Morphisec Reviews

We use it for ransomware protection.

It is the first product that we are using globally. Beside that, it is a good security solution. It is good for centralizing our IT, the way we think about security, people, and processes.

Morphisec Guard enables us to see at a glance whether our users have device control and disk encryption enabled properly. This is important because we are a global company operating with multiple entities. Previously, we didn't have that visibility. Now, we have visibility so we can pinpoint some locations where there are machines that are not really protected, offline, etc. It gives us visibility, which is good.

It easily prevents breaches of critical systems. It stops them before you detect them, then you don't have to delve into an attack since it was stopped.

There is no performance degradation on remote working. We work on PDIs at home without any performance degradation, which is great.

The solution provides full visibility into security events from Microsoft Defender and Morphisec in one dashboard. This is important because it is always good to have less dashboards and panes of glass. If it is all in one, then it is so easy to manage, see, and report on it. This makes the world a much easier place. We use this in our South African entity. However, at our HQ and other entities, we do not use Windows Defender. We have another antivirus or endpoint security tool, so that is not in one dashboard, though we are probably going to move to Windows Defender. The single dashboard is a factor in our consideration for moving to Microsoft Defender as well as cost.

We use Morphisec Guard for antivirus first. It offers visibility into and control over Windows 10-native device control, disk encryption, and personal firewalls. It is one of the key features for why we are using it since we are all Windows 10 users. Morphisec Guard is very important.

We wanted to have multi-tenants in their cloud platform, so every entity can look into their own systems and not see other systems in other entities. I have a beta version on that now. I would like them to incorporate that in the cloud solution.

I have been using Morphisec for a year.

It has been very stable.

There are two dedicated IT maintenance, and that's it. We also have other people who are now engaged with the implementation of Morphisec. We also train them on administration tasks, e.g., how to look at the dashboard and see if there are any problems.

Not much maintenance is required. Upgrading and pushing the upgrades to the endpoints is done by Morphisec. We only have to look to see if it works on all our machines. If not, then we contact Morphisec.

It is very scalable.

My company has multiple entities, i.e., multiple suborganizations and locations. One entity can be a location or a geographically dispersed organization.

There are about 3,000 end users who have their own endpoints. We have a large number of servers and are a logistics company. Administrators, operations staff, and clerks all do the same types of tasks.

Morphisec is used for every system in the organization. It is on every system, server, and endpoint. Everybody is using it, not actively, but they have it on their machines.

Every week. I speak with someone from Morphisec. If there is something wrong, I can immediately tell them. Then, in the next meeting, they will provide me with a solution.

Their tech support is very good, understanding, and flexible. They know exactly how to work with different people and cultures. 

Positive

There wasn't a solution like this one, previously. We only had the endpoint security, endpoint protection platforms, EDRs, XDRs, and MDRs, but they don't really have the stuff that Morphisec is doing.

Previously, we didn't investigate false positives. Our company was security immature. If something happened, we didn't investigate it deeply. We just reacted to the fact that something didn't work, then we recovered it and it worked again. Now, we are seeing less false positives using Morphisec.

Our organization is complex and the network is complex, so the initial setup was complex. There was some friction with GPO. We technically implemented it the right way, but it didn't go in automatically. They had to rewrite and recode some parts of it before it could be done automatically.

We are still deploying it. In the end, it has taken more than a year.

We started at HQ and another entity (South Africa), then we wanted to move forward to entities who were in the same network domain as the HQ. We are now in phrase three. It is a global program. We are now implementing, during phase three, in the entities who have their own network structure. 

We worked with Morphisec for deployment and implementation. We worked side by side with Morphisec for many of the problems that we encountered during implementation.

Morphisec has given our security team's operations peace of mind and more time for patching.

In the end, it saves us money on our security stack because we use a very expensive endpoint protection platform. We are planning on moving towards Office 365, then having Windows Defender integrated into that so we can save money on our endpoint protection.

We are paying per endpoint/machine. We have a two-year contract with Morphisec.

We have had some additional costs because of their cloud. We have needed to make some changes within the cloud environment of the Morphisec tooling, which have added some additional costs.

It does not have multi-tenants. If South Africa wants to show only the machines that they have, they need their own cloud incidence. It is not possible to have that in a single cloud incidence with multiple tenants in it, instead you need to have multiple cloud incidences. Then, if you have that, it will be more expensive. However, they are going to change that, which is good.

We evaluated other solutions, but they were quite expensive nor did they do what Morphisec does.

Morphisec Guard has more control than Windows 10-native security tools. For example, with Windows Defender, you can configure it, but you don't have a dashboard. Monitoring with it is a bit difficult. It is better with Morphisec Guard. However, Morphisec combines well with Windows Defender.

I am quite happy with the way they perform, providing us with information, new possibilities, and new features. My advice, "Just do it," if you are looking at implementing this solution.

Morphisec makes use of deterministic attack prevention that doesn’t require investigation of security alerts. If you want, you can deep dive into an attack, but you don't need to. In the future, we may have more security personnel and want to deep dive into an attack to see where it happened, what happened, and learn from it. Then, maybe we can have some other controls in place in other areas of our IP environments. Because of the deep dive and benefit analysis, it is good. However, we don't do that now.

The solution has added some workload because there previously wasn't a security team in place. Now, with the focus on security getting higher, the board of directors wanted to have some more security in place. One of the first tools that we bought was Morphisec, besides endpoint protection, antivirus, and firewalls. Our dedicated security tooling was Morphisec. It added focus in the company on security. Also, some people are busy with security now, besides their normal jobs. 

If we have more machines, then we will definitely increase usage. Also, Linux is now out of scope because they don't have it in their suite yet. If this is added into their suite, then we could have Linux protection as well.

Biggest lesson learnt: It is quite difficult to have an organization with a lot of complexity in their networking as well as differences in the way the network is architectured. It is always more difficult than you think. 

I would rate this solution as nine out of 10.

Our primary use case is to protect against ransomware.

We had been hit by ransomware and a couple of our servers went down as a result and some staff computers were affected. We locked everything down very quickly. We were able to restore everything and we didn't lose any data. It took us about eight man-hours to restore the servers, restore services, and get everything back up and running, but it could have been a lot worse than it was. So we looked for a solution that bridged the gap because we have antivirus, we use Microsoft ATP and some other network security measures, but none of them caught it.

We were looking for something that we could layer with security, like what we had preexisting. It turns out it works and integrates very well with Microsoft solutions as well. It bridges that little gap of memory protection that we were looking for to help prevent further ransomware attacks and things like that.

Morphisec has enabled us to become a lot less paranoid when it comes to staff clicking on things or accessing things that they shouldn't that could infect the whole system. Our original ransomware attack that happened came from someone's Google drive and then just filtered on through that. It has put our minds at ease a lot more in running it. It's also another layer of security that has been proven to be effective for us.

It makes use of deterministic attack prevention that requires the investigation of security alerts. We can always see those and investigate further. It is pretty self-contained and automated. We have not had to really go in to investigate really.

This has made our security team's operations a lot easier. Ransomware has been the biggest threat for us. Of course, we get little attacks here and there on other threat vectors, viruses, and other malware that we have to go in and disinfect. But ransomware has not been an issue and we've even gone through and run a couple of simulated tests for ransomware from other companies. None of them have been successful like Morphisec. It just stopped it dead in its track and it was not able to do anything.

Morphisec has reduced the amount of time we spend investigating false positives. I would say by about 5% to 10%. That typically is how many ransomware-type attacks that we see. It's a low number but it's a very destructive number.

Our team's overall workload has also been reduced by about 5% to 10%. That's just for normal detection, looking for these threats, and trying to find out what it is.

Now, if we were to be infected again, it would then be reduced by a lot, just because depending on how far the infection gets, how many man-hours that would be, we know that would be very significant. We've only been hit once in the past by this. And luckily it was pretty minimal, but it could have been very severe, and then it would have really impacted us on man-hours.

It helps us to save money on our security stacks. It's priceless just because if we were to lose all of our data from an attack like that, there would be no way to get it back without paying massive amounts for ransomware. And there's no guarantee that if you pay for the decryption key from whoever's holding your data ransom, that that's even going to work or that you'll get everything back at the end. Morphisec has been a real lifesaver.

It makes it super easy for IT teams of any size to prevent breaches of critical systems. They have a way to mass deploy it on all of our Morphisec clients. It's very easy to manage, very easy to deploy, and it's also very easy to maintain.

The fact that it's able to automatically detect and block ransomware attempts is the most valuable feature. 

The dashboard is the area that requires the most improvement. We have about, I would say 5,500 computers currently, and searching through all of those takes some time to filter. So as soon as you apply the filter, it takes a few seconds. It crunches, it thinks, and then it brings up the clients that match.

Our computers are named and they have a serial number in front of their name. To be able to see who is signed in or who has a computer-based on their Microsoft account, that part is cut off unless you have a larger screen on a tablet. But on your cell phone, there's no way that I can find a scroll over to see who owns that device because the username is just cut off. Besides that, it's a simple interface. It's a simple product that's easy to maintain and manage. There's not a lot that we have to do with it. It just does what it needs to do.

I have been using Morphisec for close to a year. 

In terms of stability, so far it's worked great. It's been very stable, with no problems, and it continues to be effective so far. If for any reason, we get ransomware infection in the future, we'll know that there's a problem, but so far it's been good. All of the tests that we've run with ransomware simulated software from other vendors have all failed.

Scalability is very easy. It's not a problem. If you have the means to remotely deploy the client to all of your computers, scalability seems so far infinite, it's not a problem. If you can afford the budget for all your computers then you're good.

We are right around 5,000 or 5,500 users and their roles are anywhere from student to staff members, to administrators, and even our board of directors use it. Everyone has it. All of our computers are deployed by us. So everyone gets a computer, whether it's a student or a staff member, it's not on personal devices.

Every one of our computers is using it. All of our servers are using it. It's pretty extensive in how we're using it in that sense. But it's really just toward the ransomware side.

We used technical support only for the deployment or the migration from on-prem to the cloud. We've been having to deal with them on what steps we need to take and what we need to do to make it work. They made sure that it's a smooth transition, that we don't leave anything exposed as we're moving from one to the other, but that's it.

Support is pretty good for the most part, once in a while though, just because of their accent, it's kind of hard to understand them. We in particular had one tech that we were speaking to about the migration portion of it. There were three of us sitting in on that meeting and none of us could really understand or comprehend what he was trying to convey. It was not an issue with everyone else that we had dealt with.

We were using another solution that wasn't necessarily specific to ransomware. We were using Microsoft ATP in conjunction with Sentinel. We were starting to deploy Sentinel as well, which is also Microsoft's product, and trying to tie everything together, to make it more robust, but they did not have anything that dealt with the memory type encryption that Morphisec uses to help protect against those types of infections that ransomware often exploits. We didn't have anything specific to ransomware other than Microsoft's ATP and it does not catch everything.

But we still run ATP anyway. It ties in with Morphisec very well, even within the Defender dashboard, you can punch in your key and it will bring it up and give you some more information about it, making sure that they play well together. It literally bridges a gap that Microsoft ATP has.

The initial setup was very straightforward, especially for self-hosting. One thing to note is that we're currently looking to move to their cloud-hosted system and move away from the on-prem. That is proving to be so far a little more complicated to move from one to the other, at least from on-prem to the cloud. But not impossible. There are a lot more steps and processes to getting everything migrated over. We have to push out a new client to all of our client computers.

The deployment was a matter of a couple of hours once they provisioned the license and everything for us and provided us with everything. We were able to spin up a virtual machine to install everything on, open up the ports that were necessary, which were very easy. Then we just push out the client to all of our devices. We use a combination of Intune and SmartDeploy for remote imaging to push the software out to everybody. Once that was done, we plugged the license key into our Microsoft ATP, just for the integration of that. And that was it. It was up and running and good to go.

We tested it on just a couple of client computers initially, and then one test virtual machine for our servers. Once everything was looking like it was fine, then we just went ahead and pushed out to everything. There were no conflicts, there were no problems. Nothing came up as a red flag. Nothing got blocked that shouldn't have been. It went nice and smooth.

It took two of us to get this done, and that was our systems admin who deals with our servers and a lot of our client computers and then myself, which I handled the networking side, like opening up ports, making sure all the IP addresses were correct. 

We went directly through Morphisec. I don't think we had a third party or a vendor for the implementation.

We absolutely saw ROI. We did not pay that much for the licensing. It was very affordable. The peace of mind and not having to deal with or worry about as much as we did in the past about ransomware attacks, and just knowing that we're pretty well covered for the most part is ROI.

It is a very cost-effective solution. It's very affordable for what we're having to use Morphisec for.

It's extremely affordable for what it does, at least the product that we're using through Morphisec. I know that they have a few others that we're not using, but we don't need it. They did provide us with educational pricing as well. They were very flexible because we deployed it during COVID times and a lot of people were getting hit more and more with ransomware. And so they were also very flexible in what they were able to provide for the price. They understood that our budget was being cut because we had lost a lot of students as a result of COVID. They really worked with us, which was great. 

The licensing is also very fair. It's per device. So it was also very easy.

It's just a year-to-year license that we are paying for. There's nothing hidden, no extra charges that were unexpected or anything like that. It was very straightforward.

We looked at a couple of solutions and it would have been a full deployment where we would have to install their entire antivirus line on the product. They didn't have anything that just handled what Morphisec does. It would be a full product suite. We'd have to deploy that to everybody. We would have to ditch Microsoft ATP, which, again, we get free because we are Microsoft partners in education so it's included with our licensing of Office 365. And it would have been a lot more expensive to go a different route than what we found in the end.

My advice would be to make sure that if there are a lot of computers, especially if they're remotely distributed, make sure they have some sort of solution to easily push out and deploy it to multiple clients. That's probably the biggest hurdle that I think a lot of people would have. And we had two solutions already in place for us in the past that worked and that were compatible. The nice thing is that they were able to provide a Microsoft MSI Installer so that you can even have it so that it pre deploys it while you're imaging your computers if you're using Microsoft for imaging. It's the same thing if you're using Intune through Microsoft.

We've always been looking for something that would help to protect more against ransomware in our case. And this was it. This is the best solution that we found that worked for us.

I would rate it a ten out of ten. My only complaints are the dashboard and that's not even terrible. It still works. You just have to be a little patient.

I use it mainly as an additional layer of security since we have quite a lot of servers. I have unblocked a couple of things that got filtered out, and it worked great. We are a small company, not a really large firm.

We were on-prem before, but now we are on a SaaS service that they provide, which is hosted through AWS. This makes it easier for me to access from any location. I can also have Morphisec lock it down to a specific IP for allowing me to get into the system. I would need to be on a computer within the network in order to access the AWS site. 

They provide some information about security events from Microsoft Defender. I know recently when there was that Print Nightmare issue, they did release an email saying, "We are aware of this, and Morphisec is basically on it as well." So, they don't release just random little Microsoft stuff. They would release any major breaches and ransomware. This is where they would notify clients that Morphisec has been updated already to block these things. This is definitely important to us. I am usually up-to-date on all these things. However, if I don't hear from my software vendor, I would be a little bit worried, "Are they blocking it? Is this something that will be blocked? Are they looking into it?" So, it is good to be informed on these things.

Morphisec stops attacks without needing to know what type of threat it is, just that it is foreign. It is based on injections, so it would know when a software launches. If a software launches and something else also launches, then it would count that as anomalous and block it. Because the software looks at the code, and if it executes something else that is not related, then Morphisec would block it. That is how it works.

Most of the alerts that we have gotten are for legitimate stuff. They have typically been for logins and stuff that users might try to install, e.g., WebEx or some background Google update, so we block them. We have been working internally to block the use of plugins and stuff. It's not that they are fake; they are real notifications. It is just that we have to restrict certain access to certain browsers.

It reduces two alerts every month. It is not so much. We have locked down a lot of things, like our internal group policies. In this way, we don't have to run into any random alerts developed in other people's software for a lot of little things, which we noticed that we can immediately remediate. We have Morphisec doing its real job versus just blocking tiny little programs that don't matter to it. We just have it there as a layer of security on top of our layer of security policies that we already have. I don't think it's going to really catch a lot of stuff, but if something were to happen, it is the backup. That is why we have it.

Every month we get a security report, which tells us, "These are all the things that it scanned, and these are the things that it blocked." 99% of the time, there won't be a lot of stuff, but it gives us an executive report at the end of the month. I usually review it just to make sure that things are okay, e.g., any machines that we might have replaced, need to get rid of, or archive. That is really all I would really look at the security report for. Because if I were to get something like a threat, I won't see it at the end of the month. I see it right away.

Morphisec makes it super easy for our IT team to prevent breaches of critical systems. It is a one-click install, then it takes care of the rest. If we have to evaluate anything, they will notify us. After it has been prevented, we can jump in and release it or create a new rule. Then, if it gets deployed, it gets deployed to all our endpoints. It is really simple for the amount of stuff that they actually do.

As far as threat prevention goes, it does great. There have been a couple of preventions that it blocked from browsers and stuff. From time to time, Google may try to install something through the use of a plugin and it blocks that out. 

The dashboard is really easy to use. It is not super convoluted, which is great.

Like any other threat prevention platform, this one is mostly specific to memory attacks. That is what I really like about it. I get emails if there are any threats. 

Right now, it's just their auto-update feature. I know they are currently working on that. When they release a new version of the threat prevention platform, I do have to update that, rolling out to every computer. They have said, "From version 5, you would be able to do an auto-update." While this is very minor, that is the only thing that I would say needs to be upgraded. It would just make life a lot easier for other IT teams. However, I have simplified the process, so all I need to do is just download one file.

At my company, we have been using Morphisec for about three years.

I have been using it since last November, which is when I took over from the previous IT manager and was introduced to Morphisec. 

The stability seems great. There is literally no downtime that I have ever noticed.

There is no maintenance. Morphisec does everything. As long as the endpoint is connected to the dashboard, which is hosted online, then there is nothing that I need to do besides just making sure that it has Internet access on my side, which is how it gets updates.

Scaling is very simple. We just have to add a new computer, then install Morphisec. There is really nothing else to do.

There's only two users who have access to it: a backup admin and me. In the event that something were to happen to me, the backup admin could still get into it, but I am the most active admin on the account. I usually make sure everything is up and the devices are checking in. I just check it from time to time to make sure that all the devices are cleaned up and archived. Since we have been replacing computers, I want to make sure that they are not going to be showing up in our list as offline devices if they were replaced. I just have to remove them and archive it.

I contacted their tech support once, when I was deploying the software. I just had to update an IP, and that was it. It was pretty fast. I have a direct contact with their support tech, and even our account manager. I can send issues to them, then they will forward them to their tech support team. They get back to you within an hour, and they are in different time zones. Time-wise, in terms of getting back to you, it is pretty fast.

We previously used Carbon Black. We switched to Morphisec because Carbon Black had a lot of false positives. Based on my knowledge, it was really noisy for stuff that really didn't matter. So, Carbon Black was not the best choice.

When I came in, my company was on an older version, so I had to roll out a newer version. It was literally a migration. We moved from the on-prem server to the cloud. I had to do that from scratch. It really was just Morphisec saying, "This is your new link. There is an installer. You can either install it on all your computers one by one or you can script it out." They provide all the information. Therefore, whenever a computer signs in, it would just install the program and point it to the new server.

The migration took a few seconds. Once I have set it up, all I have to do is wait for people to turn their computers on. Then, I can see them start populating inside of the new dashboard. It was just a waiting game for whenever the CPAs would turn their computers on and log in.

We are in a domain, so all our computers are managed by user accounts. We can set specific rules, e.g., when a user logs in, this happens. So, I set up a rule that would install the new version of Morphisec when a user logs in. Then, I just have to wait for them to log in from wherever they are.

Before, we had to manually install it. However, I am a believer in automating things and doing things a lot faster. So, I was able to roll it out to every computer, even making sure that we had it on all our computers by using their built-in, automatic deployment.

I get emails if I have to set up anything.

I met the guys from the support team and also used a program to deploy it.

Deployment was done in-house. My main thing was that I didn't want to have any computers being missed. It was all done on a one-to-one basis, where the guy would go to every computer and install it. So, installing it would be policy. I know Morphisec would reach out to every single computer, as long as it is joined to the domain. That was my main strategy when rolling it out to everybody. Once it popped up, I made sure the numbers matched up to know whether Morphisec was on every computer on the domain.

It is more of a peace of mind. We know that we have an additional layer of security that is protecting our endpoints, since we are working remotely for certain things. We have the threat prevention platform. 80% of our stuff is based on security materials, because of the data that we work with day-to-day. Having Morphisec made us a little bit more comfortable knowing that our servers are not going to get hacked by any random stuff. However, if it does get hacked, then Morphisec will prevent it.

Morphisec has reduced the amount of time that we spend investigating false positives. It gives me the breakdown of where things originated from. It is easy for me to identify whether it is a false positive or not. Most of the stuff is legitimate. So, I have never had to deal with a false positive block.

The solution has reduced our team’s workload. We don't have to really go in, look at stuff, and monitor a dashboard. There is something we set that will notify us. We just have it getting sent to our mailbox. Therefore, if we get an email, we would know (at that stage) that something is going on.

I know my organization was paying a lot more for the previous software that they used through an MSP. It was charged per user and cost quite a bit to use per endpoint.

I don't have to purchase any additional licenses, unless I go over. I have a license limit of 80. Whenever we renew our contract, if we have gone over that amount, then we will get billed for that amount.

Our licensing is tied into our contract. Because we have a long-term contract, our pricing is a little bit lower. It is per year, so we don't get charged per endpoint, but we do have a cap. Our cap is 80 endpoints. If we were to go over 80, when we renewed our contract, which is not until three years are over. Then, they would reevaluate, and say, "Well, you have more than 80 devices active right now. This is going to be the price change." They know that we are installing and replacing computers, so the numbers will be all over the place depending on whether you archive or don't archive, which is the reason why we just have to keep up on that stuff.

The two main contenders were Carbon Black and Morphisec. We made a decision between those two. We had two trials, where they were trialed them on different machines. Morphisec was more detailed. Morphisec was detecting stuff that was correct versus Carbon Black, which mostly just protecting literally every little thing that you do but not really malicious at all nor causing a memory issue. Morphisec was a little bit more real-time with real stuff versus just a bunch of anomalous stuff. Though, I think Carbon Black learns as it goes. 

Morphisec has helped us to save money on our security stack. Considering other platforms that we have gotten quotes from and other platforms that I have looked into, based on our initial investment into it, it has saved us quite a lot of money on external and internal devices that we would have needed to purchase from other vendors. Right now, it is saving us anywhere between the range of $9,000 to $20,000 per year, because we put a lot of money on security. We house a lot of sensitive information, so we can't afford to go around something. That would put all our clients' information at risk.

We use Morphisec as one of our security artillery platforms. We have other software that we use for security threats, so Morphisec is not the only one. Morphisec is probably around the second stack. We have our main threat prevention software that we rolled out, and after that is Morphisec. After Morphisec is our DNS filtering. 

Read the instructions. They literally tell you everything you need to do. Just make sure that you know what Morphisec is before getting into it, because it is not an antivirus. They have a feature that binds with Windows Defender. Windows Defender is an antivirus and Morphisec is more of unified threat prevention for memory attacks. So, you still need to have an antivirus.

Morphisec is a security platform. The things that it does are better for companies who have sensitive information that they don't want to risk getting out. If they have Morphisec, they can feel safe that their stuff is protected.

I would rate it 10 out of 10. It is a great program. We will definitely be renewing it when our renewal period is closer.

Our use case is to augment our antivirus software that's on our endpoints to go in tandem with Microsoft Defender. It's also going on our Windows and Linux servers as well. 

Morphisec has helped us in our deployment strategy of endpoints and keeping a good inventory of our assets. We do that with Defender, but this is another tool to help us know what assets we have deployed, the ones that Defender doesn't always cover. 

If Defender is turned off somehow and Morphisec is on then we can investigate. Or the other way around, if Defender's on and Morphisec is not installed, we can have it installed. It does checks and balances on our deployment so we're not left with an endpoint that's unprotected.

The ability to stop attacks without having to detect or have a signature for the attack is the most valuable feature. It's just a different way of stopping attacks, by defeating it at the endpoint before any damage is done.

Morphisec provides full visibility into security events from Microsoft Defender and Morphisec in one dashboard. Defender and Morphisec are integrated. It's important because it lowers the total cost of maintenance on the engineer's time. The administrative time is dramatically reduced in maintaining the product and saves an engineer around four to five hours a week.

It's extremely easy to deploy. It functions without needing to talk to a server. It's completely silent once you've installed it. It's been really silent behind the scenes and has not conflicted with other software. It's a real set and forget.

We started in the Linux platform and we deployed to Linux. The licensing of that has been confusing between Linux licensing and Windows licensing. The overall simplicity of licensing or offering an enterprise license to cover everything and not needing to count needs improvement.

They've integrated with Defender well, but they should continue maturing that integration so that you can just check boxes with Defender installed to add Morphisec as well. There's licensing and all that, but they should try to make the implementation as easy as possible. It's easy now but they should continue down the path of making it as easy as possible.

I have been using Morphisec for two and a half years with a POC before that. 

From what we've seen it's stable as it can be. If there's such a thing as 100% availability, it's there. I think the architecture of it being deployed and standalone for all desk purposes makes it super stable. The biggest concern was conflicting with the applications on the desktop, and we had not seen that at all. It's been very reliable. We haven't been on the cloud version for very long, but so far it's been very reliable.

It should scale without an issue. It's about the deployment strategy and getting it deployed. Once you have a good deployment strategy, then it can scale to hundreds of thousands of endpoints, if you have them.

We are protecting around 3,000 endpoints. Then when we're all finished, there'll be about five to 6,000.

There is no upgrade that we know of yet, so we're on the latest version. I would anticipate once a year that we would have an upgrade to the endpoints. And it would probably take 10 to 20 hours of information security engineer's time to make that happen.

Their technical support is very good, responsive, and has good follow-through on open tickets. We don't have any issues with them.

The initial setup was relatively straightforward. We first installed Morphisec before they had their cloud server, which was a little bit more complicated. But now we've converted to their cloud server, which has made it much, much easier. You don't have the burden of setting up a server and getting the missing libraries and all the issues of setting up a server. Now with the cloud, it's simple.

It took us three weeks to set up with the server.

We did a proof of concept first, and then we tested it to make sure it would catch known malware with no antivirus on the endpoint. Then we started the deployment strategy and our deployment strategy was laptops first, then virtual desktops, and then servers.

We worked with Morphisec and our own engineers for the deployment.

We had a very good experience with their engineers. They were very knowledgeable about the Microsoft stack, easy to work with, and responsive.

Our ROI is having another level of control. I can't yet identify breaches that Morphisec stopped directly, but it'll pay for itself once it does that. It's really the extra layer of control that we didn't have before.

We've gone through several iterations over renewals. I think it's reasonably priced. I wouldn't say it's cheap, but I also wouldn't say that it's over-the-top pricing. An enterprise agreement would be nice so we don't have to try to count or get an estimate of the number of endpoints. If we go through growth and add 500 laptops, I don't want to have to go back and change our licensing to add that capacity. I'd rather just have that built into the contract.

We haven't seen any additional costs to the standard licensing. 

The options we looked at were more in the antivirus space. Morphisec as a product does not have direct competitors because of its unique architecture. There are other advanced endpoint protections that I looked at, but this one was by far the most unique architecture. It has a unique way of adding another layer of controls on the endpoints.

Morphisec hasn't added to my team's workload. It hasn't reduced it, but it hasn't added to it.

I didn't buy it to save us money. I bought it to add another level of control at the endpoint beyond antivirus. So it's really adding another layer of defense.

My advice would be to understand how Morphisec works from the Bad Actor's perspective, on how a Bad Actor or malware can compromise Windows or Linux. Morphisec gets to the root of those compromises. Rather than trying to detect the compromise, a design in the operating system issues and defeating those there or rather than trying to respond to changes in malware, they're defeating it right at the exploit level.

I'm part of Morphisec's sales team half the time when I'm trying to educate other IT leaders, my peers, or other CISOs on how it's actually working because it takes a little while to understand it. So my advice would be to really try to ask questions about how the architecture works. Because it doesn't really work like another AV. It works much differently than other endpoint protectors.

I would rate Morphisec a nine out of ten. 

We are in healthcare and when the pandemic started we were really getting hammered with phishing attacks. Thankfully, none of them really got through or were successful, but the uptick in the attacks made me really concerned about the potential for the results of a successful ransomware attack. 

The way I've set up our world is as a bunch of different layers, from what I consider to be best-of-breed. We have a gateway with one company, we have endpoint protection with another company, we have firewalls and connectivity to the internet handled by another company. We also have a company that monitors all of our logs. On top of that, the last thing that I saw as a big hole in my defense strategy was all these Zero-day attacks that were getting through some of the other products. They hadn't gotten through to us yet, but I had read that it was more and more of a threat. Morphisec is just another layer on top.

Part of the reason I purchased the product is that we are a very bottom-heavy IT organization, in that we have a really strong help desk group. Anything more complicated than help desk is my problem, and I have a lot of other responsibilities besides IT. I count on being able to bring in vendors that are very useful to me to subsidize that.

They have a new deal where things are controlled by their cloud controller, which is on AWS. I updated to that about two months ago. It used to be on-premises but thankfully it's not anymore.

As far as I can tell, in the year that it's been in, it hasn't stopped a significant attack of any kind. But that's not a negative for me. It is helping me to feel comfortable that all the other layers I've put in place in front of it are doing their jobs. It has definitely increased my comfort level that we are doing the utmost to protect the systems here.

Morphisec saves me from paying for a higher-tier license to get visibility into Defender AV alerts. While it doesn't really save me any money, because I didn't think it was worthwhile to have a product to do that on its own, I love that I get that as a benefit from using Morphisec. But I wouldn't have spent the money on something just to show me the Defender alerts.

I really like the integration with Microsoft Defender. In addition to having third-party endpoint protection, we're also enabling Defender, although we haven't rolled it out fully yet; we have had a test environment. I like the reporting that we get from Defender, when it comes in. I like that it's one console showing both Morphisec and Defender where it provides me with full visibility into security events from Defender and Morphisec. With our help desk situation—where it all comes to me, and I'm responsible to make sure that I am seeing anything that could possibly be a problem—having both of those in one location has been very important for me.

Morphisec stops attacks without needing knowledge of the threat type or investigation of security alerts. It absolutely does do that and that's because of the way it looks at an executable when it starts and when it asks for memory. If it asks for a specific piece of memory, then Morphisec says, "Okay, it's over here," but it's not really, and then it watches what it tries to do with that. It knows whether it did something that it shouldn't and it will kill that process in that scenario. It doesn't require foreknowledge of the application to protect you from threats. I've seen it happen because we have some old software that does some squirrely stuff, and we've had to allow it to run anyway. That old software does stuff that you wouldn't expect from modern software. If modern software were to do what that old software does, it would definitely be a threat. So I've seen it in action, but not with a live vulnerability.

We have been using Morphisec for a little over a year, although we purchased it about 15 months ago.

It's been very stable. 

Going back to before I had the cloud controller, I probably had to restart the on-premises controller once a month. I would go in and notice that 50 percent of the machines were reporting as offline. I'd restart the web services and they'd all come back. I got into the habit of regularly restarting my machine. That was definitely a stability issue and I was glad to get out of the on-prem solution, to get rid of that.

Scalability wasn't an issue for me because it took very little effort to get it onto our 1,200 machines. I used a third-party software rollout service and it installed, no problem, and worked. 

I don't think scalability is an issue, especially now that it's in the cloud. The on-prem server was never overwhelmed from a resource standpoint, so I think it would have scaled just fine as an on-premises solution, but in the cloud it obviously has all the resources it needs.

It's on every endpoint we have, but I don't think the users know they're using it. It's just running. As administrator, when there's an alert, I go investigate it. That's pretty much it. I don't have to do any maintenance because we have gone to the cloud solution.

In terms of increasing our usage, I could potentially put it back on those application servers, but it's not worth the fight because the software is relatively old on some of those machines and it gives false positives all the time. It's just easier to not have it on them.

If Morphisec had an integration with those older technologies, I would be interested in using it on them. I'd rather have it on every server, but not having it on those application servers doesn't concern me too much. The end-users really can't do anything but run that specific application on the server. They don't have the freedom to run other processes there.

If anything, tech support might be their weakest link. The process of getting someone involved sometimes takes a little time. It seems to me that they should have all the data they need to let me know whether an alert is legitimate or not, but they tend to need a lot of information from me to get to the bottom of something. It usually takes a little longer than I would expect. The last time they did an investigation, it took about two weeks to decide whether the alert was a false positive or not.

The only thing I was unhappy with was that during the sales process, I thought I was going to be getting a cloud controller. I was very disappointed that I had to build my own controller and operate it. But I don't have to do that anymore. That was the only major issue and they fixed it.

I did not have a previous solution. 

During the process of looking into Morphisec, I sent a couple of the details of some of those Zero-day vulnerabilities to the different companies that I was relying on at the time. I said, "Hey, how does your product protect me from this?" and I got them all to basically admit, "Well, we don't." I got back to Morphisec and they were able to explain how their product would protect us from these types of vulnerabilities, because they were memory attacks, and that's what Morphisec does.

The initial setup, when it was on-prem, was kind of complex. It took half a day of working with someone from Morphisec to get it set up and then four or five follow-up calls to make sure everything was set up right. When we went to the cloud controller, obviously, I had knowledge of how to run the product by then, and it took about an hour to get set up and we were running. It couldn't have been easier. I was very happy with that.

When we rolled it out, we had about 1,200 PCs and endpoints. I put the product on about 50 of them to make sure that everything was fine. We do application publishing and I put it on the application publishing servers immediately but that was not a great idea. Those are the servers that were running that old software that I mentioned, the software that was getting false positives all the time. We ended up not putting it onto those servers, but after those 50 machines ran for a couple of weeks with no issues, we rolled it out to the rest of the endpoints.

We were fully running within a month.

The only third party was the reseller, Softchoice, but they didn't do any of the work, they just sold me the product.

They charge per endpoint, per year. For 1,200 endpoints and another 60 servers, with the cloud subscription included, it was just under $43,000 for the year.

I think there are competing companies now, but I don't think there were when I was first introduced to Morphisec. I was looking for a solution and Morphisec was the one that I found. I didn't find anyone else of consequence advertising they were doing the same kind of process that Morphisec does. And I'm not looking at any competitors right now because I'm happy with Morphisec.

I don't want to think that everything I have put in place is perfect, but we haven't been hacked. I know we are being attacked. I see the logs that show we're probed every day and that we have phishing attacks that come through every day. But we haven't been attacked to a point where Morphisec has been hit as the last line of defense. It's a big deal for me just to have that visibility.

We've had lots of reports of potential threats that Morphisec has handled, but we haven't had a single one, yet, that was a legitimate vulnerability that Morphisec stopped. I don't look at that as a negative at all. I look at it as a positive, that the systems that I have in place are doing their jobs. I really consider Morphisec the last line of defense. That's the way it is set up. Nothing should get to Morphisec if everything else is working. It doesn't bother me at all that we haven't had a significant threat make it to Morphisec. But it's great to know that if one of those was to get through, we have it as an additional line of defense.

When we had it on-premises, it didn't send alerts out, so I would go into it on a regular basis to see if anything needed to be checked out. Now, as of the installation of the cloud version, it actually sends alerts. If I get an alert, I go investigate it.

It also has the potential to save money on my security stack. I'm seriously considering getting rid of our standalone third-party AV scanner, when it's time to renew that next year, and just going with Defender and Morphisec alone. I haven't made that decision yet.

I wouldn't say that Morphisec has reduced the amount of time we spend investigating false positives, because every product I use has the capability of throwing false positives at me. Morphisec does as well and I've had to investigate false positives with it.

I'd be reluctant to give it a 10 out of 10, just because it has never done anything significant. But as far as everything that they've promised and put in place, I would give it a nine. They have followed through on everything they promised. The product is working and supporting me, and like I said, even if it's just proving that everything else I have in front of it is doing its job, that's good enough for me.

If someone has the same kind of systems in place that I had before Morphisec, I would almost say it's a luxury, but it's not really because it helps me sleep at night. If someone has had an attack, that means their current systems aren't cutting it and Morphisec is a great product to have in-house. Morphisec as the last line of defense is as good as you can get. Overall, I'm very happy with the product.

For the most part, it's an install-and-forget until it alerts. When it alerts, if a user has a script or something that runs and that tries to alter a process, a message pops up on the user's device and lets the user know, and then it shuts down the process immediately, preventing further infection.

We recently migrated to their cloud platform, which is hosted on AWS. We had on-prem servers but we're decommissioning them in the next week or so.

We've seen it work successfully in a couple of areas where it helped us stop a problem before it became a problem. A user clicked on something they shouldn't have clicked on, and it was going to do something. Morphisec will kill Internet Explorer, for instance. That's one of the most popular scenarios.

Morphisec has also reduced the amount of time we spend investigating false positives. Before we got it, it would take a couple of hours whenever we did have an alert, to identify the machine. Now it's really fast and simple because Morphisec provides a full report. We can then jump in there and see exactly what process or script kicked off the alert. We can go directly to it to see if it's legitimate or not. Usually, now, it takes a few minutes.

It helps us save money because of the reduced man-hours when it comes to hunting down something that happens. We also haven't looked at adding any other security software to our environment because we've been very happy with Morphisec.

It has also reduced workload. When I first started here, we had to remove the computers from a large section of a department to hunt down a problem. Now, it's just automatically shut down and we get an alert and we can go directly to the problem.

The killing of the processes and the alerting are the most valuable features. Where we used to have to wait for either an email to come in and say, "Hey, this has happened," or for a user to call and say, "Hey, this isn't working right," now, the moment it happens, it kicks off an alert to our Microsoft Teams and everybody on my team sees it.

Morphisec also provides full visibility into security events for Microsoft Defender and Morphisec in one dashboard. We purchased that functionality about a year ago. It's important to our organization because we are able to go to one spot to see and follow up on things, and that has been a big help. We're still trying to integrate Windows Defender so that it works with Azure, along with SCCM. If you've worked in SCCM, you know it can be a little bit confusing. When you go into SCCM, you have to do a lot of drill-downs and look for the problem. But in the single pane of glass provided by Morphisec, it's all right there at your fingertips: easy to access and easy to understand. And if you choose to go down further to know everything from the process to the hash behind it, you can.

In the Windows Defender integration, they have put in a report of computers that need Windows Defender updates. If those updates could be kicked off directly from the dashboard, instead of having to go to another system entirely, that would be good. It reports on it, but it doesn't let you take any action from there. 

Also, as opposed to when users are on the cloud where it will automatically update the correct agents when they check in, it cannot do that for a VDI client.

I've been using Morphisec for three to four years.

I've had no complaints or concerns about the stability of Morphisec.

Scalability is not an issue. The way it is designed is that it gets installed and pulls up the necessary plan from the server. Even if you shut down the server, it would stay running to push out more. You just need the licenses for it.

Our entire organization is using it, they just don't realize it. At any one time we have between 500 and 600 people using it. There are only two administrators of the solution right now. Up until now, as one of the administrators, I have done all of the maintenance, but now with the move to the cloud, Morphisec is going to handle that. My role will continue to include ensuring that clients are pushed out to the devices and to follow up on any alerts that come up.

We don't have plans to increase usage. Usage is based on the number of devices we have and we don't intend on expanding that at this time. But the goal is to have it on every desktop that exists in the hospital.

Their support has been good. The only problem is that their support lives in Israel, so the time zones are a bit off, but I've never had any complaint beyond that.

We did not have a previous solution for Zero-day protection.

The initial setup was straightforward and simple. I believe we used a command-line PDQ Deploy and pushed it out across the organization. We were licensed for 1,500 machines in the beginning, 300 servers and 1,200 machines. We didn't go to each individual one. We just pushed it out from one spot to all of them, from a list.

A typical install takes about a minute. It may take three to four minutes if it has to uninstall an old version of Morphisec. Across the organization, it took a day to roll out. We have an inventory of everything we have. Our biggest concern, at the time, was what would happen on servers. For instance, I recently pushed it out to the servers, but we left it in alert-only mode for this new version. That way, if it did alert on anything, it would not kill any necessary processes for the organization.

There are two major plans for Windows Defender, and we've chosen plan one. We haven't considered plan two yet because it was more of a cost-savings when we were looking at Microsoft. Going with Morphisec was more for the Zero-day protection that they offer.

Licenses are per endpoint, and that's true for the cloud version as well. The only difference is that there is a little extra charge for the cloud version.

The only cost, in addition to the standard licensing fees, is if you want the Windows Defender platform, the integration. That one was between $2,000 and $3,000. It's an add-on feature.

The one I remember that we looked at was Carbon Black. The reason we went with Morphisec was that it was well-reviewed at a conference by one of the members of our leadership.

It's simple, it's easy, and it works. It's a product that actually does what it says it's going to do.

The biggest lesson I've learned from using it is that there are a lot more things in your environment than you want.

When Morphisec first came out, it was on-prem and we used a group policy to deploy it to the endpoints. Working with them was one of the things I did and then obviously when Covid hit I had a large majority of my workforce that started working remotely. And deploying new endpoints remotely using GPO can be a struggle. I talked to them about that and the next day I got a phone call. We're actually moving to their cloud platform that does automatic updates in the cloud now. So that if I have people working remotely, they get the update automatically. It's not signature updates and whatnot, since it's signatureless, but agent updates. If you're 4.1 to 4.15 or 4.16, those will all get deployed automatically from a cloud server, which really opened up a lot of things for us as well.

That was our request. I went in and they started working on it. I worked with them on the development of the dashboard. They're always looking for customer input about what they can do better. They're constantly asking and getting input from their customers about stuff to improve the product, and there are not a lot of organizations that do that either.

Morphisec has reduced the amount of time we spend investigating false positives. We can see what's going on in the dashboard. We're a robotics company so we do a lot of in-house development. And so we see false positives on occasion due to whatever reason. When I see that, I contact them, we'll look at the signatures, the hash and the memory affirmation, and stuff that's provided through the attacks. They analyze that, we look at the application and then they resolve it, or if it's a rare thing, I can just exclude it so that it doesn't get looked at.

It's very quick and easy to do, so it's not like I'm waiting weeks for them to analyze data. We send them the logs or they get the logs automatically, depending on how I have stuff set up, they review them, call me the next day, and tell me what we need to do. And it's over with. It has reduced my team's workload by 30 to 40%.

Morphisec absolutely helps us to save money on our security stack. Budgets were tight during COVID and we had some companies that were jumping. Their prices were going up and up and taking advantage of what was going on in the industry. Morphisec didn't do that. They stuck to their guns and said, "This is the cost of our product and we're not going to take advantage of the customer." That economic side was huge for them as well. Compared to other products, their pricing is very good and very competitive.

The product has absolutely worked flawlessly. We have had basically no issues, either with the product or with any type of virus or zero-day attacks, ransomware, nothing. It has caught everything. And the one thing that's been unique about them is I read a lot and do a lot of research on the products that are out there, and there have been some products that are widely used like CCleaner and such that had been packaged in some of these programs that Morphisec has caught. They've contacted the manufacturers of those programs to say, "This is what we found." And rather than just letting it go on, they're contacting other manufacturers saying, "You just deployed something and it's got some adware." And so they can fix their product and then redeploy the fixed version out to the public. They're looking out for themselves, but they're also looking out for other organizations as well.

There are two primary valuable features. 

It works without the end-user having to do anything. It just works. 

Second, the fact that it's signatureless is valuable. It's very light on the endpoint and does not have any performance hindrance on the endpoint. That is a huge plus as well. We've used some other products in the past that just really bogged down the machine. If we do scans in the background, and I get a request that someone wants to do scans at night, it's fine. You can take your computers home and turn them off in the evening. I don't have any of those kinds of issues with Morphisec.

Morphisec's approach to using deterministic attack prevention is a big deal for us with all the zero-day attacks and ransomware that's going on in the industry. What we've seen is quite a downturn in the virus or signature-based attacks on the endpoints and even malware. The zero-day attacks are really at the forefront industry-wide, whether it be my company or financial companies. 

Since using Morphisec we have seen a downturn in attacks because Morphisec protects us versus Defenders and whatnot that are signature-based. I know we have not had any issues with ransomware or other zero-day attacks that we've seen with machines that, all of a sudden, have become before we instituted the product. Now the machine had to be re-imaged and there was a loss of data because something was on the machine. You couldn't really determine what was on the machine because nothing was picking it up. The products we were using weren't picking it up.

We're getting ready to deploy the cloud platform. I've already got the cloud portal and everything available to me. There are some nice additional features in there that were some of the things that I had requested previously. Those are some of the features that I was looking for on my on-prem platform that they've already instituted in the cloud and that I'm sure will be instituting on their on-prem platform as well. Having to have an on-prem server required a lot of administration. Being able to push that to the cloud and have it managed up there for us is a real nice addition.

We've been using Morphisec since the inception of the product. We were really one of the first commercial organizations in the United States to use it in production. So, we started with a version 1 product, which was several years ago. We were looking to complement our stack of endpoint security products. I then went out and started doing research for primarily zero-day signatureless software that we could utilize on our endpoints. Doing my research, I came across the Morphisec product, placed a call to them, ended up talking to one of their founding members of the product. We also looked at CrowdStrike, Carbon Black, SentinelOne and some of the other similar types of software out there. We decided that Morphisec would definitely be the best solution for us.

As far as scalability, you can put it on a couple of endpoints or you can put it on thousands of endpoints. The initial installation is very fast. It's a minute and a half, two minutes, and you're done. You walk away.

The machine connects to the domain, the application's installed and it shows up in the dashboard and you move on. We put it into the group policy, there's the script, send it out, install it on the endpoint and we don't have to touch it.

Whereas with a lot of the other applications, you have to touch every single machine and make sure that it gets installed correctly, and that it's loading correctly. We just don't have to do that.

It's so fast that the end-user doesn't even really know that it's happening. For the end user's experience, it's absolutely over the top. We've had other products in the past that we've used and we've had complaints. The CPU could be dragging because their thing is doing some big scan in the background, or the application or agent itself is, for lack of a better term, very heavy so it uses a lot of memory and uses a lot of CPU, and drags down the machines. I have a company of engineers and scientists and they want all the horsepower they can have on their machines and don't want something running in the background that's dragging down what they're trying to, where they're trying to work.

We're doing between six and seven hundred nodes.

I have several people that monitor this stuff but it really takes one person to set it up and let it go. It takes a very small piece of one person's time to do this. I have multiple people because I want them to be able to have experience and understand what's going on in the environment.

To administer it, it takes less than an hour of my time a day. I get reports sent to me. I can review reports. If I need to go into the dashboard, I can pop into the dashboard very quickly, see what's going on, see if there's anything that needs tending to, and then move on about my day.

I have absolutely without a doubt seen ROI. It's the cost savings compared to other products, the performance of the product, and the amount of time saved by my team on issues that were happening before we installed Morphisec and utilized their product. I got a return on investment in less than a year.

I do not have to pay extra for anything. We're an Office 365 shop but we do not use the MS3 E3. If we would turn around and use that product in the cloud as far as Office 365, then the integration is instantaneous all the way through into Office 365. But that's not dependent on Morphisec. That's a dependence on my licensing with Microsoft.

If you don't have that integration, Morphisec integrates with just the Defender on the desktop. It's built-in. You're not paying extra for something to have that feature set.

One of the things we looked at was to see how the solutions affect the endpoint performance. Because when you start stacking up products on top of each other, on the endpoints, you can run into performance issues, memory consumption, CPU consumption, and whatnot. Morphisec was very light and does not consume hardly any CPU or memory. It runs in the background unknown to the user. It doesn't do a bunch of alerts and stuff to the end-user. It just works in the background. Then you have a dashboard and a portal that you can manage and see what's going on. Morphisec was a really good fit for us.

In the early days, on a Windows platform especially, you had third-party virus protection applications. McAfee, Kaspersky, Norton Symantec, and those types of things, and we've used several over the course of the years. When we finally migrated fully to Windows 10 platform, Windows Defender was much better at what it did. And one of the things that came up the pipe was Microsoft integration with Morphisec so that I can see what Defender's doing as well as what Morphisec's doing in our dashboard or portal. That was very unique and this worked out very well.

The other solutions at the time did not provide those things, and so that was a big plus for us too. It was nice to be able to see what's going on with Defender endpoints as well. It has been a great product for us. It definitely does what it says. Their support is second to none. If I have an issue with a false positive or something, I can place a service request and they're on it right away. We review it and they resolve it. I really can't say enough about the product and the team that supports the product. They've been great. They've treated me like kid gloves since the very beginning.

I've used their product since its infancy, if they're looking for a product that is reasonably priced, does what it says it's going to do, requires very little administration and deployment effort, then this is the product I would be looking at.

Compared to what I've seen out there right now, I'd rate Morphisec a 10 out of 10. I really can't say enough about the product.

There may be some other products coming out there that are going to compete, and that's fine. And if you look at those other products, you better take a really good, hard look at Morphisec and see what they can do. Look at the whole entire package, the support groups, and what type of support they get that you're getting, that you may not get with other products. That's an important piece for us, if something does go wrong, you know you've got someone you can call, you know you've got a support portal to put in a ticket that you're going to get a very quick response from. You look at the whole package, not just one piece of it.

Since the beginning, their deployment strategies and everything has continued to improve and get better and better. You can't do that if you're just sitting in a room, a bunch of engineers and say this is what we're going to do and this is how the customer has to do it. 

They treat me with kid gloves and I really can't say enough about the product and how it's performed for us and the support we continue to get, even years later. I get the same amount of support that I did in the early days.

We purchased Morphisec primarily to help mitigate and protect us against Ryuk ransomware back in December when that was running really rampant. The antivirus that we were using at that point was outdated. We were looking to move to a new vendor, and we needed something as a stopgap to supplement our current antivirus. Morphisec fit that bill perfectly. It had features that our antivirus did not. It had an immediate deployment and immediate return on investment that we just would not be able to get if we were to turn around and try to deploy a full-blown antivirus across the entire environment. Morphisec was quick, simple, and did not conflict with anything that we already had. It also did not cause any additional delays in our virtualized environment, which was a huge concern for our infrastructure team. It just fit perfectly.

We've detected things that our antivirus was not picking up. We had no visibility or control over anything that was running in process memory. Morphisec immediately started blocking things that should not have been running in process memory. It also gave us visibility into the Windows Defender antivirus that we did not have without increasing our Microsoft licensing and gave us some basic control over Defender as well. We previously used McAfee.

The fact that Morphisec uses deterministic attack prevention that does not require human intervention has affected our security team's operations by making things much simpler. We don't have to really track down various alerts anymore, they've just stopped. At that point, we can go in and we can clean up whatever needs to be cleaned up. There are some things that Morphisec detects that we can't really remove, it's parts of Internet Explorer, but it's being blocked anyway. So we're happy with that.

It's very important to us that it offers visibility into and control over Windows 10, native device control, disc encryption, and personal firewall. We're actually in the process now of deploying the control over the firewall so that we can consolidate to a single pane of glass for our antivirus and controls. It will help us through leveraging group policy, which can fail, especially if the machine drops off of the domain, we have a significantly larger remote than we did a year ago. We have machines that don't necessarily get the policies they need to get when they need to get them. Morphisec fixed that.

The level of control from Morphisec Guard compared to Windows 10 Native Security tools is a bit more basic than the Windows 10 Native Controls. You basically enable the firewall or you disable it, based on the various profiles. I have not yet seen a way to create exceptions in the firewall or rules and things like that but those can be pushed through group policy, regardless. As long as the firewall is enabled, it's functioning and it's doing better than if there was no policy applied at all.

Morphisec Guard enabled us to see at a glance whether our users have device control and disk encryption enabled properly. It is especially important with our remote workforce. Disc encryption is an absolute must. And the device control, USB devices, is also an absolute must.

It has reduced the amount of time we spend investigating false positives. It reduced our amount of chasing antivirus alerts by about 80% a week.

Our team's overall workload has also been reduced by about 30% on a weekly basis of our workload, we would spend a lot of time tracking alerts.

It has enabled us to take Morphisec and leverage one product where we would have had to have had at least two previously. I don't really have numbers for what that would look like. We didn't really investigate too many other vendors in that space, but it's probably at least 50% savings over what we would have needed. So it has helped us to save money on our security stack.

Some of the filters for the console need improvement. There are alerts that show up and just being able to acknowledge that we've seen those and not turn them off, but dismiss them, would be a huge benefit.

We've been using Morphisec for about six months now. It is installed on our endpoints and servers. We have a SaaS version of the console.

I've had 100% availability anytime I've needed to go look. I have not had any issues in any of our environments with the agents.

Scalability is very easy. We can just call and say that we need more licenses and they give us more licenses and we can push that agent out. It's the same executable file we have on our file shares. We just expand however many we need, to as large as we want to go.

We have about 8,000 endpoints, 2,500 servers, and 4,000 virtualized desktops.

Our next step would be to purchase the Linux agent and get that on the few Linux servers and appliances that we have.

The technical support has been fantastic. Any feature requests I've had, any issues I've run into, which have been very minimal, they've had an immediate response. Turnaround for feature requests is really, really fast. I've seen it within the next update which they do monthly. They provide great technical support. 

We looked at Bitdefender, Trend Micro, and Microsoft Defender. We are still using Microsoft Defender in conjunction with Morphisec in a small pilot group. We're still evaluating where we want to go for a true antivirus solution. So, we still have a small deployment of Defender.

Deployment was the biggest difference between Morphisec and the other solutions. It was far simpler to deploy Morphisec without having to remove another antivirus, without having to make a large-scale project, or look for compatibility. It works on all supported operating systems. It works in conjunction with other antiviruses. We didn't have to create exceptions and there were no conflicts with the antivirus we were running and Morphisec. So that really helped us make that decision, purchase this, roll it out, and have it supplement our existing technologies. And it gave us an almost immediate return on investment.

The initial setup was very straightforward. We deployed it via group policy. We had it deployed across the entire environment in about three days.

There are no additional costs to standard licensing. We've had full support. I get biweekly calls with my technical account manager and we purchased the licenses for everything we needed for a single cost.

If you have the ability to get Morphisec into their environment, it's going to be a hundred percent return on investment. I would recommend it every time.

If you can, get it and run with it, because it's great. It's been eye-opening, the things that other antiviruses were missing, and we've seen it protect against zero days. We've seen it protect against ransomware that other antiviruses have not even seen.

I would rate Morphisec a ten out of ten.