost it helps by preventing infections which prevents my technicians from having to re-image machines or remediate the problem itself. That rate right off the bat is savings. I cannot quantify that because I don't have a number compared from four and a half years ago to now.

The biggest feature is that it hides everything from your operating system that's running in-memory from anything to try to run against it. That's the most unique thing that's on the market. There's nothing else out there that's quite like that. That's a big selling point and why we went with it. It does exactly what the design does. If you can't find it, you can't execute against it.

Automating reports needs improvement. I would like to have better reporting capabilities within it or automated reporting to be a little bit more dynamic. That's something I know they're working on. We literally are in the process. We started the process a week and a half ago of going to their latest version, so I've not seen their latest one up and running yet.

I have been using Morphisec for about four and a half years. We're a couple of releases behind, but we're in the process of doing a cloud migration right now.

The stability is great. We don't have problems with it. We have not had a problem with it where it's gone down, not functioned or anything else in the four and a half years we've been using it.

We have not encountered any issues with scalability. We've been able to put it on whatever server we wanted with however many endpoints. We've grown from 300 to 600 since we started that process and there was no hiccup with adding additional machines or anything else.

There are about 600 users using it right now. We are a construction company. So, the roles are from admin, accounting, HR, IT, project management, field staff, supervisors, and superintendents. It's installed everywhere possible that we can as far as an endpoint.

There are two people on the infrastructure team who deal with it.

We do have plans to increase usage.

The support has been very nice. We've had zero issues. They're very helpful. They're easy to get ahold of any time we've had questions. Their deployment team is the same way.

Previously Malwarebytes was in place. I would not put it in the same category as this at all. Morphisec is a unique tool, one of the most unique ones on the market.

I had seen the demonstration. I was really impressed with what it did. My systems manager went through multiple demos, scenarios, and everything, and it really helped us out. Our rep made us 100% comfortable with the platform. So, that was really the selling part right there.

The initial setup was pretty straightforward. I had my systems manager at the time just work with them and get it loaded up with no major issues.

The initial deployment was about two and a half to three weeks because we were going across multiple machines and servers.

Our strategy was to protect our endpoints right away, which we were able to create a deployment for that to get that up and running and work on what servers we could because we could not do every server. That's a very invasive process and it took us a little bit of time to get that worked out.

We worked with Morphisec. 

I have seen ROI. The way I gauge that is the lack of tickets, the lack of machines not having to be imaged, the lack of the employees' time, which we could try to break down an hourly salary of around $40,000 a year. If they have to spend two days working on a machine versus what it costs me for that license, there is no comparison.

It is an inexpensive platform. It gives us good threat protection prevention. The cost per user is significantly less than most of the other competitive products on the market.

We are still using a separate tool. I know for our 600 or I think we're actually licensed for up to 700 users, it runs me 23 or $24,000 a year. When you're talking to that many users plus servers being protected, that's well worth the investment for that dollar amount.

There are no additional charges to the standard license.

It's very straightforward. It's basically a flat-rate model. It is a scalable model. Contract-wise, it was simple. It was a one-page document and done.

We have not delved into deterministic attack prevention. It has those tools in there. We have not delved into that because between that tool and our other tool, we really don't have any infections happening.

My advice would be to sit there and get a demo of it, understand it. I've actually spoken on their behalf before because I was a satisfied customer. It's a product that just works. You put it in place and you could forget it at that point. It protects against the unknowns.

Some of the other things were that they found stuff in a tool called CCleaner. They found a virus that was embedded in their code that they were submitting out themselves. As far as finding things and stopping things that are unknown, that's the biggest takeaway you can get from it.

They were thinking outside the box when they developed it, to put a tool like this in place that blocks the unknown, blocks things, executing against anything in-memory. 

I would rate Morphisec a ten out of ten. 

For the most part, it's an install-and-forget until it alerts. When it alerts, if a user has a script or something that runs and that tries to alter a process, a message pops up on the user's device and lets the user know, and then it shuts down the process immediately, preventing further infection.

We recently migrated to their cloud platform, which is hosted on AWS. We had on-prem servers but we're decommissioning them in the next week or so.

We've seen it work successfully in a couple of areas where it helped us stop a problem before it became a problem. A user clicked on something they shouldn't have clicked on, and it was going to do something. Morphisec will kill Internet Explorer, for instance. That's one of the most popular scenarios.

Morphisec has also reduced the amount of time we spend investigating false positives. Before we got it, it would take a couple of hours whenever we did have an alert, to identify the machine. Now it's really fast and simple because Morphisec provides a full report. We can then jump in there and see exactly what process or script kicked off the alert. We can go directly to it to see if it's legitimate or not. Usually, now, it takes a few minutes.

It helps us save money because of the reduced man-hours when it comes to hunting down something that happens. We also haven't looked at adding any other security software to our environment because we've been very happy with Morphisec.

It has also reduced workload. When I first started here, we had to remove the computers from a large section of a department to hunt down a problem. Now, it's just automatically shut down and we get an alert and we can go directly to the problem.

The killing of the processes and the alerting are the most valuable features. Where we used to have to wait for either an email to come in and say, "Hey, this has happened," or for a user to call and say, "Hey, this isn't working right," now, the moment it happens, it kicks off an alert to our Microsoft Teams and everybody on my team sees it.

Morphisec also provides full visibility into security events for Microsoft Defender and Morphisec in one dashboard. We purchased that functionality about a year ago. It's important to our organization because we are able to go to one spot to see and follow up on things, and that has been a big help. We're still trying to integrate Windows Defender so that it works with Azure, along with SCCM. If you've worked in SCCM, you know it can be a little bit confusing. When you go into SCCM, you have to do a lot of drill-downs and look for the problem. But in the single pane of glass provided by Morphisec, it's all right there at your fingertips: easy to access and easy to understand. And if you choose to go down further to know everything from the process to the hash behind it, you can.

In the Windows Defender integration, they have put in a report of computers that need Windows Defender updates. If those updates could be kicked off directly from the dashboard, instead of having to go to another system entirely, that would be good. It reports on it, but it doesn't let you take any action from there. 

Also, as opposed to when users are on the cloud where it will automatically update the correct agents when they check in, it cannot do that for a VDI client.

I've been using Morphisec for three to four years.

I've had no complaints or concerns about the stability of Morphisec.

Scalability is not an issue. The way it is designed is that it gets installed and pulls up the necessary plan from the server. Even if you shut down the server, it would stay running to push out more. You just need the licenses for it.

Our entire organization is using it, they just don't realize it. At any one time we have between 500 and 600 people using it. There are only two administrators of the solution right now. Up until now, as one of the administrators, I have done all of the maintenance, but now with the move to the cloud, Morphisec is going to handle that. My role will continue to include ensuring that clients are pushed out to the devices and to follow up on any alerts that come up.

We don't have plans to increase usage. Usage is based on the number of devices we have and we don't intend on expanding that at this time. But the goal is to have it on every desktop that exists in the hospital.

Their support has been good. The only problem is that their support lives in Israel, so the time zones are a bit off, but I've never had any complaint beyond that.

We did not have a previous solution for Zero-day protection.

The initial setup was straightforward and simple. I believe we used a command-line PDQ Deploy and pushed it out across the organization. We were licensed for 1,500 machines in the beginning, 300 servers and 1,200 machines. We didn't go to each individual one. We just pushed it out from one spot to all of them, from a list.

A typical install takes about a minute. It may take three to four minutes if it has to uninstall an old version of Morphisec. Across the organization, it took a day to roll out. We have an inventory of everything we have. Our biggest concern, at the time, was what would happen on servers. For instance, I recently pushed it out to the servers, but we left it in alert-only mode for this new version. That way, if it did alert on anything, it would not kill any necessary processes for the organization.

There are two major plans for Windows Defender, and we've chosen plan one. We haven't considered plan two yet because it was more of a cost-savings when we were looking at Microsoft. Going with Morphisec was more for the Zero-day protection that they offer.

Licenses are per endpoint, and that's true for the cloud version as well. The only difference is that there is a little extra charge for the cloud version.

The only cost, in addition to the standard licensing fees, is if you want the Windows Defender platform, the integration. That one was between $2,000 and $3,000. It's an add-on feature.

The one I remember that we looked at was Carbon Black. The reason we went with Morphisec was that it was well-reviewed at a conference by one of the members of our leadership.

It's simple, it's easy, and it works. It's a product that actually does what it says it's going to do.

The biggest lesson I've learned from using it is that there are a lot more things in your environment than you want.

Our use case is to augment our antivirus software that's on our endpoints to go in tandem with Microsoft Defender. It's also going on our Windows and Linux servers as well. 

Morphisec has helped us in our deployment strategy of endpoints and keeping a good inventory of our assets. We do that with Defender, but this is another tool to help us know what assets we have deployed, the ones that Defender doesn't always cover. 

If Defender is turned off somehow and Morphisec is on then we can investigate. Or the other way around, if Defender's on and Morphisec is not installed, we can have it installed. It does checks and balances on our deployment so we're not left with an endpoint that's unprotected.

The ability to stop attacks without having to detect or have a signature for the attack is the most valuable feature. It's just a different way of stopping attacks, by defeating it at the endpoint before any damage is done.

Morphisec provides full visibility into security events from Microsoft Defender and Morphisec in one dashboard. Defender and Morphisec are integrated. It's important because it lowers the total cost of maintenance on the engineer's time. The administrative time is dramatically reduced in maintaining the product and saves an engineer around four to five hours a week.

It's extremely easy to deploy. It functions without needing to talk to a server. It's completely silent once you've installed it. It's been really silent behind the scenes and has not conflicted with other software. It's a real set and forget.

We started in the Linux platform and we deployed to Linux. The licensing of that has been confusing between Linux licensing and Windows licensing. The overall simplicity of licensing or offering an enterprise license to cover everything and not needing to count needs improvement.

They've integrated with Defender well, but they should continue maturing that integration so that you can just check boxes with Defender installed to add Morphisec as well. There's licensing and all that, but they should try to make the implementation as easy as possible. It's easy now but they should continue down the path of making it as easy as possible.

I have been using Morphisec for two and a half years with a POC before that. 

From what we've seen it's stable as it can be. If there's such a thing as 100% availability, it's there. I think the architecture of it being deployed and standalone for all desk purposes makes it super stable. The biggest concern was conflicting with the applications on the desktop, and we had not seen that at all. It's been very reliable. We haven't been on the cloud version for very long, but so far it's been very reliable.

It should scale without an issue. It's about the deployment strategy and getting it deployed. Once you have a good deployment strategy, then it can scale to hundreds of thousands of endpoints, if you have them.

We are protecting around 3,000 endpoints. Then when we're all finished, there'll be about five to 6,000.

There is no upgrade that we know of yet, so we're on the latest version. I would anticipate once a year that we would have an upgrade to the endpoints. And it would probably take 10 to 20 hours of information security engineer's time to make that happen.

Their technical support is very good, responsive, and has good follow-through on open tickets. We don't have any issues with them.

The initial setup was relatively straightforward. We first installed Morphisec before they had their cloud server, which was a little bit more complicated. But now we've converted to their cloud server, which has made it much, much easier. You don't have the burden of setting up a server and getting the missing libraries and all the issues of setting up a server. Now with the cloud, it's simple.

It took us three weeks to set up with the server.

We did a proof of concept first, and then we tested it to make sure it would catch known malware with no antivirus on the endpoint. Then we started the deployment strategy and our deployment strategy was laptops first, then virtual desktops, and then servers.

We worked with Morphisec and our own engineers for the deployment.

We had a very good experience with their engineers. They were very knowledgeable about the Microsoft stack, easy to work with, and responsive.

Our ROI is having another level of control. I can't yet identify breaches that Morphisec stopped directly, but it'll pay for itself once it does that. It's really the extra layer of control that we didn't have before.

We've gone through several iterations over renewals. I think it's reasonably priced. I wouldn't say it's cheap, but I also wouldn't say that it's over-the-top pricing. An enterprise agreement would be nice so we don't have to try to count or get an estimate of the number of endpoints. If we go through growth and add 500 laptops, I don't want to have to go back and change our licensing to add that capacity. I'd rather just have that built into the contract.

We haven't seen any additional costs to the standard licensing. 

The options we looked at were more in the antivirus space. Morphisec as a product does not have direct competitors because of its unique architecture. There are other advanced endpoint protections that I looked at, but this one was by far the most unique architecture. It has a unique way of adding another layer of controls on the endpoints.

Morphisec hasn't added to my team's workload. It hasn't reduced it, but it hasn't added to it.

I didn't buy it to save us money. I bought it to add another level of control at the endpoint beyond antivirus. So it's really adding another layer of defense.

My advice would be to understand how Morphisec works from the Bad Actor's perspective, on how a Bad Actor or malware can compromise Windows or Linux. Morphisec gets to the root of those compromises. Rather than trying to detect the compromise, a design in the operating system issues and defeating those there or rather than trying to respond to changes in malware, they're defeating it right at the exploit level.

I'm part of Morphisec's sales team half the time when I'm trying to educate other IT leaders, my peers, or other CISOs on how it's actually working because it takes a little while to understand it. So my advice would be to really try to ask questions about how the architecture works. Because it doesn't really work like another AV. It works much differently than other endpoint protectors.

I would rate Morphisec a nine out of ten. 

We purchased Morphisec primarily to help mitigate and protect us against Ryuk ransomware back in December when that was running really rampant. The antivirus that we were using at that point was outdated. We were looking to move to a new vendor, and we needed something as a stopgap to supplement our current antivirus. Morphisec fit that bill perfectly. It had features that our antivirus did not. It had an immediate deployment and immediate return on investment that we just would not be able to get if we were to turn around and try to deploy a full-blown antivirus across the entire environment. Morphisec was quick, simple, and did not conflict with anything that we already had. It also did not cause any additional delays in our virtualized environment, which was a huge concern for our infrastructure team. It just fit perfectly.

We've detected things that our antivirus was not picking up. We had no visibility or control over anything that was running in process memory. Morphisec immediately started blocking things that should not have been running in process memory. It also gave us visibility into the Windows Defender antivirus that we did not have without increasing our Microsoft licensing and gave us some basic control over Defender as well. We previously used McAfee.

The fact that Morphisec uses deterministic attack prevention that does not require human intervention has affected our security team's operations by making things much simpler. We don't have to really track down various alerts anymore, they've just stopped. At that point, we can go in and we can clean up whatever needs to be cleaned up. There are some things that Morphisec detects that we can't really remove, it's parts of Internet Explorer, but it's being blocked anyway. So we're happy with that.

It's very important to us that it offers visibility into and control over Windows 10, native device control, disc encryption, and personal firewall. We're actually in the process now of deploying the control over the firewall so that we can consolidate to a single pane of glass for our antivirus and controls. It will help us through leveraging group policy, which can fail, especially if the machine drops off of the domain, we have a significantly larger remote than we did a year ago. We have machines that don't necessarily get the policies they need to get when they need to get them. Morphisec fixed that.

The level of control from Morphisec Guard compared to Windows 10 Native Security tools is a bit more basic than the Windows 10 Native Controls. You basically enable the firewall or you disable it, based on the various profiles. I have not yet seen a way to create exceptions in the firewall or rules and things like that but those can be pushed through group policy, regardless. As long as the firewall is enabled, it's functioning and it's doing better than if there was no policy applied at all.

Morphisec Guard enabled us to see at a glance whether our users have device control and disk encryption enabled properly. It is especially important with our remote workforce. Disc encryption is an absolute must. And the device control, USB devices, is also an absolute must.

It has reduced the amount of time we spend investigating false positives. It reduced our amount of chasing antivirus alerts by about 80% a week.

Our team's overall workload has also been reduced by about 30% on a weekly basis of our workload, we would spend a lot of time tracking alerts.

It has enabled us to take Morphisec and leverage one product where we would have had to have had at least two previously. I don't really have numbers for what that would look like. We didn't really investigate too many other vendors in that space, but it's probably at least 50% savings over what we would have needed. So it has helped us to save money on our security stack.

Some of the filters for the console need improvement. There are alerts that show up and just being able to acknowledge that we've seen those and not turn them off, but dismiss them, would be a huge benefit.

We've been using Morphisec for about six months now. It is installed on our endpoints and servers. We have a SaaS version of the console.

I've had 100% availability anytime I've needed to go look. I have not had any issues in any of our environments with the agents.

Scalability is very easy. We can just call and say that we need more licenses and they give us more licenses and we can push that agent out. It's the same executable file we have on our file shares. We just expand however many we need, to as large as we want to go.

We have about 8,000 endpoints, 2,500 servers, and 4,000 virtualized desktops.

Our next step would be to purchase the Linux agent and get that on the few Linux servers and appliances that we have.

The technical support has been fantastic. Any feature requests I've had, any issues I've run into, which have been very minimal, they've had an immediate response. Turnaround for feature requests is really, really fast. I've seen it within the next update which they do monthly. They provide great technical support. 

We looked at Bitdefender, Trend Micro, and Microsoft Defender. We are still using Microsoft Defender in conjunction with Morphisec in a small pilot group. We're still evaluating where we want to go for a true antivirus solution. So, we still have a small deployment of Defender.

Deployment was the biggest difference between Morphisec and the other solutions. It was far simpler to deploy Morphisec without having to remove another antivirus, without having to make a large-scale project, or look for compatibility. It works on all supported operating systems. It works in conjunction with other antiviruses. We didn't have to create exceptions and there were no conflicts with the antivirus we were running and Morphisec. So that really helped us make that decision, purchase this, roll it out, and have it supplement our existing technologies. And it gave us an almost immediate return on investment.

The initial setup was very straightforward. We deployed it via group policy. We had it deployed across the entire environment in about three days.

There are no additional costs to standard licensing. We've had full support. I get biweekly calls with my technical account manager and we purchased the licenses for everything we needed for a single cost.

If you have the ability to get Morphisec into their environment, it's going to be a hundred percent return on investment. I would recommend it every time.

If you can, get it and run with it, because it's great. It's been eye-opening, the things that other antiviruses were missing, and we've seen it protect against zero days. We've seen it protect against ransomware that other antiviruses have not even seen.

I would rate Morphisec a ten out of ten. 

We have multiple endpoint protection solutions, and Morphisec adds another layer of protection. I'm also part of a mid-market enterprise forum, which is how I was introduced to Morphisec. Morphisec is a little different. It is an in-memory protection solution that doesn't depend on ransomware signatures. It detects malicious activity at the start, regardless of whether there's a variant of it. It provides better protection in that regard than some other competitors.

It's primarily on-premises. All of our Windows-based endpoints are protected, including workstations, laptops, servers, etc. We use the cloud-based communications agent to deploy updates to the Protector.

Morphisec has stopped some attacks we've seen. Most of our security problems are caused by our end-users. While our network is well protected, we're still exposed to attacks when someone clicks on a phishing link from their personal email on their work device. That happened to some of our senior staff. 

It hasn't happened this year, but we had two attacks last year, and Morphisec stopped those before they did any damage. It's proactive, so it preserves our environment. Some of the attacks that happened could have disrupted our business if they had gotten through. The purpose of Morphisec is to avoid disruptions in the business, so it has done what it's supposed to do. We haven't had any impact on our revenue stream.

We faced potential ransomware attacks after we made an acquisition. Even though the company we acquired was segmented, they had two possible ransomware attacks that were averted. We haven't had any problems since we put Morphisec in place. 

We're in the process of hardening our attack surface. We recently underwent exhaustive internal and external pen testing, and we're doing a lot of remediation. We also went through an extensive security risk assessment by a third party. We graded pretty well on the external pen test, but we still have work to do internally.  

The pen testers told us they could stop the communications service but not the Protector service internally, which we addressed with Morphisec. It's protecting us, but it might block communication to the portal, alerting us if there's an issue. That is by design, but we're working with them now, and they are hardening that service, so it can't be stopped.

Morphisec helps close the security gap of device memory at runtime, improving our security posture. It hasn't reduced the time we've spent investigating false alarms. If anything, it has probably increased the time. You still need to investigate alerts to see if they're genuinely damaging. It hasn't reduced our workload because we need to investigate alerts, and we get several each week. The majority of our alerts are false positives. If there are level fours or fives, we do a lot more. Those are the more malicious ones that are not false positives.

Morphisec's in-memory protection is probably the most valuable feature because it stops malicious activity from occurring. If something tries to install or act as a sleeper agent, Morphisec will detect and stop it. 

Morphisec's Moving Target Defense is critical to hardening our attack surface. If it detects something, it indicates whether it's valid. That means you've got a breach requiring investigation. It detects anomalies but doesn't necessarily point to what caused them. You still need to do that work.

The solution is reasonably easy to administer. They made some changes last year, adding a cloud-based monitoring solution that makes deploying and monitoring our endpoints easy.

We have discovered some bugs in the new releases that they've had to fix, so I would like to see more testing and QA on their side before they release.

We've been using Morphisec since April 2020.

Morphisec is highly stable. We haven't had any major issues with it.

I rate Morphisec support eight out of 10. It depends on the issue, but they're pretty good overall.

Positive

I don't think the initial setup was too tricky, and we've started deploying a cloud-based monitoring solution, making it much more manageable. It offers some advantages. For example, sometimes, an endpoint that wasn't on our networks will be attacked. With the on-prem version, we wouldn't get notified if they dialed in via a VPN because the agent isn't on that computer. The cloud-based monitoring tool only requires an internet connection. 

The deployment is quick with the cloud-based tool because it has a built-in deployment agent. You can push those out. I wouldn't say it's via GPO; it's through their own agent.

We've seen a return on our investment. Morphisec has been worth it, considering the price of competing solutions. 

Morphisec is reasonably priced because our parent company's other subsidiaries use different products like CrowdStrike. CrowdStrike is four or five times more expensive than Morphisec. The competitive pricing saves us money in our overall security stack.

We didn't evaluate anything else at the time because I have a good relationship with the mid-market enterprise forum, and many of my peers used Morphisec. I knew it was a different type of technology than some competitors. It was unique and geared toward the mid-market.

I rate Morphisec Breach Prevention Platform nine out of 10. It has some unique features compared to competing products that offer in-memory protection. At the same time, Morphisec is relatively new to the market space. CrowdStrike offers incident monitoring services, whereas Morphisec is only starting to do that. If you need a 24/7 managed detection response, other players have it, but Morphisec is beginning to do it.