Morphisec Reviews

Our use case is to augment our antivirus software that's on our endpoints to go in tandem with Microsoft Defender. It's also going on our Windows and Linux servers as well. 

Morphisec has helped us in our deployment strategy of endpoints and keeping a good inventory of our assets. We do that with Defender, but this is another tool to help us know what assets we have deployed, the ones that Defender doesn't always cover. 

If Defender is turned off somehow and Morphisec is on then we can investigate. Or the other way around, if Defender's on and Morphisec is not installed, we can have it installed. It does checks and balances on our deployment so we're not left with an endpoint that's unprotected.

The ability to stop attacks without having to detect or have a signature for the attack is the most valuable feature. It's just a different way of stopping attacks, by defeating it at the endpoint before any damage is done.

Morphisec provides full visibility into security events from Microsoft Defender and Morphisec in one dashboard. Defender and Morphisec are integrated. It's important because it lowers the total cost of maintenance on the engineer's time. The administrative time is dramatically reduced in maintaining the product and saves an engineer around four to five hours a week.

It's extremely easy to deploy. It functions without needing to talk to a server. It's completely silent once you've installed it. It's been really silent behind the scenes and has not conflicted with other software. It's a real set and forget.

We started in the Linux platform and we deployed to Linux. The licensing of that has been confusing between Linux licensing and Windows licensing. The overall simplicity of licensing or offering an enterprise license to cover everything and not needing to count needs improvement.

They've integrated with Defender well, but they should continue maturing that integration so that you can just check boxes with Defender installed to add Morphisec as well. There's licensing and all that, but they should try to make the implementation as easy as possible. It's easy now but they should continue down the path of making it as easy as possible.

I have been using Morphisec for two and a half years with a POC before that. 

From what we've seen it's stable as it can be. If there's such a thing as 100% availability, it's there. I think the architecture of it being deployed and standalone for all desk purposes makes it super stable. The biggest concern was conflicting with the applications on the desktop, and we had not seen that at all. It's been very reliable. We haven't been on the cloud version for very long, but so far it's been very reliable.

It should scale without an issue. It's about the deployment strategy and getting it deployed. Once you have a good deployment strategy, then it can scale to hundreds of thousands of endpoints, if you have them.

We are protecting around 3,000 endpoints. Then when we're all finished, there'll be about five to 6,000.

There is no upgrade that we know of yet, so we're on the latest version. I would anticipate once a year that we would have an upgrade to the endpoints. And it would probably take 10 to 20 hours of information security engineer's time to make that happen.

Their technical support is very good, responsive, and has good follow-through on open tickets. We don't have any issues with them.

The initial setup was relatively straightforward. We first installed Morphisec before they had their cloud server, which was a little bit more complicated. But now we've converted to their cloud server, which has made it much, much easier. You don't have the burden of setting up a server and getting the missing libraries and all the issues of setting up a server. Now with the cloud, it's simple.

It took us three weeks to set up with the server.

We did a proof of concept first, and then we tested it to make sure it would catch known malware with no antivirus on the endpoint. Then we started the deployment strategy and our deployment strategy was laptops first, then virtual desktops, and then servers.

We worked with Morphisec and our own engineers for the deployment.

We had a very good experience with their engineers. They were very knowledgeable about the Microsoft stack, easy to work with, and responsive.

Our ROI is having another level of control. I can't yet identify breaches that Morphisec stopped directly, but it'll pay for itself once it does that. It's really the extra layer of control that we didn't have before.

We've gone through several iterations over renewals. I think it's reasonably priced. I wouldn't say it's cheap, but I also wouldn't say that it's over-the-top pricing. An enterprise agreement would be nice so we don't have to try to count or get an estimate of the number of endpoints. If we go through growth and add 500 laptops, I don't want to have to go back and change our licensing to add that capacity. I'd rather just have that built into the contract.

We haven't seen any additional costs to the standard licensing. 

The options we looked at were more in the antivirus space. Morphisec as a product does not have direct competitors because of its unique architecture. There are other advanced endpoint protections that I looked at, but this one was by far the most unique architecture. It has a unique way of adding another layer of controls on the endpoints.

Morphisec hasn't added to my team's workload. It hasn't reduced it, but it hasn't added to it.

I didn't buy it to save us money. I bought it to add another level of control at the endpoint beyond antivirus. So it's really adding another layer of defense.

My advice would be to understand how Morphisec works from the Bad Actor's perspective, on how a Bad Actor or malware can compromise Windows or Linux. Morphisec gets to the root of those compromises. Rather than trying to detect the compromise, a design in the operating system issues and defeating those there or rather than trying to respond to changes in malware, they're defeating it right at the exploit level.

I'm part of Morphisec's sales team half the time when I'm trying to educate other IT leaders, my peers, or other CISOs on how it's actually working because it takes a little while to understand it. So my advice would be to really try to ask questions about how the architecture works. Because it doesn't really work like another AV. It works much differently than other endpoint protectors.

I would rate Morphisec a nine out of ten. 

Our use case is for memory protection of our desktop and VDI computers beyond traditional antivirus capabilities.

We are on the most recent release.

We have seen it successfully block attacks that a traditional antivirus did not pick up.

Morphisec has reduced the amount of time that we spend investigating false positives by four to eight hours a month.

Memory morphing and the central console are the most valuable features. Most traditional antivirus solutions don't come with these features, so you need a tool, like Morphisec, to add this functionality.

It would be nice if they could integrate Morphisec with other traditional antivirus solutions beyond Microsoft Defender. That is probably my biggest gripe.

I have been using it for three and a half years.

It has been very stable. We haven't had any unintended consequences. Usually with security solutions, they introduce a lot of chaos and false positives in an environment, but that has not been the case in Morphisec. It has been uneventful, luckily.

We don't really have a lot of maintenance that goes on day to day. A lot of it is kind of set it and forget it. We have one admin who works on it, but they probably only touch it once a week unless they get an email alert that tells them to look at something.

Our environment isn't particularly large. We only have around 500 endpoints in our environment.

I would rate the customer/technical support as 10 out of 10. They are all very competent, motivated people who are very helpful.

We did previously use another solution before Morphisec. The company was acquired by VMware and discontinued.

We started it on a very small subset of computers. We tested on those for an extended period, then we pushed it out to the entire environment.

The deployment took 30 minutes at most.

The solution is very easy to deploy. They have excellent trained staff who can assist with a deployment as well as upgrades. They make it as easy as possible.

We haven't had any cybersecurity incidents on machines running Morphisec. We also haven't seen a large number of false positives on machines running Morphisec. I guess you could argue that there is a return on investment there because it has obviously decreased the amount of time that we spend looking at false positive events and remediating cybersecurity incidents. In general, it is always harder to build business cases on security tools.

Morphisec makes use of deterministic attack prevention that doesn’t require investigation of security alerts. There is less overhead because it is more focused on the protect versus remediation, removing additional steps that you need to do associated with remediation.

Morphisec has reduced our team’s workload by four to eight hours a month.

It is a little bit more expensive than other security products that we use, but it does provide us good protection. So, it is a trade-off.

There aren't too many players in this market. It is very niche. Morphisec is in an interesting niche that a lot of companies might touch on, but not at the depth and breadth that Morphisec does.

We have looked at other vendors, but they don't necessarily overlap with Morphisec. 

While the solution provides full visibility into security events from Microsoft Defender and Morphisec in one dashboard, we are not using that function right now.

The best thing would be to first understand the difference between traditional AV solutions and the Morphisec product. After that, it is just so easy to implement and install. I would recommend running an evaluation of it, because there is no reason not to.

I would rate Morphisec as eight out of 10.

We've been using Morphisec as a layered defense in our security plan. We have beefy firewalls and another antivirus; Morphisec isn't technically an antivirus. It's a protection agent. It's one of the layers of our security plan. We use it to defend ourselves from any sort of CryptoLocker attacks or ransomware drive-bys, and it should catch auto-executes that come from ads. We haven't been breached, as far as I'm aware.

We started with it on-prem and we had no complaints. It made sense. A cost analysis was done and on-premises cost less than the cloud, which is how things normally are. We used our own network so the cost was cut because they didn't have to use any of the load on their servers or network. It was all on us. But about a year ago they approached us and we were torn away from the on-premises solution. They made such a compelling cost-savings case for us to go to the cloud that it made sense to go to the cloud. We also got another service from them along with the protector, some sort of BI.

We're using it on all of our endpoints, servers and desktops that users touch. For servers that don't get touched by users, we don't have Morphisec on them because we just don't need it.

I wouldn't be doing Morphisec any favors saying, "Well I can't tell if it's working because the rest of our security posture seems to be taking care of anything else that gets through." Maybe it's not working at all. I can't tell. It would be useful to set up a virtual machine—and this is something I should bring up with our Morphisec person—and get some triggers that are actually on our dashboard so we can prove to management that Morphisec is doing what they said it was going to do. Worst case scenario, we have an infected virtual machine that I just blow away. The short answer is that we haven't seen it protect us from something yet. 

It hasn't taken anything off my plate. It's just a "gun under my pillow at night". It's something that we can tell our cyber-insurance people, "We have this, and this was used." In "Pretend-Land," where we got compromised, we can say, "We have all these layers of security and it managed to get through all of them, so we did our due diligence. Now please pay us for our losses."

What's valuable is really the whole kit and caboodle of the Morphisec agent. What it does is genius, in a way, until the bad guys get wise to it. You set it up and then you watch the dashboard. There isn't really much tinkering. As long as you did the install correctly, it should be pointing at your server and it will tell you a bunch of information on each client.

We have only had four attacks in the last year, "attacks" being some benign PDF from a vendor that, for some reason, were triggered. There were no actual attacks. They were just four false positives, or something lowly like adware. There have been false positives with both the on-premises solution and the cloud solution.

I'd rather see false positives than not seeing anything. If I see nothing then I literally cannot tell if it's working or not. But there are some false positives that are ambiguous enough to be caught.

We have been using Morphisec for about two years.

I don't look at the dashboard every day, but the on-premises solution was flawless. If the network was down between the clients and the server in our local area, we would be in trouble. But Morphisec's AWS implementation has been stable as a rock.

I believe it's scalable. I don't know what the upper limit is. Our company is a medium-sized business, with about 100 end-users and 500 employees in total. Morphisec easily holds those 100 users.

All the end-users are using the solution, meaning the solution is attempting to protect them from the silly mistakes that they make. But there are only two of us who actually look at the dashboard.

The business is growing so we do increase the number of clients. Whenever we add a new computer, we add Morphisec to it. Once we get to version 5, we'll revisit the ATP integration.

We didn't have a solution before Morphisec for this specific layer of defense, for the CryptoLocker/ransomware niche. We had an antivirus.

The demos worked great. They would open a bad file on a virtual machine and we watched the CryptoLocker being stopped in real time. It's hard to compare with that.

The initial setup was definitely straightforward. It has to go on every computer. There's a different installer for desktops versus servers. You just choose which one is which. We use PDQ Deploy, and a script that the onboarding technician helped us with, and it worked. It ran perfectly. We even have scripts for uninstalling it and installing the newer version, and Morphisec assisted us with that. It was definitely easy to do.

Before I saw the version 5 update and the notes on that, about how it's going to update automatically, I'd say the implementation was a slight pain. It wasn't a huge pain but you can't really get away from how you have to install this on all your computers. However, they actually made that process very easy, and I can do it with just a couple clicks to almost an entire organization, as long as computers are online.

Over the course of a day, it took about two hours to get the script going and select all the computers for each kind of installer. I kept running it over the course of the day because certain computers would be turned off or they were restarting. I had to do a good couple of runs of it, but it was very simple and quick.

Since there was nothing already doing what Morphisec does, on the computers, and Morphisec plays well with the current antivirus that we are using, we just installed on each computer remotely and it started working. We watched the dashboard fill right up in a matter of minutes.

We're not on the latest version but I'm actually excited for the latest version because it will do away with the manual updating process. The clients will start to update themselves. We will have to wait until one of our Morphisec representatives reaches out to us so that we can get the installer for the newest version. Version 5 is where it begins self-updating. Until now, I've had to manually update each time we wanted to do an update. The new one will mean I won't need to be worrying about updating or if the versions are out of date.

In terms of working with the solution, if Morphisec says, "Hey you're going over the number of licenses," we look to see how many are offline and we look at the versions. We look at it just to make sure that everything is going okay. We have alerts for when there's a threat. We get emailed saying, "Hey, look at this. There's a threat going on on XYZ computer."

I haven't seen ROI because I haven't seen a threat that it has protected against, exactly. If you're always wearing a bulletproof vest and you never get shot, was the vest worth it? I'd rather have it than not have it.

We looked across the rest of the security field and we spent more money on Morphisec than other solutions that do a similar thing, but the demos that we've seen were impressive enough to sway management. The technology behind it is clever enough for us to think it's cutting edge. It didn't save us money but we spent money on it because we thought it would be a good product.

The way that they explained how their solution works was more in-depth than other solutions that we were looking at. It looks cleaner. It has a good UI for the dashboard. It's not overbearing with security tabs and a lot of other stuff. It tells you, "Here's the list of all of your protectors. Here are all the threats. Here's the dashboard that gives you a little bit of everything," but not in an overwhelming way.

It sells itself, honestly. My advice to others looking into implementing Morphisec would be to use PDQ Deploy. The hardest part was getting all of the endpoints protected in a timely manner, but Morphisec assisted us with that. They suggested PDQ Deploy, which is a great tool. Implementation went so smoothly because of that.

Morphisec provides full visibility into security events from Microsoft Defender and Morphisec in one dashboard, although we're not currently utilizing that feature. We're definitely interested in it. The reason we're not using it is because you have to purchase the upgraded version of Defender for Microsoft. We thought it was the regular Defender that each one comes with, but it's actually ATP, Advanced Threat Protection. That's what integrates with Morphisec. We're just waiting for the CFO to say, "All right, who wants a bigger budget?" and we'll say, "Yes, us, please: ATP." We would do it if we could bend our CFO's arm to get that kind of protection.

Our primary use case is to have it for more protection than Defender can give us. We wanted more protection against the threats that are out there with malware and ransomware being the biggest. It's to supplement threat protection in addition to having Microsoft Defender. 

We only use the agent. We've transitioned from on-prem to the cloud this year.

We haven't had an issue since we've had Morphisec, so it's working. If we see something, we'll ask them about it, and then if we need to, we'll look at the machine. Generally though, if we find something, we tend to re-image a machine as opposed to fixing it. We just wipe it.

Morphisec gives me even more than Microsoft can give me, even if I were to pay. It doesn't technically save us money because we're paying for a Microsoft package that comes with Defender. 

It has reduced the team's workload by a couple of hours a week. It also saves money on our security stack. It's cheaper than others. It saves between $10,000 to $15,000 yearly. 

We liked the ability to see both the Defender and Morphisec through a single console to see the problems that might be going on.

It provides full visibility into security events and from both solutions in one dashboard. I'm not a big security guy, if I have a threat that looks like there's a problem, I will ask Morphisec to dissect it for me, and tell me what might be happening. Because it tends to be all hash codes, so I can tell what's going on. They've been pretty good with that.

I haven't been able to get the cloud deployment to work. When there's an update, I'm supposed to be able to roll it out for the cloud solution, but right now I'm continuing to use our SCCM solution to update it.

I have been using Morphisec for a year and a half. 

They've been very good. We've been able to see any problems that we have easily. We've been able to deploy new solutions. The migration from on-prem to cloud was very easy because Morphisec did it for us. They migrated the data. When I do have problems, if I need it, I can call them. They've been right there for me.

The agent that is installed on the endpoints stable doesn't take up a lot of resources. 

I haven't had any problems scaling it. I only have about 3,100 devices to deploy it to plus seven servers. 

In terms of maintenance, I just look at the reports and see what's happening and if there's something that's going to need attention.

Technical support was very helpful. I just told them I had a problem and they went and found the solutions.

I have had other solutions. We were just on the Defender and we added Morphisec to that. 

The initial setup was straightforward. For the original, we built the on-prem solution, which was a single install that they provided, and then we deployed our clients through our SCCM. We just did it with an MSI file. It was very straightforward. It took half a day. 

We deployed it ourselves. 

The ROI is that we haven't had any outbreaks. It's working.

Pricing was competitive. There were no additional costs to standard licensing. 

We looked at a full Malwarebytes deployment and Sophos. We liked the price and then supplemental for the Defender since we were already paying for Microsoft.

We were going to be required to remove Defender, which would have been extra steps, and that almost never goes smoothly. Plus we were concerned about the size of some of the clients and how well they were going to perform for us. They had older machines.

It's been a good experience. Morphisec has been helpful and we haven't had any outbreaks since running it. The install was easy. Updates have been pretty easy.

I would rate Morphisec a ten out of ten.

We use Morphisec in conjunction with our other endpoint tools to be a type of fail-safe. If something can get through Trend Micro or CrowdStrike, Morphisec is the secret weapon, because if it sees anything it will stop it. We have a defense-in-depth model, and Morphisec caps it off for us.

The solution is hosted by the vendor.

Often, it's very hard to get the vendors of the biomedical devices we use to allow us to install security software on their devices for monitoring. Morphisec is the first one that we've gotten the vendors to potentially buy-in on. They're taking a look at it to see what it does and allow us to start distributing it across some biomedical PCs. That's a big deal for us.

Another benefit is that, while Morphisec hasn't necessarily reduced the number of false positives we get, it makes it easy to determine whether something is real or false. We don't have to spend a lot of time trying to figure that out. We get a lot more false positives from CrowdStrike. When it comes to investigating something like that with Morphisec, we don't have a lot of occurrences. We may have gotten three false positives from it in the last year, and that was when an application got upgraded and changed.

The simplicity of the solution, how easy it is to deploy and how small it is when deployed as an agent on a device, is probably the biggest aspect, given what it can do.

It's a set-and-forget, unless somebody says something or we get an alert. It is not something you have to manage every day, that's for sure.

The only area that really needs improvement is the reporting functionality. Gathering the detailed information that is in the system for an executive, or for me as a director, could be better. Some of the interface and reporting aspects are a little bit dated. They're working on it.

We have been using Morphisec Breach Prevention Platform for just about four years.

I've never had a problem with its stability.

In terms of scalability, it's easy to push out. It will go on pretty much any Windows device, which is great. We have it on every endpoint our organization owns. That includes servers and workstations. The only thing it probably does not touch is anything that is biomedical. We've adopted it 100 percent. Obviously, we'll add licenses as we add devices.

We are also looking at some of Morphisec's other product lines that they have recently come out with.

I would rate their technical support very highly. If we need technical support, which we haven't needed much, they're quick to respond.

Aside from that, I would say that working with Morphisec, from the business development and partnership points of view, has been tremendous. They're always willing to listen to new ideas. And they come to us and say, "Hey, we have these things that are going on. Are you interested in looking at it and giving your opinion on it?" They're very in tune with customers and communicate well, which is rare.

Positive

We did not have a solution to do what Morphisec specifically does. We don't use Microsoft Defender. I know Morphisec has the capability to pull all that together, but we are not a Defender customer. Currently, we use CrowdStrike.

With our testing process and our change process, it took us about a month to deploy the solution. It was very short compared to what our processes normally take.

We deployed it to the IT department, and then to another group as a testbed. After dealing with any small issues, and by that I mean there were a couple of applications we had to whitelist, we started deploying it across our fleet to all 6,000 devices.

It's simple to push it out through SCCM because it's a very small, lightweight application that does not affect the users in any way. It does not slow down their machines or have dependencies that need to be installed, and it runs on pretty much everything.

The financial savings are unknown, but the risks that Morphisec offsets, and the dollar amounts tied to those risks, are tremendous. We're potentially saving millions of dollars from a breach because we have Morphisec in place.

The pricing is definitely fair for what it does.

Before we got Morphisec we evaluated solutions that claim to do similar things, and we have done additional evaluations since we started using it, but I don't think anything can truly touch what Morphisec does and the way it does it.

A lot of the solutions out there are basic antivirus tools and they add on EDR capabilities. They're usually trying to compare EDR to Morphisec. A lot of the competition says they're similar, but they're rooted in old ways of doing things. Morphisec is just a different process.

My advice is to get to know the individuals at Morphisec. Lay out your infrastructure and where you need to put it and let them help you do that. Also, be open to new ways of tackling security problems.