We just raised a $30M Series A: Read our story
Barry Bastiaansen
CISO at a logistics company with 1,001-5,000 employees
Real User
Top 20
Stops breaches before you detect them

Pros and Cons

  • "Morphisec Guard enables us to see at a glance whether our users have device control and disk encryption enabled properly. This is important because we are a global company operating with multiple entities. Previously, we didn't have that visibility. Now, we have visibility so we can pinpoint some locations where there are machines that are not really protected, offline, etc. It gives us visibility, which is good."
  • "We wanted to have multi-tenants in their cloud platform, so every entity can look into their own systems and not see other systems in other entities. I have a beta version on that now. I would like them to incorporate that in the cloud solution."

What is our primary use case?

We use it for ransomware protection.

How has it helped my organization?

It is the first product that we are using globally. Beside that, it is a good security solution. It is good for centralizing our IT, the way we think about security, people, and processes.

Morphisec Guard enables us to see at a glance whether our users have device control and disk encryption enabled properly. This is important because we are a global company operating with multiple entities. Previously, we didn't have that visibility. Now, we have visibility so we can pinpoint some locations where there are machines that are not really protected, offline, etc. It gives us visibility, which is good.

It easily prevents breaches of critical systems. It stops them before you detect them, then you don't have to delve into an attack since it was stopped.

What is most valuable?

There is no performance degradation on remote working. We work on PDIs at home without any performance degradation, which is great.

The solution provides full visibility into security events from Microsoft Defender and Morphisec in one dashboard. This is important because it is always good to have less dashboards and panes of glass. If it is all in one, then it is so easy to manage, see, and report on it. This makes the world a much easier place. We use this in our South African entity. However, at our HQ and other entities, we do not use Windows Defender. We have another antivirus or endpoint security tool, so that is not in one dashboard, though we are probably going to move to Windows Defender. The single dashboard is a factor in our consideration for moving to Microsoft Defender as well as cost.

We use Morphisec Guard for antivirus first. It offers visibility into and control over Windows 10-native device control, disk encryption, and personal firewalls. It is one of the key features for why we are using it since we are all Windows 10 users. Morphisec Guard is very important.

What needs improvement?

We wanted to have multi-tenants in their cloud platform, so every entity can look into their own systems and not see other systems in other entities. I have a beta version on that now. I would like them to incorporate that in the cloud solution.

For how long have I used the solution?

I have been using Morphisec for a year.

What do I think about the stability of the solution?

It has been very stable.

There are two dedicated IT maintenance, and that's it. We also have other people who are now engaged with the implementation of Morphisec. We also train them on administration tasks, e.g., how to look at the dashboard and see if there are any problems.

Not much maintenance is required. Upgrading and pushing the upgrades to the endpoints is done by Morphisec. We only have to look to see if it works on all our machines. If not, then we contact Morphisec.

What do I think about the scalability of the solution?

It is very scalable.

My company has multiple entities, i.e., multiple suborganizations and locations. One entity can be a location or a geographically dispersed organization.

There are about 3,000 end users who have their own endpoints. We have a large number of servers and are a logistics company. Administrators, operations staff, and clerks all do the same types of tasks.

Morphisec is used for every system in the organization. It is on every system, server, and endpoint. Everybody is using it, not actively, but they have it on their machines.

How are customer service and support?

Every week. I speak with someone from Morphisec. If there is something wrong, I can immediately tell them. Then, in the next meeting, they will provide me with a solution.

Their tech support is very good, understanding, and flexible. They know exactly how to work with different people and cultures. 

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

There wasn't a solution like this one, previously. We only had the endpoint security, endpoint protection platforms, EDRs, XDRs, and MDRs, but they don't really have the stuff that Morphisec is doing.

Previously, we didn't investigate false positives. Our company was security immature. If something happened, we didn't investigate it deeply. We just reacted to the fact that something didn't work, then we recovered it and it worked again. Now, we are seeing less false positives using Morphisec.

How was the initial setup?

Our organization is complex and the network is complex, so the initial setup was complex. There was some friction with GPO. We technically implemented it the right way, but it didn't go in automatically. They had to rewrite and recode some parts of it before it could be done automatically.

We are still deploying it. In the end, it has taken more than a year.

We started at HQ and another entity (South Africa), then we wanted to move forward to entities who were in the same network domain as the HQ. We are now in phrase three. It is a global program. We are now implementing, during phase three, in the entities who have their own network structure. 

What about the implementation team?

We worked with Morphisec for deployment and implementation. We worked side by side with Morphisec for many of the problems that we encountered during implementation.

What was our ROI?

Morphisec has given our security team's operations peace of mind and more time for patching.

In the end, it saves us money on our security stack because we use a very expensive endpoint protection platform. We are planning on moving towards Office 365, then having Windows Defender integrated into that so we can save money on our endpoint protection.

What's my experience with pricing, setup cost, and licensing?

We are paying per endpoint/machine. We have a two-year contract with Morphisec.

We have had some additional costs because of their cloud. We have needed to make some changes within the cloud environment of the Morphisec tooling, which have added some additional costs.

It does not have multi-tenants. If South Africa wants to show only the machines that they have, they need their own cloud incidence. It is not possible to have that in a single cloud incidence with multiple tenants in it, instead you need to have multiple cloud incidences. Then, if you have that, it will be more expensive. However, they are going to change that, which is good.

Which other solutions did I evaluate?

We evaluated other solutions, but they were quite expensive nor did they do what Morphisec does.

Morphisec Guard has more control than Windows 10-native security tools. For example, with Windows Defender, you can configure it, but you don't have a dashboard. Monitoring with it is a bit difficult. It is better with Morphisec Guard. However, Morphisec combines well with Windows Defender.

What other advice do I have?

I am quite happy with the way they perform, providing us with information, new possibilities, and new features. My advice, "Just do it," if you are looking at implementing this solution.

Morphisec makes use of deterministic attack prevention that doesn’t require investigation of security alerts. If you want, you can deep dive into an attack, but you don't need to. In the future, we may have more security personnel and want to deep dive into an attack to see where it happened, what happened, and learn from it. Then, maybe we can have some other controls in place in other areas of our IP environments. Because of the deep dive and benefit analysis, it is good. However, we don't do that now.

The solution has added some workload because there previously wasn't a security team in place. Now, with the focus on security getting higher, the board of directors wanted to have some more security in place. One of the first tools that we bought was Morphisec, besides endpoint protection, antivirus, and firewalls. Our dedicated security tooling was Morphisec. It added focus in the company on security. Also, some people are busy with security now, besides their normal jobs. 

If we have more machines, then we will definitely increase usage. Also, Linux is now out of scope because they don't have it in their suite yet. If this is added into their suite, then we could have Linux protection as well.

Biggest lesson learnt: It is quite difficult to have an organization with a lot of complexity in their networking as well as differences in the way the network is architectured. It is always more difficult than you think. 

I would rate this solution as nine out of 10.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
MikeCarr
Director of IT at Clune Construction
Real User
Reduced the amount of time we spend investigating false positives

Pros and Cons

  • "The biggest feature is that it hides everything from your operating system that's running in-memory from anything to try to run against it. That's the most unique thing that's on the market. There's nothing else out there that's quite like that. That's a big selling point and why we went with it. It does exactly what the design does. If you can't find it, you can't execute against it."
  • "Automating reports needs improvement. I would like to have better reporting capabilities within it or automated reporting to be a little bit more dynamic. That's something I know they're working on. We literally are in the process. We started the process a week and a half ago of going to their latest version, so I've not seen their latest one up and running yet."

What is our primary use case?

Morphisec is deployed to our desktops and servers, and we're running a server for it. We're switching to their cloud server and then it will be managed through that.

When I started at my company five years ago, they did not have a lot of protection in place. I ran across Morphisec at a technology show that I was at, got to really speaking with them and understanding the technology. I felt that this would be one cheaper way to help block anything from actually running in memory or execute against anything we had running in-memory on our endpoints.

How has it helped my organization?

We're not only using Microsoft Defender we also use Sophos. Morphisec plays well with Sophos also, which was another selling feature, because we wanted to make sure we had a traditional anti-malware and antivirus platforms also.

Prior to me starting with using it, we had infections and machines that were taken down. We have not had one machine that has been taken down due to malware now in almost four and a half years. That's huge. We have 600 machines right now that we don't have routine infections because nothing can execute.

It has definitely affected our team's productivity. 

Morphisec has reduced the amount of time we spend investigating false positives. It doesn't allow anything false to execute against anything. So if something does get triggered to an alert, it was definitely a problem that was resolved and isolated immediately. We have Morphisec as a base layer and we have Sophos as a secondary layer. Between those three tools or those three levels of security, nothing is getting run on those machines.

It has also reduced my team's workload. They're not rebuilding machines and reformatting and remediating problems as nearly what we were when we first started. We were dealing with a ton of infections. The company was much smaller then. We were 300 employees and we're at 600 now. I don't have anything to quantify that because we have grown so much and we don't have the problems as I did a couple of months ago before we put that in place.

Morphisec helps us to save money on our security stack. First and foremost it helps by preventing infections which prevents my technicians from having to re-image machines or remediate the problem itself. That rate right off the bat is savings. I cannot quantify that because I don't have a number compared from four and a half years ago to now.

What is most valuable?

The biggest feature is that it hides everything from your operating system that's running in-memory from anything to try to run against it. That's the most unique thing that's on the market. There's nothing else out there that's quite like that. That's a big selling point and why we went with it. It does exactly what the design does. If you can't find it, you can't execute against it.

What needs improvement?

Automating reports needs improvement. I would like to have better reporting capabilities within it or automated reporting to be a little bit more dynamic. That's something I know they're working on. We literally are in the process. We started the process a week and a half ago of going to their latest version, so I've not seen their latest one up and running yet.

For how long have I used the solution?

I have been using Morphisec for about four and a half years. We're a couple of releases behind, but we're in the process of doing a cloud migration right now.

What do I think about the stability of the solution?

The stability is great. We don't have problems with it. We have not had a problem with it where it's gone down, not functioned or anything else in the four and a half years we've been using it.

What do I think about the scalability of the solution?

We have not encountered any issues with scalability. We've been able to put it on whatever server we wanted with however many endpoints. We've grown from 300 to 600 since we started that process and there was no hiccup with adding additional machines or anything else.

There are about 600 users using it right now. We are a construction company. So, the roles are from admin, accounting, HR, IT, project management, field staff, supervisors, and superintendents. It's installed everywhere possible that we can as far as an endpoint.

There are two people on the infrastructure team who deal with it.

We do have plans to increase usage.

How are customer service and technical support?

The support has been very nice. We've had zero issues. They're very helpful. They're easy to get ahold of any time we've had questions. Their deployment team is the same way.

Which solution did I use previously and why did I switch?

Previously Malwarebytes was in place. I would not put it in the same category as this at all. Morphisec is a unique tool, one of the most unique ones on the market.

I had seen the demonstration. I was really impressed with what it did. My systems manager went through multiple demos, scenarios, and everything, and it really helped us out. Our rep made us 100% comfortable with the platform. So, that was really the selling part right there.

How was the initial setup?

The initial setup was pretty straightforward. I had my systems manager at the time just work with them and get it loaded up with no major issues.

The initial deployment was about two and a half to three weeks because we were going across multiple machines and servers.

Our strategy was to protect our endpoints right away, which we were able to create a deployment for that to get that up and running and work on what servers we could because we could not do every server. That's a very invasive process and it took us a little bit of time to get that worked out.

What about the implementation team?

We worked with Morphisec. 

What was our ROI?

I have seen ROI. The way I gauge that is the lack of tickets, the lack of machines not having to be imaged, the lack of the employees' time, which we could try to break down an hourly salary of around $40,000 a year. If they have to spend two days working on a machine versus what it costs me for that license, there is no comparison.

What's my experience with pricing, setup cost, and licensing?

It is an inexpensive platform. It gives us good threat protection prevention. The cost per user is significantly less than most of the other competitive products on the market.

We are still using a separate tool. I know for our 600 or I think we're actually licensed for up to 700 users, it runs me 23 or $24,000 a year. When you're talking to that many users plus servers being protected, that's well worth the investment for that dollar amount.

There are no additional charges to the standard license.

It's very straightforward. It's basically a flat-rate model. It is a scalable model. Contract-wise, it was simple. It was a one-page document and done.

What other advice do I have?

We have not delved into deterministic attack prevention. It has those tools in there. We have not delved into that because between that tool and our other tool, we really don't have any infections happening.

My advice would be to sit there and get a demo of it, understand it. I've actually spoken on their behalf before because I was a satisfied customer. It's a product that just works. You put it in place and you could forget it at that point. It protects against the unknowns.

Some of the other things were that they found stuff in a tool called CCleaner. They found a virus that was embedded in their code that they were submitting out themselves. As far as finding things and stopping things that are unknown, that's the biggest takeaway you can get from it.

They were thinking outside the box when they developed it, to put a tool like this in place that blocks the unknown, blocks things, executing against anything in-memory. 

I would rate Morphisec a ten out of ten. 

Which deployment model are you using for this solution?

Public Cloud
Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
Learn what your peers think about Morphisec Breach Prevention Platform. Get advice and tips from experienced pros sharing their opinions. Updated: November 2021.
553,954 professionals have used our research since 2012.
Billy Sainz
IT Operation Manager at Citizens Medical Center
Real User
Kills processes and alerts us, providing a full report that saves us time when investigating

Pros and Cons

  • "Morphisec also provides full visibility into security events for Microsoft Defender and Morphisec in one dashboard... in the single pane of glass provided by Morphisec, it's all right there at your fingertips: easy to access and easy to understand. And if you choose to go down further to know everything from the process to the hash behind it, you can."
  • "In the Windows Defender integration, they have put in a report of computers that need Windows Defender updates. If those updates could be kicked off directly from the dashboard, instead of having to go to another system entirely, that would be good."

What is our primary use case?

For the most part, it's an install-and-forget until it alerts. When it alerts, if a user has a script or something that runs and that tries to alter a process, a message pops up on the user's device and lets the user know, and then it shuts down the process immediately, preventing further infection.

We recently migrated to their cloud platform, which is hosted on AWS. We had on-prem servers but we're decommissioning them in the next week or so.

How has it helped my organization?

We've seen it work successfully in a couple of areas where it helped us stop a problem before it became a problem. A user clicked on something they shouldn't have clicked on, and it was going to do something. Morphisec will kill Internet Explorer, for instance. That's one of the most popular scenarios.

Morphisec has also reduced the amount of time we spend investigating false positives. Before we got it, it would take a couple of hours whenever we did have an alert, to identify the machine. Now it's really fast and simple because Morphisec provides a full report. We can then jump in there and see exactly what process or script kicked off the alert. We can go directly to it to see if it's legitimate or not. Usually, now, it takes a few minutes.

It helps us save money because of the reduced man-hours when it comes to hunting down something that happens. We also haven't looked at adding any other security software to our environment because we've been very happy with Morphisec.

It has also reduced workload. When I first started here, we had to remove the computers from a large section of a department to hunt down a problem. Now, it's just automatically shut down and we get an alert and we can go directly to the problem.

What is most valuable?

The killing of the processes and the alerting are the most valuable features. Where we used to have to wait for either an email to come in and say, "Hey, this has happened," or for a user to call and say, "Hey, this isn't working right," now, the moment it happens, it kicks off an alert to our Microsoft Teams and everybody on my team sees it.

Morphisec also provides full visibility into security events for Microsoft Defender and Morphisec in one dashboard. We purchased that functionality about a year ago. It's important to our organization because we are able to go to one spot to see and follow up on things, and that has been a big help. We're still trying to integrate Windows Defender so that it works with Azure, along with SCCM. If you've worked in SCCM, you know it can be a little bit confusing. When you go into SCCM, you have to do a lot of drill-downs and look for the problem. But in the single pane of glass provided by Morphisec, it's all right there at your fingertips: easy to access and easy to understand. And if you choose to go down further to know everything from the process to the hash behind it, you can.

What needs improvement?

In the Windows Defender integration, they have put in a report of computers that need Windows Defender updates. If those updates could be kicked off directly from the dashboard, instead of having to go to another system entirely, that would be good. It reports on it, but it doesn't let you take any action from there. 

Also, as opposed to when users are on the cloud where it will automatically update the correct agents when they check in, it cannot do that for a VDI client.

For how long have I used the solution?

I've been using Morphisec for three to four years.

What do I think about the stability of the solution?

I've had no complaints or concerns about the stability of Morphisec.

What do I think about the scalability of the solution?

Scalability is not an issue. The way it is designed is that it gets installed and pulls up the necessary plan from the server. Even if you shut down the server, it would stay running to push out more. You just need the licenses for it.

Our entire organization is using it, they just don't realize it. At any one time we have between 500 and 600 people using it. There are only two administrators of the solution right now. Up until now, as one of the administrators, I have done all of the maintenance, but now with the move to the cloud, Morphisec is going to handle that. My role will continue to include ensuring that clients are pushed out to the devices and to follow up on any alerts that come up.

We don't have plans to increase usage. Usage is based on the number of devices we have and we don't intend on expanding that at this time. But the goal is to have it on every desktop that exists in the hospital.

How are customer service and technical support?

Their support has been good. The only problem is that their support lives in Israel, so the time zones are a bit off, but I've never had any complaint beyond that.

Which solution did I use previously and why did I switch?

We did not have a previous solution for Zero-day protection.

How was the initial setup?

The initial setup was straightforward and simple. I believe we used a command-line PDQ Deploy and pushed it out across the organization. We were licensed for 1,500 machines in the beginning, 300 servers and 1,200 machines. We didn't go to each individual one. We just pushed it out from one spot to all of them, from a list.

A typical install takes about a minute. It may take three to four minutes if it has to uninstall an old version of Morphisec. Across the organization, it took a day to roll out. We have an inventory of everything we have. Our biggest concern, at the time, was what would happen on servers. For instance, I recently pushed it out to the servers, but we left it in alert-only mode for this new version. That way, if it did alert on anything, it would not kill any necessary processes for the organization.

What's my experience with pricing, setup cost, and licensing?

There are two major plans for Windows Defender, and we've chosen plan one. We haven't considered plan two yet because it was more of a cost-savings when we were looking at Microsoft. Going with Morphisec was more for the Zero-day protection that they offer.

Licenses are per endpoint, and that's true for the cloud version as well. The only difference is that there is a little extra charge for the cloud version.

The only cost, in addition to the standard licensing fees, is if you want the Windows Defender platform, the integration. That one was between $2,000 and $3,000. It's an add-on feature.

Which other solutions did I evaluate?

The one I remember that we looked at was Carbon Black. The reason we went with Morphisec was that it was well-reviewed at a conference by one of the members of our leadership.

What other advice do I have?

It's simple, it's easy, and it works. It's a product that actually does what it says it's going to do.

The biggest lesson I've learned from using it is that there are a lot more things in your environment than you want.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
Brian Lindow
Director, Technical Services and Information Security at SECURA Insurance
Real User
Top 20
Performs checks and balances on our deployment so we're not left with an endpoint that's unprotected

Pros and Cons

  • "Morphisec provides full visibility into security events from Microsoft Defender and Morphisec in one dashboard. Defender and Morphisec are integrated. It's important because it lowers the total cost of maintenance on the engineer's time, more or less. So the administrative time is dramatically reduced in maintaining the product. This saves an engineer around four to five hours a week."
  • "We started in the Linux platform and we deployed to Linux. The licensing of that has been kind of confusing between Linux licensing and Windows licensing. The overall simplicity of licensing or offering an enterprise license to just cover everything and then we don't have to count needs improvement."

What is our primary use case?

Our use case is to augment our antivirus software that's on our endpoints to go in tandem with Microsoft Defender. It's also going on our Windows and Linux servers as well. 

How has it helped my organization?

Morphisec has helped us in our deployment strategy of endpoints and keeping a good inventory of our assets. We do that with Defender, but this is another tool to help us know what assets we have deployed, the ones that Defender doesn't always cover. 

If Defender is turned off somehow and Morphisec is on then we can investigate. Or the other way around, if Defender's on and Morphisec is not installed, we can have it installed. It does checks and balances on our deployment so we're not left with an endpoint that's unprotected.

What is most valuable?

The ability to stop attacks without having to detect or have a signature for the attack is the most valuable feature. It's just a different way of stopping attacks, by defeating it at the endpoint before any damage is done.

Morphisec provides full visibility into security events from Microsoft Defender and Morphisec in one dashboard. Defender and Morphisec are integrated. It's important because it lowers the total cost of maintenance on the engineer's time. The administrative time is dramatically reduced in maintaining the product and saves an engineer around four to five hours a week.

It's extremely easy to deploy. It functions without needing to talk to a server. It's completely silent once you've installed it. It's been really silent behind the scenes and has not conflicted with other software. It's a real set and forget.

What needs improvement?

We started in the Linux platform and we deployed to Linux. The licensing of that has been confusing between Linux licensing and Windows licensing. The overall simplicity of licensing or offering an enterprise license to cover everything and not needing to count needs improvement.

They've integrated with Defender well, but they should continue maturing that integration so that you can just check boxes with Defender installed to add Morphisec as well. There's licensing and all that, but they should try to make the implementation as easy as possible. It's easy now but they should continue down the path of making it as easy as possible.

For how long have I used the solution?

I have been using Morphisec for two and a half years with a POC before that. 

What do I think about the stability of the solution?

From what we've seen it's stable as it can be. If there's such a thing as 100% availability, it's there. I think the architecture of it being deployed and standalone for all desk purposes makes it super stable. The biggest concern was conflicting with the applications on the desktop, and we had not seen that at all. It's been very reliable. We haven't been on the cloud version for very long, but so far it's been very reliable.

What do I think about the scalability of the solution?

It should scale without an issue. It's about the deployment strategy and getting it deployed. Once you have a good deployment strategy, then it can scale to hundreds of thousands of endpoints, if you have them.

We are protecting around 3,000 endpoints. Then when we're all finished, there'll be about five to 6,000.

There is no upgrade that we know of yet, so we're on the latest version. I would anticipate once a year that we would have an upgrade to the endpoints. And it would probably take 10 to 20 hours of information security engineer's time to make that happen.

How are customer service and technical support?

Their technical support is very good, responsive, and has good follow-through on open tickets. We don't have any issues with them.

How was the initial setup?

The initial setup was relatively straightforward. We first installed Morphisec before they had their cloud server, which was a little bit more complicated. But now we've converted to their cloud server, which has made it much, much easier. You don't have the burden of setting up a server and getting the missing libraries and all the issues of setting up a server. Now with the cloud, it's simple.

It took us three weeks to set up with the server.

We did a proof of concept first, and then we tested it to make sure it would catch known malware with no antivirus on the endpoint. Then we started the deployment strategy and our deployment strategy was laptops first, then virtual desktops, and then servers.

What about the implementation team?

We worked with Morphisec and our own engineers for the deployment.

We had a very good experience with their engineers. They were very knowledgeable about the Microsoft stack, easy to work with, and responsive.

What was our ROI?

Our ROI is having another level of control. I can't yet identify breaches that Morphisec stopped directly, but it'll pay for itself once it does that. It's really the extra layer of control that we didn't have before.

What's my experience with pricing, setup cost, and licensing?

We've gone through several iterations over renewals. I think it's reasonably priced. I wouldn't say it's cheap, but I also wouldn't say that it's over-the-top pricing. An enterprise agreement would be nice so we don't have to try to count or get an estimate of the number of endpoints. If we go through growth and add 500 laptops, I don't want to have to go back and change our licensing to add that capacity. I'd rather just have that built into the contract.

We haven't seen any additional costs to the standard licensing. 

Which other solutions did I evaluate?

The options we looked at were more in the antivirus space. Morphisec as a product does not have direct competitors because of its unique architecture. There are other advanced endpoint protections that I looked at, but this one was by far the most unique architecture. It has a unique way of adding another layer of controls on the endpoints.

What other advice do I have?

Morphisec hasn't added to my team's workload. It hasn't reduced it, but it hasn't added to it.

I didn't buy it to save us money. I bought it to add another level of control at the endpoint beyond antivirus. So it's really adding another layer of defense.

My advice would be to understand how Morphisec works from the Bad Actor's perspective, on how a Bad Actor or malware can compromise Windows or Linux. Morphisec gets to the root of those compromises. Rather than trying to detect the compromise, a design in the operating system issues and defeating those there or rather than trying to respond to changes in malware, they're defeating it right at the exploit level.

I'm part of Morphisec's sales team half the time when I'm trying to educate other IT leaders, my peers, or other CISOs on how it's actually working because it takes a little while to understand it. So my advice would be to really try to ask questions about how the architecture works. Because it doesn't really work like another AV. It works much differently than other endpoint protectors.

I would rate Morphisec a nine out of ten. 

Which deployment model are you using for this solution?

Private Cloud
Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
CL
Sr. Security Lead at a healthcare company with 10,001+ employees
Real User
Enables us to see at a glance whether users have device control and disk encryption enabled properly

Pros and Cons

  • "The fact that Morphisec uses deterministic attack prevention that does not require human intervention has affected our security team's operations by making things much simpler. We don't have to really track down various alerts anymore, they've just stopped. At that point, we can go in and we can clean up whatever needs to be cleaned up. There are some things that Morphisec detects that we can't really remove, it's parts of Internet Explorer, but it's being blocked anyway. So we're happy with that."
  • "Some of the filters for the console need improvement. There are alerts that show up and just being able to acknowledge that we've seen those and not turn them off, but dismiss them, would be a huge benefit."

What is our primary use case?

We purchased Morphisec primarily to help mitigate and protect us against Ryuk ransomware back in December when that was running really rampant. The antivirus that we were using at that point was outdated. We were looking to move to a new vendor, and we needed something as a stopgap to supplement our current antivirus. Morphisec fit that bill perfectly. It had features that our antivirus did not. It had an immediate deployment and immediate return on investment that we just would not be able to get if we were to turn around and try to deploy a full-blown antivirus across the entire environment. Morphisec was quick, simple, and did not conflict with anything that we already had. It also did not cause any additional delays in our virtualized environment, which was a huge concern for our infrastructure team. It just fit perfectly.

We've detected things that our antivirus was not picking up. We had no visibility or control over anything that was running in process memory. Morphisec immediately started blocking things that should not have been running in process memory. It also gave us visibility into the Windows Defender antivirus that we did not have without increasing our Microsoft licensing and gave us some basic control over Defender as well. We previously used McAfee.

How has it helped my organization?

The fact that Morphisec uses deterministic attack prevention that does not require human intervention has affected our security team's operations by making things much simpler. We don't have to really track down various alerts anymore, they've just stopped. At that point, we can go in and we can clean up whatever needs to be cleaned up. There are some things that Morphisec detects that we can't really remove, it's parts of Internet Explorer, but it's being blocked anyway. So we're happy with that.

It's very important to us that it offers visibility into and control over Windows 10, native device control, disc encryption, and personal firewall. We're actually in the process now of deploying the control over the firewall so that we can consolidate to a single pane of glass for our antivirus and controls. It will help us through leveraging group policy, which can fail, especially if the machine drops off of the domain, we have a significantly larger remote than we did a year ago. We have machines that don't necessarily get the policies they need to get when they need to get them. Morphisec fixed that.

The level of control from Morphisec Guard compared to Windows 10 Native Security tools is a bit more basic than the Windows 10 Native Controls. You basically enable the firewall or you disable it, based on the various profiles. I have not yet seen a way to create exceptions in the firewall or rules and things like that but those can be pushed through group policy, regardless. As long as the firewall is enabled, it's functioning and it's doing better than if there was no policy applied at all.

Morphisec Guard enabled us to see at a glance whether our users have device control and disk encryption enabled properly. It is especially important with our remote workforce. Disc encryption is an absolute must. And the device control, USB devices, is also an absolute must.

It has reduced the amount of time we spend investigating false positives. It reduced our amount of chasing antivirus alerts by about 80% a week.

Our team's overall workload has also been reduced by about 30% on a weekly basis of our workload, we would spend a lot of time tracking alerts.

It has enabled us to take Morphisec and leverage one product where we would have had to have had at least two previously. I don't really have numbers for what that would look like. We didn't really investigate too many other vendors in that space, but it's probably at least 50% savings over what we would have needed. So it has helped us to save money on our security stack.

What needs improvement?

Some of the filters for the console need improvement. There are alerts that show up and just being able to acknowledge that we've seen those and not turn them off, but dismiss them, would be a huge benefit.

For how long have I used the solution?

We've been using Morphisec for about six months now. It is installed on our endpoints and servers. We have a SaaS version of the console.

What do I think about the stability of the solution?

I've had 100% availability anytime I've needed to go look. I have not had any issues in any of our environments with the agents.

What do I think about the scalability of the solution?

Scalability is very easy. We can just call and say that we need more licenses and they give us more licenses and we can push that agent out. It's the same executable file we have on our file shares. We just expand however many we need, to as large as we want to go.

We have about 8,000 endpoints, 2,500 servers, and 4,000 virtualized desktops.

Our next step would be to purchase the Linux agent and get that on the few Linux servers and appliances that we have.

How are customer service and technical support?

The technical support has been fantastic. Any feature requests I've had, any issues I've run into, which have been very minimal, they've had an immediate response. Turnaround for feature requests is really, really fast. I've seen it within the next update which they do monthly. They provide great technical support. 

Which solution did I use previously and why did I switch?

We looked at Bitdefender, Trend Micro, and Microsoft Defender. We are still using Microsoft Defender in conjunction with Morphisec in a small pilot group. We're still evaluating where we want to go for a true antivirus solution. So, we still have a small deployment of Defender.

Deployment was the biggest difference between Morphisec and the other solutions. It was far simpler to deploy Morphisec without having to remove another antivirus, without having to make a large-scale project, or look for compatibility. It works on all supported operating systems. It works in conjunction with other antiviruses. We didn't have to create exceptions and there were no conflicts with the antivirus we were running and Morphisec. So that really helped us make that decision, purchase this, roll it out, and have it supplement our existing technologies. And it gave us an almost immediate return on investment.

How was the initial setup?

The initial setup was very straightforward. We deployed it via group policy. We had it deployed across the entire environment in about three days.

What's my experience with pricing, setup cost, and licensing?

There are no additional costs to standard licensing. We've had full support. I get biweekly calls with my technical account manager and we purchased the licenses for everything we needed for a single cost.

What other advice do I have?

If you have the ability to get Morphisec into their environment, it's going to be a hundred percent return on investment. I would recommend it every time.

If you can, get it and run with it, because it's great. It's been eye-opening, the things that other antiviruses were missing, and we've seen it protect against zero days. We've seen it protect against ransomware that other antiviruses have not even seen.

I would rate Morphisec a ten out of ten. 

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
BW
Sr. Network Engineer at Wilson County Schools - NC
Real User
Top 20
Provides full visibility into security events from two solutions in one dashboard

Pros and Cons

  • "It provides full visibility into security events and from both solutions in one dashboard. I'm not a big security guy, if I have a threat that looks like there's a problem, I will ask Morphisec to dissect it for me, and tell me what might be happening. Because it tends to be all hash codes, so I can tell what's going on. They've been pretty good with that."
  • "I haven't been able to get the cloud deployment to work. When there's an update, I'm supposed to be able to roll it out for the cloud solution, but right now I'm continuing to use our SCCM solution to update it."

What is our primary use case?

Our primary use case is to have it for more protection than Defender can give us. We wanted more protection against the threats that are out there with malware and ransomware being the biggest. It's to supplement threat protection in addition to having Microsoft Defender. 

We only use the agent. We've transitioned from on-prem to the cloud this year.

How has it helped my organization?

We haven't had an issue since we've had Morphisec, so it's working. If we see something, we'll ask them about it, and then if we need to, we'll look at the machine. Generally though, if we find something, we tend to re-image a machine as opposed to fixing it. We just wipe it.

Morphisec gives me even more than Microsoft can give me, even if I were to pay. It doesn't technically save us money because we're paying for a Microsoft package that comes with Defender. 

It has reduced the team's workload by a couple of hours a week. It also saves money on our security stack. It's cheaper than others. It saves between $10,000 to $15,000 yearly. 

What is most valuable?

We liked the ability to see both the Defender and Morphisec through a single console to see the problems that might be going on.

It provides full visibility into security events and from both solutions in one dashboard. I'm not a big security guy, if I have a threat that looks like there's a problem, I will ask Morphisec to dissect it for me, and tell me what might be happening. Because it tends to be all hash codes, so I can tell what's going on. They've been pretty good with that.

What needs improvement?

I haven't been able to get the cloud deployment to work. When there's an update, I'm supposed to be able to roll it out for the cloud solution, but right now I'm continuing to use our SCCM solution to update it.

For how long have I used the solution?

I have been using Morphisec for a year and a half. 

What do I think about the stability of the solution?

They've been very good. We've been able to see any problems that we have easily. We've been able to deploy new solutions. The migration from on-prem to cloud was very easy because Morphisec did it for us. They migrated the data. When I do have problems, if I need it, I can call them. They've been right there for me.

The agent that is installed on the endpoints stable doesn't take up a lot of resources. 

What do I think about the scalability of the solution?

I haven't had any problems scaling it. I only have about 3,100 devices to deploy it to plus seven servers. 

In terms of maintenance, I just look at the reports and see what's happening and if there's something that's going to need attention.

How are customer service and technical support?

Technical support was very helpful. I just told them I had a problem and they went and found the solutions.

Which solution did I use previously and why did I switch?

I have had other solutions. We were just on the Defender and we added Morphisec to that. 

How was the initial setup?

The initial setup was straightforward. For the original, we built the on-prem solution, which was a single install that they provided, and then we deployed our clients through our SCCM. We just did it with an MSI file. It was very straightforward. It took half a day. 

What about the implementation team?

We deployed it ourselves. 

What was our ROI?

The ROI is that we haven't had any outbreaks. It's working.

What's my experience with pricing, setup cost, and licensing?

Pricing was competitive. There were no additional costs to standard licensing. 

Which other solutions did I evaluate?

We looked at a full Malwarebytes deployment and Sophos. We liked the price and then supplemental for the Defender since we were already paying for Microsoft.

We were going to be required to remove Defender, which would have been extra steps, and that almost never goes smoothly. Plus we were concerned about the size of some of the clients and how well they were going to perform for us. They had older machines.

What other advice do I have?

It's been a good experience. Morphisec has been helpful and we haven't had any outbreaks since running it. The install was easy. Updates have been pretty easy.

I would rate Morphisec a ten out of ten.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
JM
Senior Security Analyst at a financial services firm with 51-200 employees
Real User
We have seen it successfully block attacks that a traditional antivirus did not pick up

Pros and Cons

  • "We have seen it successfully block attacks that a traditional antivirus did not pick up."
  • "It would be nice if they could integrate Morphisec with other traditional antivirus solutions beyond Microsoft Defender. That is probably my biggest gripe."

What is our primary use case?

Our use case is for memory protection of our desktop and VDI computers beyond traditional antivirus capabilities.

We are on the most recent release.

How has it helped my organization?

We have seen it successfully block attacks that a traditional antivirus did not pick up.

Morphisec has reduced the amount of time that we spend investigating false positives by four to eight hours a month.

What is most valuable?

Memory morphing and the central console are the most valuable features. Most traditional antivirus solutions don't come with these features, so you need a tool, like Morphisec, to add this functionality.

What needs improvement?

It would be nice if they could integrate Morphisec with other traditional antivirus solutions beyond Microsoft Defender. That is probably my biggest gripe.

For how long have I used the solution?

I have been using it for three and a half years.

What do I think about the stability of the solution?

It has been very stable. We haven't had any unintended consequences. Usually with security solutions, they introduce a lot of chaos and false positives in an environment, but that has not been the case in Morphisec. It has been uneventful, luckily.

We don't really have a lot of maintenance that goes on day to day. A lot of it is kind of set it and forget it. We have one admin who works on it, but they probably only touch it once a week unless they get an email alert that tells them to look at something.

What do I think about the scalability of the solution?

Our environment isn't particularly large. We only have around 500 endpoints in our environment.

How are customer service and support?

I would rate the customer/technical support as 10 out of 10. They are all very competent, motivated people who are very helpful.

Which solution did I use previously and why did I switch?

We did previously use another solution before Morphisec. The company was acquired by VMware and discontinued.

How was the initial setup?

We started it on a very small subset of computers. We tested on those for an extended period, then we pushed it out to the entire environment.

The deployment took 30 minutes at most.

What about the implementation team?

The solution is very easy to deploy. They have excellent trained staff who can assist with a deployment as well as upgrades. They make it as easy as possible.

What was our ROI?

We haven't had any cybersecurity incidents on machines running Morphisec. We also haven't seen a large number of false positives on machines running Morphisec. I guess you could argue that there is a return on investment there because it has obviously decreased the amount of time that we spend looking at false positive events and remediating cybersecurity incidents. In general, it is always harder to build business cases on security tools.

Morphisec makes use of deterministic attack prevention that doesn’t require investigation of security alerts. There is less overhead because it is more focused on the protect versus remediation, removing additional steps that you need to do associated with remediation.

Morphisec has reduced our team’s workload by four to eight hours a month.

What's my experience with pricing, setup cost, and licensing?

It is a little bit more expensive than other security products that we use, but it does provide us good protection. So, it is a trade-off.

Which other solutions did I evaluate?

There aren't too many players in this market. It is very niche. Morphisec is in an interesting niche that a lot of companies might touch on, but not at the depth and breadth that Morphisec does.

We have looked at other vendors, but they don't necessarily overlap with Morphisec. 

What other advice do I have?

While the solution provides full visibility into security events from Microsoft Defender and Morphisec in one dashboard, we are not using that function right now.

The best thing would be to first understand the difference between traditional AV solutions and the Morphisec product. After that, it is just so easy to implement and install. I would recommend running an evaluation of it, because there is no reason not to.

I would rate Morphisec as eight out of 10.

Which deployment model are you using for this solution?

On-premises
Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
Buyer's Guide
Download our free Morphisec Breach Prevention Platform Report and get advice and tips from experienced pros sharing their opinions.