Morphisec Reviews

We are using Morphisec on 100% of our endpoints.  The Morphisec protector installation is pretty straightforward, currently using the scripting capabilities of ConnectWise Automate.

Previously, we had a mix of AV and EDR solutions that required a fair amount of management.  Policy management was more complex, and reviewing exception reports was very time-consuming.  Even with this extra effort, we still encountered viruses on a somewhat regular basis. At least once or tiwce a month we would have to work on a machine to remediate it. Since we started using Morphisec, that hasn't happened even once. 

This alone has definitely reduced our team's workload. I would estimate we save between four and ten hours a month previously spent on remediation.

The attack prevention doesn't require investigation into security alerts, although we do periodically look and see what types of things are taking place. Even so, we don't spend a lot of time doing those investigations because the attack has been prevented and we don't see it occur again.

Another benefit, something that is important to me, is that Morphisec Guard enables us to see at a glance whether users have device control and disk encryption enabled properly. We want to make sure that we're properly secured and following best practices. Prior to that information being made available to us through Morphisec, we didn't really have a great way of confirming whether a machine had an encrypted disk or other security features enabled.

The solution also saves us from paying for a higher-tier license to get visibility into our Defender AV alerts. 

The primary feature, of course, is the prevention of Zero-day attacks and other related issues.

It also provides full visibility into security events from Microsoft Defender and Morphisec in one dashboard. We've always had that capability with Morphisec. The more recent version appears to do that even a little bit more natively and it's given us visibility that we didn't have otherwise.

We are now beginning to use Morphisec Scout, which provides vulnerability information. At this time, it is able to recognize vulnerabilities and reporting them to us, but it's not actually resolving them. There's still a separate manual process to resolve those vulnerabilities, primarily through upgrades, which are done outside of Morphisec. It might be a bit much to ask, but if Morphisec could somehow have that capability, either natively or through interactions with an RMM system, that would be very effective.

We have been using the Morphisec Breach Prevention Platform for a little over two years.

It's been very stable, both in terms of Morphisec Guard and the administrative console.

We have one primary, default protection plan that applies to all of our machines, and it does the job very well. It's pretty easy to use the administrative console to check on the status of the protectors. For us, it has been very scalable -- we have 1,200 employees, and Morphisec is on every machine.

I can imagine with more complex environments there might be a need for more varied protection plans, and any limitations of the administrative user interface might be exposed. However, that's not something that has impacted us at all.

I know Morphisec is continuing to evolve and to look for additional ways to be of value to its customers, but in our case, the specific items that we are currently using from Morphisec have already provided great value.

We've only had a few instances where it's been necessary to contact their technical support, but when we have engaged them the support has been very good. We've had good responsiveness and the people we've worked with have been very knowledgeable.

Positive

We previously used more familiar EDR tools like Carbon Black and Sophos.  We still use SentinelOne on a portion of our machines, but we found that Morphisec is so effective that those EDR tools rarely have the opportunity to do the work that they would normally do before Morphisec has already prevented the attack.

Every one of those other solutions required more hands-on management and more direct involvement. With Morphisec, we just make sure it's installed.  With the default policies we have in place, things work well without much additional oversight

There were two factors that occurred simultaneously that drove us to make our initial decision about Morphisec. One was that we were in the middle of a transition from Carbon Black to SentinelOne, and I was concerned that we might encounter circumstances during that transition where we were not fully protected. I considered Morphisec to be a good additional layer. We always strive to have layers of security, and in this case, the additional layer did not negatively impact any of the other security processes we had in place. Since that time, it has been a layer that has proved to be very effective at what it does.

The second factor was that we recognized that Morphisec has a different, complementary approach to how secures our endpoints.  That approach has been very effective in dealing with unknown vulnerabilities.

The setup was fairly straightforward. We were one of the first to use the hosted  cloud instance, so there were some small discrepancies in the documentation that didn't properly recognize our scenario. But I perceive the number of clients using cloud instances has increased dramatically—it may be the norm now for Morphisec customers.  The documentation has definitely improved.

Our implementation strategy was to install it on roughly 10 percent of our environment to assess whether there were any unintended consequences,  such as performance issues. Once we validated both the effectiveness and the low impact on performance, we then deployed it across our entire environment.

The deployment didn't take long, and it went very smoothly. The reporting it provides is very good, giving you a sense of the progress. There was nothing of concern. 

I would note that there have been two different instances where we've had to manually push out significant version updates. We're now working with a version where the agent, the protector, will update itself.  We are interested to see how well this works with the next significant update.

In terms of staff requirements for deployment and maintenance, somebody has to initiate the solution, but it's not a primary role for anybody among our IT employees. We have our basic processes in place to make sure the Morphisec Protector is on every new machine that we deploy. Beyond that, we don't really spend much time looking at any of the incidents that have taken place, or managing the security policies. There is very minimal overhead.

We implemented in-house.  The documentation and the onboarding support made the process very easy to manage.

It is definitely a tool that has saved us enough time and reduced our risk enough that the cost is well-justified.

That elimination of instances where we had to manually remediate machines that were affected by a virus has saved us time. We also don't feel it's quite as necessary to use more expensive EDR solutions on every single machine, and we're just better protected. We haven't had issues where we've had data loss or exfiltration.

I'm not sure if we were an early adopter or not, but we enjoyed very competitive pricing when we began working with Morphisec a couple of years ago.  We've been very happy with the value the service provides.

This is the first year that we've had Morphisec Scout in addition to Morphisec Guard. We are eager to take advantage of the additional capabilities it offers. Of course there is an additional cost associated with Scout, but we feel the value will definitely justify the costs.

We evaluated other next-generation EDR antivirus options, but not any other options like Morphisec. I don't know if there are any security solutions quite like Morphisec.

Defender does well with known vulnerabilities, whereas Morphisec does a job that others can't, with unknown vulnerabilities. The other tools that we have in place, such as our file sharing and email services, do a pretty good job of eliminating the known vulnerabilities from even entering into our environments. But if unknown vulnerabilities are somehow used in an attack, Morphisec has done an excellent job with those attacks.

It just works and it's very easy both to install and manage. I definitely recommend evaluating it. I'm confident that anyone would see the same benefits that we have.

There are two things I've learned from using the solution. One is that their Moving Target Defense is a very unique approach and very effective. It's pretty novel.

The second lesson is the benefit of having that layering. Having Defender and Morphisec has been a really good tandem approach to things. There are a lot of companies out there that may not be comfortable relying on Defender alone, even though it's very effective at managing known attacks. Even in the instances where we're using an EDR, in our case SentinelOne, those Defender and Morphisec layers work really well. We've had good success.

Morphisec does a good job of helping us make sure our endpoints are secure. We've definitely benefited from that. The Morphisec protectors have absolutely done their job. We have not had any instances with viruses, and I would even go so far as to say the EDR tools we have in place have been largely underutilized. They're just sitting there because there really hasn't been much for them to take action on.

Morphisec is deployed to our desktops and servers, and we're running a server for it. We're switching to their cloud server and then it will be managed through that.

When I started at my company five years ago, they did not have a lot of protection in place. I ran across Morphisec at a technology show that I was at, got to really speaking with them and understanding the technology. I felt that this would be one cheaper way to help block anything from actually running in memory or execute against anything we had running in-memory on our endpoints.

We're not only using Microsoft Defender we also use Sophos. Morphisec plays well with Sophos also, which was another selling feature, because we wanted to make sure we had a traditional anti-malware and antivirus platforms also.

Prior to me starting with using it, we had infections and machines that were taken down. We have not had one machine that has been taken down due to malware now in almost four and a half years. That's huge. We have 600 machines right now that we don't have routine infections because nothing can execute.

It has definitely affected our team's productivity. 

Morphisec has reduced the amount of time we spend investigating false positives. It doesn't allow anything false to execute against anything. So if something does get triggered to an alert, it was definitely a problem that was resolved and isolated immediately. We have Morphisec as a base layer and we have Sophos as a secondary layer. Between those three tools or those three levels of security, nothing is getting run on those machines.

It has also reduced my team's workload. They're not rebuilding machines and reformatting and remediating problems as nearly what we were when we first started. We were dealing with a ton of infections. The company was much smaller then. We were 300 employees and we're at 600 now. I don't have anything to quantify that because we have grown so much and we don't have the problems as I did a couple of months ago before we put that in place.

Morphisec helps us to save money on our security stack. First and foremost it helps by preventing infections which prevents my technicians from having to re-image machines or remediate the problem itself. That rate right off the bat is savings. I cannot quantify that because I don't have a number compared from four and a half years ago to now.

The biggest feature is that it hides everything from your operating system that's running in-memory from anything to try to run against it. That's the most unique thing that's on the market. There's nothing else out there that's quite like that. That's a big selling point and why we went with it. It does exactly what the design does. If you can't find it, you can't execute against it.

Automating reports needs improvement. I would like to have better reporting capabilities within it or automated reporting to be a little bit more dynamic. That's something I know they're working on. We literally are in the process. We started the process a week and a half ago of going to their latest version, so I've not seen their latest one up and running yet.

I have been using Morphisec for about four and a half years. We're a couple of releases behind, but we're in the process of doing a cloud migration right now.

The stability is great. We don't have problems with it. We have not had a problem with it where it's gone down, not functioned or anything else in the four and a half years we've been using it.

We have not encountered any issues with scalability. We've been able to put it on whatever server we wanted with however many endpoints. We've grown from 300 to 600 since we started that process and there was no hiccup with adding additional machines or anything else.

There are about 600 users using it right now. We are a construction company. So, the roles are from admin, accounting, HR, IT, project management, field staff, supervisors, and superintendents. It's installed everywhere possible that we can as far as an endpoint.

There are two people on the infrastructure team who deal with it.

We do have plans to increase usage.

The support has been very nice. We've had zero issues. They're very helpful. They're easy to get ahold of any time we've had questions. Their deployment team is the same way.

Previously Malwarebytes was in place. I would not put it in the same category as this at all. Morphisec is a unique tool, one of the most unique ones on the market.

I had seen the demonstration. I was really impressed with what it did. My systems manager went through multiple demos, scenarios, and everything, and it really helped us out. Our rep made us 100% comfortable with the platform. So, that was really the selling part right there.

The initial setup was pretty straightforward. I had my systems manager at the time just work with them and get it loaded up with no major issues.

The initial deployment was about two and a half to three weeks because we were going across multiple machines and servers.

Our strategy was to protect our endpoints right away, which we were able to create a deployment for that to get that up and running and work on what servers we could because we could not do every server. That's a very invasive process and it took us a little bit of time to get that worked out.

We worked with Morphisec. 

I have seen ROI. The way I gauge that is the lack of tickets, the lack of machines not having to be imaged, the lack of the employees' time, which we could try to break down an hourly salary of around $40,000 a year. If they have to spend two days working on a machine versus what it costs me for that license, there is no comparison.

It is an inexpensive platform. It gives us good threat protection prevention. The cost per user is significantly less than most of the other competitive products on the market.

We are still using a separate tool. I know for our 600 or I think we're actually licensed for up to 700 users, it runs me 23 or $24,000 a year. When you're talking to that many users plus servers being protected, that's well worth the investment for that dollar amount.

There are no additional charges to the standard license.

It's very straightforward. It's basically a flat-rate model. It is a scalable model. Contract-wise, it was simple. It was a one-page document and done.

We have not delved into deterministic attack prevention. It has those tools in there. We have not delved into that because between that tool and our other tool, we really don't have any infections happening.

My advice would be to sit there and get a demo of it, understand it. I've actually spoken on their behalf before because I was a satisfied customer. It's a product that just works. You put it in place and you could forget it at that point. It protects against the unknowns.

Some of the other things were that they found stuff in a tool called CCleaner. They found a virus that was embedded in their code that they were submitting out themselves. As far as finding things and stopping things that are unknown, that's the biggest takeaway you can get from it.

They were thinking outside the box when they developed it, to put a tool like this in place that blocks the unknown, blocks things, executing against anything in-memory. 

I would rate Morphisec a ten out of ten. 

We use Morphisec in conjunction with our other endpoint tools to be a type of fail-safe. If something can get through Trend Micro or CrowdStrike, Morphisec is the secret weapon, because if it sees anything it will stop it. We have a defense-in-depth model, and Morphisec caps it off for us.

The solution is hosted by the vendor.

Often, it's very hard to get the vendors of the biomedical devices we use to allow us to install security software on their devices for monitoring. Morphisec is the first one that we've gotten the vendors to potentially buy-in on. They're taking a look at it to see what it does and allow us to start distributing it across some biomedical PCs. That's a big deal for us.

Another benefit is that, while Morphisec hasn't necessarily reduced the number of false positives we get, it makes it easy to determine whether something is real or false. We don't have to spend a lot of time trying to figure that out. We get a lot more false positives from CrowdStrike. When it comes to investigating something like that with Morphisec, we don't have a lot of occurrences. We may have gotten three false positives from it in the last year, and that was when an application got upgraded and changed.

The simplicity of the solution, how easy it is to deploy and how small it is when deployed as an agent on a device, is probably the biggest aspect, given what it can do.

It's a set-and-forget, unless somebody says something or we get an alert. It is not something you have to manage every day, that's for sure.

The only area that really needs improvement is the reporting functionality. Gathering the detailed information that is in the system for an executive, or for me as a director, could be better. Some of the interface and reporting aspects are a little bit dated. They're working on it.

We have been using Morphisec Breach Prevention Platform for just about four years.

I've never had a problem with its stability.

In terms of scalability, it's easy to push out. It will go on pretty much any Windows device, which is great. We have it on every endpoint our organization owns. That includes servers and workstations. The only thing it probably does not touch is anything that is biomedical. We've adopted it 100 percent. Obviously, we'll add licenses as we add devices.

We are also looking at some of Morphisec's other product lines that they have recently come out with.

I would rate their technical support very highly. If we need technical support, which we haven't needed much, they're quick to respond.

Aside from that, I would say that working with Morphisec, from the business development and partnership points of view, has been tremendous. They're always willing to listen to new ideas. And they come to us and say, "Hey, we have these things that are going on. Are you interested in looking at it and giving your opinion on it?" They're very in tune with customers and communicate well, which is rare.

Positive

We did not have a solution to do what Morphisec specifically does. We don't use Microsoft Defender. I know Morphisec has the capability to pull all that together, but we are not a Defender customer. Currently, we use CrowdStrike.

With our testing process and our change process, it took us about a month to deploy the solution. It was very short compared to what our processes normally take.

We deployed it to the IT department, and then to another group as a testbed. After dealing with any small issues, and by that I mean there were a couple of applications we had to whitelist, we started deploying it across our fleet to all 6,000 devices.

It's simple to push it out through SCCM because it's a very small, lightweight application that does not affect the users in any way. It does not slow down their machines or have dependencies that need to be installed, and it runs on pretty much everything.

The financial savings are unknown, but the risks that Morphisec offsets, and the dollar amounts tied to those risks, are tremendous. We're potentially saving millions of dollars from a breach because we have Morphisec in place.

The pricing is definitely fair for what it does.

Before we got Morphisec we evaluated solutions that claim to do similar things, and we have done additional evaluations since we started using it, but I don't think anything can truly touch what Morphisec does and the way it does it.

A lot of the solutions out there are basic antivirus tools and they add on EDR capabilities. They're usually trying to compare EDR to Morphisec. A lot of the competition says they're similar, but they're rooted in old ways of doing things. Morphisec is just a different process.

My advice is to get to know the individuals at Morphisec. Lay out your infrastructure and where you need to put it and let them help you do that. Also, be open to new ways of tackling security problems.

Our use case is for memory protection of our desktop and VDI computers beyond traditional antivirus capabilities.

We are on the most recent release.

We have seen it successfully block attacks that a traditional antivirus did not pick up.

Morphisec has reduced the amount of time that we spend investigating false positives by four to eight hours a month.

Memory morphing and the central console are the most valuable features. Most traditional antivirus solutions don't come with these features, so you need a tool, like Morphisec, to add this functionality.

It would be nice if they could integrate Morphisec with other traditional antivirus solutions beyond Microsoft Defender. That is probably my biggest gripe.

I have been using it for three and a half years.

It has been very stable. We haven't had any unintended consequences. Usually with security solutions, they introduce a lot of chaos and false positives in an environment, but that has not been the case in Morphisec. It has been uneventful, luckily.

We don't really have a lot of maintenance that goes on day to day. A lot of it is kind of set it and forget it. We have one admin who works on it, but they probably only touch it once a week unless they get an email alert that tells them to look at something.

Our environment isn't particularly large. We only have around 500 endpoints in our environment.

I would rate the customer/technical support as 10 out of 10. They are all very competent, motivated people who are very helpful.

We did previously use another solution before Morphisec. The company was acquired by VMware and discontinued.

We started it on a very small subset of computers. We tested on those for an extended period, then we pushed it out to the entire environment.

The deployment took 30 minutes at most.

The solution is very easy to deploy. They have excellent trained staff who can assist with a deployment as well as upgrades. They make it as easy as possible.

We haven't had any cybersecurity incidents on machines running Morphisec. We also haven't seen a large number of false positives on machines running Morphisec. I guess you could argue that there is a return on investment there because it has obviously decreased the amount of time that we spend looking at false positive events and remediating cybersecurity incidents. In general, it is always harder to build business cases on security tools.

Morphisec makes use of deterministic attack prevention that doesn’t require investigation of security alerts. There is less overhead because it is more focused on the protect versus remediation, removing additional steps that you need to do associated with remediation.

Morphisec has reduced our team’s workload by four to eight hours a month.

It is a little bit more expensive than other security products that we use, but it does provide us good protection. So, it is a trade-off.

There aren't too many players in this market. It is very niche. Morphisec is in an interesting niche that a lot of companies might touch on, but not at the depth and breadth that Morphisec does.

We have looked at other vendors, but they don't necessarily overlap with Morphisec. 

While the solution provides full visibility into security events from Microsoft Defender and Morphisec in one dashboard, we are not using that function right now.

The best thing would be to first understand the difference between traditional AV solutions and the Morphisec product. After that, it is just so easy to implement and install. I would recommend running an evaluation of it, because there is no reason not to.

I would rate Morphisec as eight out of 10.

Our use case is to augment our antivirus software that's on our endpoints to go in tandem with Microsoft Defender. It's also going on our Windows and Linux servers as well. 

Morphisec has helped us in our deployment strategy of endpoints and keeping a good inventory of our assets. We do that with Defender, but this is another tool to help us know what assets we have deployed, the ones that Defender doesn't always cover. 

If Defender is turned off somehow and Morphisec is on then we can investigate. Or the other way around, if Defender's on and Morphisec is not installed, we can have it installed. It does checks and balances on our deployment so we're not left with an endpoint that's unprotected.

The ability to stop attacks without having to detect or have a signature for the attack is the most valuable feature. It's just a different way of stopping attacks, by defeating it at the endpoint before any damage is done.

Morphisec provides full visibility into security events from Microsoft Defender and Morphisec in one dashboard. Defender and Morphisec are integrated. It's important because it lowers the total cost of maintenance on the engineer's time. The administrative time is dramatically reduced in maintaining the product and saves an engineer around four to five hours a week.

It's extremely easy to deploy. It functions without needing to talk to a server. It's completely silent once you've installed it. It's been really silent behind the scenes and has not conflicted with other software. It's a real set and forget.

We started in the Linux platform and we deployed to Linux. The licensing of that has been confusing between Linux licensing and Windows licensing. The overall simplicity of licensing or offering an enterprise license to cover everything and not needing to count needs improvement.

They've integrated with Defender well, but they should continue maturing that integration so that you can just check boxes with Defender installed to add Morphisec as well. There's licensing and all that, but they should try to make the implementation as easy as possible. It's easy now but they should continue down the path of making it as easy as possible.

I have been using Morphisec for two and a half years with a POC before that. 

From what we've seen it's stable as it can be. If there's such a thing as 100% availability, it's there. I think the architecture of it being deployed and standalone for all desk purposes makes it super stable. The biggest concern was conflicting with the applications on the desktop, and we had not seen that at all. It's been very reliable. We haven't been on the cloud version for very long, but so far it's been very reliable.

It should scale without an issue. It's about the deployment strategy and getting it deployed. Once you have a good deployment strategy, then it can scale to hundreds of thousands of endpoints, if you have them.

We are protecting around 3,000 endpoints. Then when we're all finished, there'll be about five to 6,000.

There is no upgrade that we know of yet, so we're on the latest version. I would anticipate once a year that we would have an upgrade to the endpoints. And it would probably take 10 to 20 hours of information security engineer's time to make that happen.

Their technical support is very good, responsive, and has good follow-through on open tickets. We don't have any issues with them.

The initial setup was relatively straightforward. We first installed Morphisec before they had their cloud server, which was a little bit more complicated. But now we've converted to their cloud server, which has made it much, much easier. You don't have the burden of setting up a server and getting the missing libraries and all the issues of setting up a server. Now with the cloud, it's simple.

It took us three weeks to set up with the server.

We did a proof of concept first, and then we tested it to make sure it would catch known malware with no antivirus on the endpoint. Then we started the deployment strategy and our deployment strategy was laptops first, then virtual desktops, and then servers.

We worked with Morphisec and our own engineers for the deployment.

We had a very good experience with their engineers. They were very knowledgeable about the Microsoft stack, easy to work with, and responsive.

Our ROI is having another level of control. I can't yet identify breaches that Morphisec stopped directly, but it'll pay for itself once it does that. It's really the extra layer of control that we didn't have before.

We've gone through several iterations over renewals. I think it's reasonably priced. I wouldn't say it's cheap, but I also wouldn't say that it's over-the-top pricing. An enterprise agreement would be nice so we don't have to try to count or get an estimate of the number of endpoints. If we go through growth and add 500 laptops, I don't want to have to go back and change our licensing to add that capacity. I'd rather just have that built into the contract.

We haven't seen any additional costs to the standard licensing. 

The options we looked at were more in the antivirus space. Morphisec as a product does not have direct competitors because of its unique architecture. There are other advanced endpoint protections that I looked at, but this one was by far the most unique architecture. It has a unique way of adding another layer of controls on the endpoints.

Morphisec hasn't added to my team's workload. It hasn't reduced it, but it hasn't added to it.

I didn't buy it to save us money. I bought it to add another level of control at the endpoint beyond antivirus. So it's really adding another layer of defense.

My advice would be to understand how Morphisec works from the Bad Actor's perspective, on how a Bad Actor or malware can compromise Windows or Linux. Morphisec gets to the root of those compromises. Rather than trying to detect the compromise, a design in the operating system issues and defeating those there or rather than trying to respond to changes in malware, they're defeating it right at the exploit level.

I'm part of Morphisec's sales team half the time when I'm trying to educate other IT leaders, my peers, or other CISOs on how it's actually working because it takes a little while to understand it. So my advice would be to really try to ask questions about how the architecture works. Because it doesn't really work like another AV. It works much differently than other endpoint protectors.

I would rate Morphisec a nine out of ten. 

We are in healthcare and when the pandemic started we were really getting hammered with phishing attacks. Thankfully, none of them really got through or were successful, but the uptick in the attacks made me really concerned about the potential for the results of a successful ransomware attack. 

The way I've set up our world is as a bunch of different layers, from what I consider to be best-of-breed. We have a gateway with one company, we have endpoint protection with another company, we have firewalls and connectivity to the internet handled by another company. We also have a company that monitors all of our logs. On top of that, the last thing that I saw as a big hole in my defense strategy was all these Zero-day attacks that were getting through some of the other products. They hadn't gotten through to us yet, but I had read that it was more and more of a threat. Morphisec is just another layer on top.

Part of the reason I purchased the product is that we are a very bottom-heavy IT organization, in that we have a really strong help desk group. Anything more complicated than help desk is my problem, and I have a lot of other responsibilities besides IT. I count on being able to bring in vendors that are very useful to me to subsidize that.

They have a new deal where things are controlled by their cloud controller, which is on AWS. I updated to that about two months ago. It used to be on-premises but thankfully it's not anymore.

As far as I can tell, in the year that it's been in, it hasn't stopped a significant attack of any kind. But that's not a negative for me. It is helping me to feel comfortable that all the other layers I've put in place in front of it are doing their jobs. It has definitely increased my comfort level that we are doing the utmost to protect the systems here.

Morphisec saves me from paying for a higher-tier license to get visibility into Defender AV alerts. While it doesn't really save me any money, because I didn't think it was worthwhile to have a product to do that on its own, I love that I get that as a benefit from using Morphisec. But I wouldn't have spent the money on something just to show me the Defender alerts.

I really like the integration with Microsoft Defender. In addition to having third-party endpoint protection, we're also enabling Defender, although we haven't rolled it out fully yet; we have had a test environment. I like the reporting that we get from Defender, when it comes in. I like that it's one console showing both Morphisec and Defender where it provides me with full visibility into security events from Defender and Morphisec. With our help desk situation—where it all comes to me, and I'm responsible to make sure that I am seeing anything that could possibly be a problem—having both of those in one location has been very important for me.

Morphisec stops attacks without needing knowledge of the threat type or investigation of security alerts. It absolutely does do that and that's because of the way it looks at an executable when it starts and when it asks for memory. If it asks for a specific piece of memory, then Morphisec says, "Okay, it's over here," but it's not really, and then it watches what it tries to do with that. It knows whether it did something that it shouldn't and it will kill that process in that scenario. It doesn't require foreknowledge of the application to protect you from threats. I've seen it happen because we have some old software that does some squirrely stuff, and we've had to allow it to run anyway. That old software does stuff that you wouldn't expect from modern software. If modern software were to do what that old software does, it would definitely be a threat. So I've seen it in action, but not with a live vulnerability.

We have been using Morphisec for a little over a year, although we purchased it about 15 months ago.

It's been very stable. 

Going back to before I had the cloud controller, I probably had to restart the on-premises controller once a month. I would go in and notice that 50 percent of the machines were reporting as offline. I'd restart the web services and they'd all come back. I got into the habit of regularly restarting my machine. That was definitely a stability issue and I was glad to get out of the on-prem solution, to get rid of that.

Scalability wasn't an issue for me because it took very little effort to get it onto our 1,200 machines. I used a third-party software rollout service and it installed, no problem, and worked. 

I don't think scalability is an issue, especially now that it's in the cloud. The on-prem server was never overwhelmed from a resource standpoint, so I think it would have scaled just fine as an on-premises solution, but in the cloud it obviously has all the resources it needs.

It's on every endpoint we have, but I don't think the users know they're using it. It's just running. As administrator, when there's an alert, I go investigate it. That's pretty much it. I don't have to do any maintenance because we have gone to the cloud solution.

In terms of increasing our usage, I could potentially put it back on those application servers, but it's not worth the fight because the software is relatively old on some of those machines and it gives false positives all the time. It's just easier to not have it on them.

If Morphisec had an integration with those older technologies, I would be interested in using it on them. I'd rather have it on every server, but not having it on those application servers doesn't concern me too much. The end-users really can't do anything but run that specific application on the server. They don't have the freedom to run other processes there.

If anything, tech support might be their weakest link. The process of getting someone involved sometimes takes a little time. It seems to me that they should have all the data they need to let me know whether an alert is legitimate or not, but they tend to need a lot of information from me to get to the bottom of something. It usually takes a little longer than I would expect. The last time they did an investigation, it took about two weeks to decide whether the alert was a false positive or not.

The only thing I was unhappy with was that during the sales process, I thought I was going to be getting a cloud controller. I was very disappointed that I had to build my own controller and operate it. But I don't have to do that anymore. That was the only major issue and they fixed it.

I did not have a previous solution. 

During the process of looking into Morphisec, I sent a couple of the details of some of those Zero-day vulnerabilities to the different companies that I was relying on at the time. I said, "Hey, how does your product protect me from this?" and I got them all to basically admit, "Well, we don't." I got back to Morphisec and they were able to explain how their product would protect us from these types of vulnerabilities, because they were memory attacks, and that's what Morphisec does.

The initial setup, when it was on-prem, was kind of complex. It took half a day of working with someone from Morphisec to get it set up and then four or five follow-up calls to make sure everything was set up right. When we went to the cloud controller, obviously, I had knowledge of how to run the product by then, and it took about an hour to get set up and we were running. It couldn't have been easier. I was very happy with that.

When we rolled it out, we had about 1,200 PCs and endpoints. I put the product on about 50 of them to make sure that everything was fine. We do application publishing and I put it on the application publishing servers immediately but that was not a great idea. Those are the servers that were running that old software that I mentioned, the software that was getting false positives all the time. We ended up not putting it onto those servers, but after those 50 machines ran for a couple of weeks with no issues, we rolled it out to the rest of the endpoints.

We were fully running within a month.

The only third party was the reseller, Softchoice, but they didn't do any of the work, they just sold me the product.

They charge per endpoint, per year. For 1,200 endpoints and another 60 servers, with the cloud subscription included, it was just under $43,000 for the year.

I think there are competing companies now, but I don't think there were when I was first introduced to Morphisec. I was looking for a solution and Morphisec was the one that I found. I didn't find anyone else of consequence advertising they were doing the same kind of process that Morphisec does. And I'm not looking at any competitors right now because I'm happy with Morphisec.

I don't want to think that everything I have put in place is perfect, but we haven't been hacked. I know we are being attacked. I see the logs that show we're probed every day and that we have phishing attacks that come through every day. But we haven't been attacked to a point where Morphisec has been hit as the last line of defense. It's a big deal for me just to have that visibility.

We've had lots of reports of potential threats that Morphisec has handled, but we haven't had a single one, yet, that was a legitimate vulnerability that Morphisec stopped. I don't look at that as a negative at all. I look at it as a positive, that the systems that I have in place are doing their jobs. I really consider Morphisec the last line of defense. That's the way it is set up. Nothing should get to Morphisec if everything else is working. It doesn't bother me at all that we haven't had a significant threat make it to Morphisec. But it's great to know that if one of those was to get through, we have it as an additional line of defense.

When we had it on-premises, it didn't send alerts out, so I would go into it on a regular basis to see if anything needed to be checked out. Now, as of the installation of the cloud version, it actually sends alerts. If I get an alert, I go investigate it.

It also has the potential to save money on my security stack. I'm seriously considering getting rid of our standalone third-party AV scanner, when it's time to renew that next year, and just going with Defender and Morphisec alone. I haven't made that decision yet.

I wouldn't say that Morphisec has reduced the amount of time we spend investigating false positives, because every product I use has the capability of throwing false positives at me. Morphisec does as well and I've had to investigate false positives with it.

I'd be reluctant to give it a 10 out of 10, just because it has never done anything significant. But as far as everything that they've promised and put in place, I would give it a nine. They have followed through on everything they promised. The product is working and supporting me, and like I said, even if it's just proving that everything else I have in front of it is doing its job, that's good enough for me.

If someone has the same kind of systems in place that I had before Morphisec, I would almost say it's a luxury, but it's not really because it helps me sleep at night. If someone has had an attack, that means their current systems aren't cutting it and Morphisec is a great product to have in-house. Morphisec as the last line of defense is as good as you can get. Overall, I'm very happy with the product.

For the most part, it's an install-and-forget until it alerts. When it alerts, if a user has a script or something that runs and that tries to alter a process, a message pops up on the user's device and lets the user know, and then it shuts down the process immediately, preventing further infection.

We recently migrated to their cloud platform, which is hosted on AWS. We had on-prem servers but we're decommissioning them in the next week or so.

We've seen it work successfully in a couple of areas where it helped us stop a problem before it became a problem. A user clicked on something they shouldn't have clicked on, and it was going to do something. Morphisec will kill Internet Explorer, for instance. That's one of the most popular scenarios.

Morphisec has also reduced the amount of time we spend investigating false positives. Before we got it, it would take a couple of hours whenever we did have an alert, to identify the machine. Now it's really fast and simple because Morphisec provides a full report. We can then jump in there and see exactly what process or script kicked off the alert. We can go directly to it to see if it's legitimate or not. Usually, now, it takes a few minutes.

It helps us save money because of the reduced man-hours when it comes to hunting down something that happens. We also haven't looked at adding any other security software to our environment because we've been very happy with Morphisec.

It has also reduced workload. When I first started here, we had to remove the computers from a large section of a department to hunt down a problem. Now, it's just automatically shut down and we get an alert and we can go directly to the problem.

The killing of the processes and the alerting are the most valuable features. Where we used to have to wait for either an email to come in and say, "Hey, this has happened," or for a user to call and say, "Hey, this isn't working right," now, the moment it happens, it kicks off an alert to our Microsoft Teams and everybody on my team sees it.

Morphisec also provides full visibility into security events for Microsoft Defender and Morphisec in one dashboard. We purchased that functionality about a year ago. It's important to our organization because we are able to go to one spot to see and follow up on things, and that has been a big help. We're still trying to integrate Windows Defender so that it works with Azure, along with SCCM. If you've worked in SCCM, you know it can be a little bit confusing. When you go into SCCM, you have to do a lot of drill-downs and look for the problem. But in the single pane of glass provided by Morphisec, it's all right there at your fingertips: easy to access and easy to understand. And if you choose to go down further to know everything from the process to the hash behind it, you can.

In the Windows Defender integration, they have put in a report of computers that need Windows Defender updates. If those updates could be kicked off directly from the dashboard, instead of having to go to another system entirely, that would be good. It reports on it, but it doesn't let you take any action from there. 

Also, as opposed to when users are on the cloud where it will automatically update the correct agents when they check in, it cannot do that for a VDI client.

I've been using Morphisec for three to four years.

I've had no complaints or concerns about the stability of Morphisec.

Scalability is not an issue. The way it is designed is that it gets installed and pulls up the necessary plan from the server. Even if you shut down the server, it would stay running to push out more. You just need the licenses for it.

Our entire organization is using it, they just don't realize it. At any one time we have between 500 and 600 people using it. There are only two administrators of the solution right now. Up until now, as one of the administrators, I have done all of the maintenance, but now with the move to the cloud, Morphisec is going to handle that. My role will continue to include ensuring that clients are pushed out to the devices and to follow up on any alerts that come up.

We don't have plans to increase usage. Usage is based on the number of devices we have and we don't intend on expanding that at this time. But the goal is to have it on every desktop that exists in the hospital.

Their support has been good. The only problem is that their support lives in Israel, so the time zones are a bit off, but I've never had any complaint beyond that.

We did not have a previous solution for Zero-day protection.

The initial setup was straightforward and simple. I believe we used a command-line PDQ Deploy and pushed it out across the organization. We were licensed for 1,500 machines in the beginning, 300 servers and 1,200 machines. We didn't go to each individual one. We just pushed it out from one spot to all of them, from a list.

A typical install takes about a minute. It may take three to four minutes if it has to uninstall an old version of Morphisec. Across the organization, it took a day to roll out. We have an inventory of everything we have. Our biggest concern, at the time, was what would happen on servers. For instance, I recently pushed it out to the servers, but we left it in alert-only mode for this new version. That way, if it did alert on anything, it would not kill any necessary processes for the organization.

There are two major plans for Windows Defender, and we've chosen plan one. We haven't considered plan two yet because it was more of a cost-savings when we were looking at Microsoft. Going with Morphisec was more for the Zero-day protection that they offer.

Licenses are per endpoint, and that's true for the cloud version as well. The only difference is that there is a little extra charge for the cloud version.

The only cost, in addition to the standard licensing fees, is if you want the Windows Defender platform, the integration. That one was between $2,000 and $3,000. It's an add-on feature.

The one I remember that we looked at was Carbon Black. The reason we went with Morphisec was that it was well-reviewed at a conference by one of the members of our leadership.

It's simple, it's easy, and it works. It's a product that actually does what it says it's going to do.

The biggest lesson I've learned from using it is that there are a lot more things in your environment than you want.

When Morphisec first came out, it was on-prem and we used a group policy to deploy it to the endpoints. Working with them was one of the things I did and then obviously when Covid hit I had a large majority of my workforce that started working remotely. And deploying new endpoints remotely using GPO can be a struggle. I talked to them about that and the next day I got a phone call. We're actually moving to their cloud platform that does automatic updates in the cloud now. So that if I have people working remotely, they get the update automatically. It's not signature updates and whatnot, since it's signatureless, but agent updates. If you're 4.1 to 4.15 or 4.16, those will all get deployed automatically from a cloud server, which really opened up a lot of things for us as well.

That was our request. I went in and they started working on it. I worked with them on the development of the dashboard. They're always looking for customer input about what they can do better. They're constantly asking and getting input from their customers about stuff to improve the product, and there are not a lot of organizations that do that either.

Morphisec has reduced the amount of time we spend investigating false positives. We can see what's going on in the dashboard. We're a robotics company so we do a lot of in-house development. And so we see false positives on occasion due to whatever reason. When I see that, I contact them, we'll look at the signatures, the hash and the memory affirmation, and stuff that's provided through the attacks. They analyze that, we look at the application and then they resolve it, or if it's a rare thing, I can just exclude it so that it doesn't get looked at.

It's very quick and easy to do, so it's not like I'm waiting weeks for them to analyze data. We send them the logs or they get the logs automatically, depending on how I have stuff set up, they review them, call me the next day, and tell me what we need to do. And it's over with. It has reduced my team's workload by 30 to 40%.

Morphisec absolutely helps us to save money on our security stack. Budgets were tight during COVID and we had some companies that were jumping. Their prices were going up and up and taking advantage of what was going on in the industry. Morphisec didn't do that. They stuck to their guns and said, "This is the cost of our product and we're not going to take advantage of the customer." That economic side was huge for them as well. Compared to other products, their pricing is very good and very competitive.

The product has absolutely worked flawlessly. We have had basically no issues, either with the product or with any type of virus or zero-day attacks, ransomware, nothing. It has caught everything. And the one thing that's been unique about them is I read a lot and do a lot of research on the products that are out there, and there have been some products that are widely used like CCleaner and such that had been packaged in some of these programs that Morphisec has caught. They've contacted the manufacturers of those programs to say, "This is what we found." And rather than just letting it go on, they're contacting other manufacturers saying, "You just deployed something and it's got some adware." And so they can fix their product and then redeploy the fixed version out to the public. They're looking out for themselves, but they're also looking out for other organizations as well.

There are two primary valuable features. 

It works without the end-user having to do anything. It just works. 

Second, the fact that it's signatureless is valuable. It's very light on the endpoint and does not have any performance hindrance on the endpoint. That is a huge plus as well. We've used some other products in the past that just really bogged down the machine. If we do scans in the background, and I get a request that someone wants to do scans at night, it's fine. You can take your computers home and turn them off in the evening. I don't have any of those kinds of issues with Morphisec.

Morphisec's approach to using deterministic attack prevention is a big deal for us with all the zero-day attacks and ransomware that's going on in the industry. What we've seen is quite a downturn in the virus or signature-based attacks on the endpoints and even malware. The zero-day attacks are really at the forefront industry-wide, whether it be my company or financial companies. 

Since using Morphisec we have seen a downturn in attacks because Morphisec protects us versus Defenders and whatnot that are signature-based. I know we have not had any issues with ransomware or other zero-day attacks that we've seen with machines that, all of a sudden, have become before we instituted the product. Now the machine had to be re-imaged and there was a loss of data because something was on the machine. You couldn't really determine what was on the machine because nothing was picking it up. The products we were using weren't picking it up.

We're getting ready to deploy the cloud platform. I've already got the cloud portal and everything available to me. There are some nice additional features in there that were some of the things that I had requested previously. Those are some of the features that I was looking for on my on-prem platform that they've already instituted in the cloud and that I'm sure will be instituting on their on-prem platform as well. Having to have an on-prem server required a lot of administration. Being able to push that to the cloud and have it managed up there for us is a real nice addition.

We've been using Morphisec since the inception of the product. We were really one of the first commercial organizations in the United States to use it in production. So, we started with a version 1 product, which was several years ago. We were looking to complement our stack of endpoint security products. I then went out and started doing research for primarily zero-day signatureless software that we could utilize on our endpoints. Doing my research, I came across the Morphisec product, placed a call to them, ended up talking to one of their founding members of the product. We also looked at CrowdStrike, Carbon Black, SentinelOne and some of the other similar types of software out there. We decided that Morphisec would definitely be the best solution for us.

As far as scalability, you can put it on a couple of endpoints or you can put it on thousands of endpoints. The initial installation is very fast. It's a minute and a half, two minutes, and you're done. You walk away.

The machine connects to the domain, the application's installed and it shows up in the dashboard and you move on. We put it into the group policy, there's the script, send it out, install it on the endpoint and we don't have to touch it.

Whereas with a lot of the other applications, you have to touch every single machine and make sure that it gets installed correctly, and that it's loading correctly. We just don't have to do that.

It's so fast that the end-user doesn't even really know that it's happening. For the end user's experience, it's absolutely over the top. We've had other products in the past that we've used and we've had complaints. The CPU could be dragging because their thing is doing some big scan in the background, or the application or agent itself is, for lack of a better term, very heavy so it uses a lot of memory and uses a lot of CPU, and drags down the machines. I have a company of engineers and scientists and they want all the horsepower they can have on their machines and don't want something running in the background that's dragging down what they're trying to, where they're trying to work.

We're doing between six and seven hundred nodes.

I have several people that monitor this stuff but it really takes one person to set it up and let it go. It takes a very small piece of one person's time to do this. I have multiple people because I want them to be able to have experience and understand what's going on in the environment.

To administer it, it takes less than an hour of my time a day. I get reports sent to me. I can review reports. If I need to go into the dashboard, I can pop into the dashboard very quickly, see what's going on, see if there's anything that needs tending to, and then move on about my day.

I have absolutely without a doubt seen ROI. It's the cost savings compared to other products, the performance of the product, and the amount of time saved by my team on issues that were happening before we installed Morphisec and utilized their product. I got a return on investment in less than a year.

I do not have to pay extra for anything. We're an Office 365 shop but we do not use the MS3 E3. If we would turn around and use that product in the cloud as far as Office 365, then the integration is instantaneous all the way through into Office 365. But that's not dependent on Morphisec. That's a dependence on my licensing with Microsoft.

If you don't have that integration, Morphisec integrates with just the Defender on the desktop. It's built-in. You're not paying extra for something to have that feature set.

One of the things we looked at was to see how the solutions affect the endpoint performance. Because when you start stacking up products on top of each other, on the endpoints, you can run into performance issues, memory consumption, CPU consumption, and whatnot. Morphisec was very light and does not consume hardly any CPU or memory. It runs in the background unknown to the user. It doesn't do a bunch of alerts and stuff to the end-user. It just works in the background. Then you have a dashboard and a portal that you can manage and see what's going on. Morphisec was a really good fit for us.

In the early days, on a Windows platform especially, you had third-party virus protection applications. McAfee, Kaspersky, Norton Symantec, and those types of things, and we've used several over the course of the years. When we finally migrated fully to Windows 10 platform, Windows Defender was much better at what it did. And one of the things that came up the pipe was Microsoft integration with Morphisec so that I can see what Defender's doing as well as what Morphisec's doing in our dashboard or portal. That was very unique and this worked out very well.

The other solutions at the time did not provide those things, and so that was a big plus for us too. It was nice to be able to see what's going on with Defender endpoints as well. It has been a great product for us. It definitely does what it says. Their support is second to none. If I have an issue with a false positive or something, I can place a service request and they're on it right away. We review it and they resolve it. I really can't say enough about the product and the team that supports the product. They've been great. They've treated me like kid gloves since the very beginning.

I've used their product since its infancy, if they're looking for a product that is reasonably priced, does what it says it's going to do, requires very little administration and deployment effort, then this is the product I would be looking at.

Compared to what I've seen out there right now, I'd rate Morphisec a 10 out of 10. I really can't say enough about the product.

There may be some other products coming out there that are going to compete, and that's fine. And if you look at those other products, you better take a really good, hard look at Morphisec and see what they can do. Look at the whole entire package, the support groups, and what type of support they get that you're getting, that you may not get with other products. That's an important piece for us, if something does go wrong, you know you've got someone you can call, you know you've got a support portal to put in a ticket that you're going to get a very quick response from. You look at the whole package, not just one piece of it.

Since the beginning, their deployment strategies and everything has continued to improve and get better and better. You can't do that if you're just sitting in a room, a bunch of engineers and say this is what we're going to do and this is how the customer has to do it. 

They treat me with kid gloves and I really can't say enough about the product and how it's performed for us and the support we continue to get, even years later. I get the same amount of support that I did in the early days.