We just raised a $30M Series A: Read our story

Morphisec Breach Prevention Platform OverviewUNIXBusinessApplication

Morphisec Breach Prevention Platform is #3 ranked solution in top Vulnerability Management tools, #4 ranked solution in Cloud Workload Security Solutions, and #10 ranked solution in endpoint security software. IT Central Station users give Morphisec Breach Prevention Platform an average rating of 10 out of 10. Morphisec Breach Prevention Platform is most commonly compared to CrowdStrike Falcon:Morphisec Breach Prevention Platform vs CrowdStrike Falcon. Morphisec Breach Prevention Platform is popular among the small business segment, accounting for 88% of users researching this solution on IT Central Station. The top industry researching this solution are professionals from a computer software company, accounting for 25% of all views.
What is Morphisec Breach Prevention Platform?

Morphisec is the world leader in providing advanced security solutions for midsize to small enterprises around the globe. We simplify security and can automatically block modern attacks from the endpoint to the cloud. Unlike traditional security solutions relying on human intervention, our solutions deliver operationally simple, proactive prevention. We protect businesses around the globe with limited security resources and training from the most dangerous and sophisticated cyber attacks.

Morphisec Breach Prevention Platform was previously known as Morphisec, Morphisec Moving Target Defense.

Morphisec Breach Prevention Platform Buyer's Guide

Download the Morphisec Breach Prevention Platform Buyer's Guide including reviews and more. Updated: November 2021

Morphisec Breach Prevention Platform Customers

Dan Hotels, Motorola, Freeman Health Systems, Yaskawa Motoman

Morphisec Breach Prevention Platform Video

Pricing Advice

What users are saying about Morphisec Breach Prevention Platform pricing:
  • "Our licensing is tied into our contract. Because we have a long-term contract, our pricing is a little bit lower. It is per year, so we don't get charged per endpoint, but we do have a cap. Our cap is 80 endpoints. If we were to go over 80, when we renewed our contract, which is not until three years are over. Then, they would reevaluate, and say, "Well, you have more than 80 devices active right now. This is going to be the price change." They know that we are installing and replacing computers, so the numbers will be all over the place depending on whether you archive or don't archive, which is the reason why we just have to keep up on that stuff."
  • "It is priced correctly for what it does. They end up doing a good deal of discounting, but I think it is priced appropriately."
  • "It is an annual subscription basis per device. For the devices that we have in scope right now, it is about $25,000 a year."

Morphisec Breach Prevention Platform Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Dominic Parke
Information Technology Manager at a financial services firm with 11-50 employees
Real User
We have peace of mind knowing there is an additional layer of security protecting our endpoints

Pros and Cons

  • "Morphisec stops attacks without needing to know what type of threat it is, just that it is foreign. It is based on injections, so it would know when a software launches. If a software launches and something else also launches, then it would count that as anomalous and block it. Because the software looks at the code, and if it executes something else that is not related, then Morphisec would block it. That is how it works."
  • "Right now, it's just their auto-update feature. I know they are currently working on that. When they release a new version of the threat prevention platform, I do have to update that, rolling out to every computer. They have said, "From version 5, you would be able to do an auto-update." While this is very minor, that is the only thing that I would say needs to be upgraded. It would just make life a lot easier for other IT teams. However, I have simplified the process, so all I need to do is just download one file."

What is our primary use case?

I use it mainly as an additional layer of security since we have quite a lot of servers. I have unblocked a couple of things that got filtered out, and it worked great. We are a small company, not a really large firm.

We were on-prem before, but now we are on a SaaS service that they provide, which is hosted through AWS. This makes it easier for me to access from any location. I can also have Morphisec lock it down to a specific IP for allowing me to get into the system. I would need to be on a computer within the network in order to access the AWS site. 

How has it helped my organization?

They provide some information about security events from Microsoft Defender. I know recently when there was that Print Nightmare issue, they did release an email saying, "We are aware of this, and Morphisec is basically on it as well." So, they don't release just random little Microsoft stuff. They would release any major breaches and ransomware. This is where they would notify clients that Morphisec has been updated already to block these things. This is definitely important to us. I am usually up-to-date on all these things. However, if I don't hear from my software vendor, I would be a little bit worried, "Are they blocking it? Is this something that will be blocked? Are they looking into it?" So, it is good to be informed on these things.

Morphisec stops attacks without needing to know what type of threat it is, just that it is foreign. It is based on injections, so it would know when a software launches. If a software launches and something else also launches, then it would count that as anomalous and block it. Because the software looks at the code, and if it executes something else that is not related, then Morphisec would block it. That is how it works.

Most of the alerts that we have gotten are for legitimate stuff. They have typically been for logins and stuff that users might try to install, e.g., WebEx or some background Google update, so we block them. We have been working internally to block the use of plugins and stuff. It's not that they are fake; they are real notifications. It is just that we have to restrict certain access to certain browsers.

It reduces two alerts every month. It is not so much. We have locked down a lot of things, like our internal group policies. In this way, we don't have to run into any random alerts developed in other people's software for a lot of little things, which we noticed that we can immediately remediate. We have Morphisec doing its real job versus just blocking tiny little programs that don't matter to it. We just have it there as a layer of security on top of our layer of security policies that we already have. I don't think it's going to really catch a lot of stuff, but if something were to happen, it is the backup. That is why we have it.

Every month we get a security report, which tells us, "These are all the things that it scanned, and these are the things that it blocked." 99% of the time, there won't be a lot of stuff, but it gives us an executive report at the end of the month. I usually review it just to make sure that things are okay, e.g., any machines that we might have replaced, need to get rid of, or archive. That is really all I would really look at the security report for. Because if I were to get something like a threat, I won't see it at the end of the month. I see it right away.

Morphisec makes it super easy for our IT team to prevent breaches of critical systems. It is a one-click install, then it takes care of the rest. If we have to evaluate anything, they will notify us. After it has been prevented, we can jump in and release it or create a new rule. Then, if it gets deployed, it gets deployed to all our endpoints. It is really simple for the amount of stuff that they actually do.

What is most valuable?

As far as threat prevention goes, it does great. There have been a couple of preventions that it blocked from browsers and stuff. From time to time, Google may try to install something through the use of a plugin and it blocks that out. 

The dashboard is really easy to use. It is not super convoluted, which is great.

Like any other threat prevention platform, this one is mostly specific to memory attacks. That is what I really like about it. I get emails if there are any threats. 

What needs improvement?

Right now, it's just their auto-update feature. I know they are currently working on that. When they release a new version of the threat prevention platform, I do have to update that, rolling out to every computer. They have said, "From version 5, you would be able to do an auto-update." While this is very minor, that is the only thing that I would say needs to be upgraded. It would just make life a lot easier for other IT teams. However, I have simplified the process, so all I need to do is just download one file.

For how long have I used the solution?

At my company, we have been using Morphisec for about three years.

I have been using it since last November, which is when I took over from the previous IT manager and was introduced to Morphisec. 

What do I think about the stability of the solution?

The stability seems great. There is literally no downtime that I have ever noticed.

There is no maintenance. Morphisec does everything. As long as the endpoint is connected to the dashboard, which is hosted online, then there is nothing that I need to do besides just making sure that it has Internet access on my side, which is how it gets updates.

What do I think about the scalability of the solution?

Scaling is very simple. We just have to add a new computer, then install Morphisec. There is really nothing else to do.

There's only two users who have access to it: a backup admin and me. In the event that something were to happen to me, the backup admin could still get into it, but I am the most active admin on the account. I usually make sure everything is up and the devices are checking in. I just check it from time to time to make sure that all the devices are cleaned up and archived. Since we have been replacing computers, I want to make sure that they are not going to be showing up in our list as offline devices if they were replaced. I just have to remove them and archive it.

How are customer service and technical support?

I contacted their tech support once, when I was deploying the software. I just had to update an IP, and that was it. It was pretty fast. I have a direct contact with their support tech, and even our account manager. I can send issues to them, then they will forward them to their tech support team. They get back to you within an hour, and they are in different time zones. Time-wise, in terms of getting back to you, it is pretty fast.

Which solution did I use previously and why did I switch?

We previously used Carbon Black. We switched to Morphisec because Carbon Black had a lot of false positives. Based on my knowledge, it was really noisy for stuff that really didn't matter. So, Carbon Black was not the best choice.

How was the initial setup?

When I came in, my company was on an older version, so I had to roll out a newer version. It was literally a migration. We moved from the on-prem server to the cloud. I had to do that from scratch. It really was just Morphisec saying, "This is your new link. There is an installer. You can either install it on all your computers one by one or you can script it out." They provide all the information. Therefore, whenever a computer signs in, it would just install the program and point it to the new server.

The migration took a few seconds. Once I have set it up, all I have to do is wait for people to turn their computers on. Then, I can see them start populating inside of the new dashboard. It was just a waiting game for whenever the CPAs would turn their computers on and log in.

We are in a domain, so all our computers are managed by user accounts. We can set specific rules, e.g., when a user logs in, this happens. So, I set up a rule that would install the new version of Morphisec when a user logs in. Then, I just have to wait for them to log in from wherever they are.

Before, we had to manually install it. However, I am a believer in automating things and doing things a lot faster. So, I was able to roll it out to every computer, even making sure that we had it on all our computers by using their built-in, automatic deployment.

I get emails if I have to set up anything.

What about the implementation team?

I met the guys from the support team and also used a program to deploy it.

Deployment was done in-house. My main thing was that I didn't want to have any computers being missed. It was all done on a one-to-one basis, where the guy would go to every computer and install it. So, installing it would be policy. I know Morphisec would reach out to every single computer, as long as it is joined to the domain. That was my main strategy when rolling it out to everybody. Once it popped up, I made sure the numbers matched up to know whether Morphisec was on every computer on the domain.

What was our ROI?

It is more of a peace of mind. We know that we have an additional layer of security that is protecting our endpoints, since we are working remotely for certain things. We have the threat prevention platform. 80% of our stuff is based on security materials, because of the data that we work with day-to-day. Having Morphisec made us a little bit more comfortable knowing that our servers are not going to get hacked by any random stuff. However, if it does get hacked, then Morphisec will prevent it.

Morphisec has reduced the amount of time that we spend investigating false positives. It gives me the breakdown of where things originated from. It is easy for me to identify whether it is a false positive or not. Most of the stuff is legitimate. So, I have never had to deal with a false positive block.

The solution has reduced our team’s workload. We don't have to really go in, look at stuff, and monitor a dashboard. There is something we set that will notify us. We just have it getting sent to our mailbox. Therefore, if we get an email, we would know (at that stage) that something is going on.

I know my organization was paying a lot more for the previous software that they used through an MSP. It was charged per user and cost quite a bit to use per endpoint.

What's my experience with pricing, setup cost, and licensing?

I don't have to purchase any additional licenses, unless I go over. I have a license limit of 80. Whenever we renew our contract, if we have gone over that amount, then we will get billed for that amount.

Our licensing is tied into our contract. Because we have a long-term contract, our pricing is a little bit lower. It is per year, so we don't get charged per endpoint, but we do have a cap. Our cap is 80 endpoints. If we were to go over 80, when we renewed our contract, which is not until three years are over. Then, they would reevaluate, and say, "Well, you have more than 80 devices active right now. This is going to be the price change." They know that we are installing and replacing computers, so the numbers will be all over the place depending on whether you archive or don't archive, which is the reason why we just have to keep up on that stuff.

Which other solutions did I evaluate?

The two main contenders were Carbon Black and Morphisec. We made a decision between those two. We had two trials, where they were trialed them on different machines. Morphisec was more detailed. Morphisec was detecting stuff that was correct versus Carbon Black, which mostly just protecting literally every little thing that you do but not really malicious at all nor causing a memory issue. Morphisec was a little bit more real-time with real stuff versus just a bunch of anomalous stuff. Though, I think Carbon Black learns as it goes. 

Morphisec has helped us to save money on our security stack. Considering other platforms that we have gotten quotes from and other platforms that I have looked into, based on our initial investment into it, it has saved us quite a lot of money on external and internal devices that we would have needed to purchase from other vendors. Right now, it is saving us anywhere between the range of $9,000 to $20,000 per year, because we put a lot of money on security. We house a lot of sensitive information, so we can't afford to go around something. That would put all our clients' information at risk.

We use Morphisec as one of our security artillery platforms. We have other software that we use for security threats, so Morphisec is not the only one. Morphisec is probably around the second stack. We have our main threat prevention software that we rolled out, and after that is Morphisec. After Morphisec is our DNS filtering. 

What other advice do I have?

Read the instructions. They literally tell you everything you need to do. Just make sure that you know what Morphisec is before getting into it, because it is not an antivirus. They have a feature that binds with Windows Defender. Windows Defender is an antivirus and Morphisec is more of unified threat prevention for memory attacks. So, you still need to have an antivirus.

Morphisec is a security platform. The things that it does are better for companies who have sensitive information that they don't want to risk getting out. If they have Morphisec, they can feel safe that their stuff is protected.

I would rate it 10 out of 10. It is a great program. We will definitely be renewing it when our renewal period is closer.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
Jeff Magnuson
Sr. IT Architect at Yaskawa Motoman Robotics
Real User
Light on the endpoint and does not have any performance hindrance on the endpoint

Pros and Cons

  • "Since using Morphisec we have seen a downturn in attacks because Morphisec protects us versus Defenders and whatnot that are signature-based. I know we have not had any issues with ransomware or other zero-day attacks that we've seen with machines that, all of a sudden, have become before we instituted the product. Now the machine had to be re-imaged and there was a loss of data because something was on the machine. You couldn't really determine what was on the machine because nothing was picking it up. The products we were using weren't picking it up."
  • "Those are some of the features that I was looking for on my on-prem platform that they've already instituted in the cloud and that I'm sure will be instituting on their on-prem platform as well. Having to have an on-prem server required a lot of administration. Being able to push that to the cloud and have it managed up there for us is a real nice addition."

What is our primary use case?

When Morphisec first came out, it was on-prem and we used a group policy to deploy it to the endpoints. Working with them was one of the things I did and then obviously when Covid hit I had a large majority of my workforce that started working remotely. And deploying new endpoints remotely using GPO can be a struggle. I talked to them about that and the next day I got a phone call. We're actually moving to their cloud platform that does automatic updates in the cloud now. So that if I have people working remotely, they get the update automatically. It's not signature updates and whatnot, since it's signatureless, but agent updates. If you're 4.1 to 4.15 or 4.16, those will all get deployed automatically from a cloud server, which really opened up a lot of things for us as well.

That was our request. I went in and they started working on it. I worked with them on the development of the dashboard. They're always looking for customer input about what they can do better. They're constantly asking and getting input from their customers about stuff to improve the product, and there are not a lot of organizations that do that either.

How has it helped my organization?

Morphisec has reduced the amount of time we spend investigating false positives. We can see what's going on in the dashboard. We're a robotics company so we do a lot of in-house development. And so we see false positives on occasion due to whatever reason. When I see that, I contact them, we'll look at the signatures, the hash and the memory affirmation, and stuff that's provided through the attacks. They analyze that, we look at the application and then they resolve it, or if it's a rare thing, I can just exclude it so that it doesn't get looked at.

It's very quick and easy to do, so it's not like I'm waiting weeks for them to analyze data. We send them the logs or they get the logs automatically, depending on how I have stuff set up, they review them, call me the next day, and tell me what we need to do. And it's over with. It has reduced my team's workload by 30 to 40%.

Morphisec absolutely helps us to save money on our security stack. Budgets were tight during COVID and we had some companies that were jumping. Their prices were going up and up and taking advantage of what was going on in the industry. Morphisec didn't do that. They stuck to their guns and said, "This is the cost of our product and we're not going to take advantage of the customer." That economic side was huge for them as well. Compared to other products, their pricing is very good and very competitive.

The product has absolutely worked flawlessly. We have had basically no issues, either with the product or with any type of virus or zero-day attacks, ransomware, nothing. It has caught everything. And the one thing that's been unique about them is I read a lot and do a lot of research on the products that are out there, and there have been some products that are widely used like CCleaner and such that had been packaged in some of these programs that Morphisec has caught. They've contacted the manufacturers of those programs to say, "This is what we found." And rather than just letting it go on, they're contacting other manufacturers saying, "You just deployed something and it's got some adware." And so they can fix their product and then redeploy the fixed version out to the public. They're looking out for themselves, but they're also looking out for other organizations as well.

What is most valuable?

There are two primary valuable features. 

It works without the end-user having to do anything. It just works. 

Second, the fact that it's signatureless is valuable. It's very light on the endpoint and does not have any performance hindrance on the endpoint. That is a huge plus as well. We've used some other products in the past that just really bogged down the machine. If we do scans in the background, and I get a request that someone wants to do scans at night, it's fine. You can take your computers home and turn them off in the evening. I don't have any of those kinds of issues with Morphisec.

Morphisec's approach to using deterministic attack prevention is a big deal for us with all the zero-day attacks and ransomware that's going on in the industry. What we've seen is quite a downturn in the virus or signature-based attacks on the endpoints and even malware. The zero-day attacks are really at the forefront industry-wide, whether it be my company or financial companies. 

Since using Morphisec we have seen a downturn in attacks because Morphisec protects us versus Defenders and whatnot that are signature-based. I know we have not had any issues with ransomware or other zero-day attacks that we've seen with machines that, all of a sudden, have become before we instituted the product. Now the machine had to be re-imaged and there was a loss of data because something was on the machine. You couldn't really determine what was on the machine because nothing was picking it up. The products we were using weren't picking it up.

What needs improvement?

We're getting ready to deploy the cloud platform. I've already got the cloud portal and everything available to me. There are some nice additional features in there that were some of the things that I had requested previously. Those are some of the features that I was looking for on my on-prem platform that they've already instituted in the cloud and that I'm sure will be instituting on their on-prem platform as well. Having to have an on-prem server required a lot of administration. Being able to push that to the cloud and have it managed up there for us is a real nice addition.

For how long have I used the solution?

We've been using Morphisec since the inception of the product. We were really one of the first commercial organizations in the United States to use it in production. So, we started with a version 1 product, which was several years ago. We were looking to complement our stack of endpoint security products. I then went out and started doing research for primarily zero-day signatureless software that we could utilize on our endpoints. Doing my research, I came across the Morphisec product, placed a call to them, ended up talking to one of their founding members of the product. We also looked at CrowdStrike, Carbon Black, SentinelOne and some of the other similar types of software out there. We decided that Morphisec would definitely be the best solution for us.

What do I think about the scalability of the solution?

As far as scalability, you can put it on a couple of endpoints or you can put it on thousands of endpoints. The initial installation is very fast. It's a minute and a half, two minutes, and you're done. You walk away.

The machine connects to the domain, the application's installed and it shows up in the dashboard and you move on. We put it into the group policy, there's the script, send it out, install it on the endpoint and we don't have to touch it.

Whereas with a lot of the other applications, you have to touch every single machine and make sure that it gets installed correctly, and that it's loading correctly. We just don't have to do that.

It's so fast that the end-user doesn't even really know that it's happening. For the end user's experience, it's absolutely over the top. We've had other products in the past that we've used and we've had complaints. The CPU could be dragging because their thing is doing some big scan in the background, or the application or agent itself is, for lack of a better term, very heavy so it uses a lot of memory and uses a lot of CPU, and drags down the machines. I have a company of engineers and scientists and they want all the horsepower they can have on their machines and don't want something running in the background that's dragging down what they're trying to, where they're trying to work.

We're doing between six and seven hundred nodes.

I have several people that monitor this stuff but it really takes one person to set it up and let it go. It takes a very small piece of one person's time to do this. I have multiple people because I want them to be able to have experience and understand what's going on in the environment.

To administer it, it takes less than an hour of my time a day. I get reports sent to me. I can review reports. If I need to go into the dashboard, I can pop into the dashboard very quickly, see what's going on, see if there's anything that needs tending to, and then move on about my day.

What was our ROI?

I have absolutely without a doubt seen ROI. It's the cost savings compared to other products, the performance of the product, and the amount of time saved by my team on issues that were happening before we installed Morphisec and utilized their product. I got a return on investment in less than a year.

What's my experience with pricing, setup cost, and licensing?

I do not have to pay extra for anything. We're an Office 365 shop but we do not use the MS3 E3. If we would turn around and use that product in the cloud as far as Office 365, then the integration is instantaneous all the way through into Office 365. But that's not dependent on Morphisec. That's a dependence on my licensing with Microsoft.

If you don't have that integration, Morphisec integrates with just the Defender on the desktop. It's built-in. You're not paying extra for something to have that feature set.

Which other solutions did I evaluate?

One of the things we looked at was to see how the solutions affect the endpoint performance. Because when you start stacking up products on top of each other, on the endpoints, you can run into performance issues, memory consumption, CPU consumption, and whatnot. Morphisec was very light and does not consume hardly any CPU or memory. It runs in the background unknown to the user. It doesn't do a bunch of alerts and stuff to the end-user. It just works in the background. Then you have a dashboard and a portal that you can manage and see what's going on. Morphisec was a really good fit for us.

In the early days, on a Windows platform especially, you had third-party virus protection applications. McAfee, Kaspersky, Norton Symantec, and those types of things, and we've used several over the course of the years. When we finally migrated fully to Windows 10 platform, Windows Defender was much better at what it did. And one of the things that came up the pipe was Microsoft integration with Morphisec so that I can see what Defender's doing as well as what Morphisec's doing in our dashboard or portal. That was very unique and this worked out very well.

The other solutions at the time did not provide those things, and so that was a big plus for us too. It was nice to be able to see what's going on with Defender endpoints as well. It has been a great product for us. It definitely does what it says. Their support is second to none. If I have an issue with a false positive or something, I can place a service request and they're on it right away. We review it and they resolve it. I really can't say enough about the product and the team that supports the product. They've been great. They've treated me like kid gloves since the very beginning.

What other advice do I have?

I've used their product since its infancy, if they're looking for a product that is reasonably priced, does what it says it's going to do, requires very little administration and deployment effort, then this is the product I would be looking at.

Compared to what I've seen out there right now, I'd rate Morphisec a 10 out of 10. I really can't say enough about the product.

There may be some other products coming out there that are going to compete, and that's fine. And if you look at those other products, you better take a really good, hard look at Morphisec and see what they can do. Look at the whole entire package, the support groups, and what type of support they get that you're getting, that you may not get with other products. That's an important piece for us, if something does go wrong, you know you've got someone you can call, you know you've got a support portal to put in a ticket that you're going to get a very quick response from. You look at the whole package, not just one piece of it.

Since the beginning, their deployment strategies and everything has continued to improve and get better and better. You can't do that if you're just sitting in a room, a bunch of engineers and say this is what we're going to do and this is how the customer has to do it. 

They treat me with kid gloves and I really can't say enough about the product and how it's performed for us and the support we continue to get, even years later. I get the same amount of support that I did in the early days.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
Learn what your peers think about Morphisec Breach Prevention Platform. Get advice and tips from experienced pros sharing their opinions. Updated: November 2021.
553,954 professionals have used our research since 2012.
Sean Lewis
Network Administrator at a educational organization with 201-500 employees
Real User
Top 20
Has made our security team's operations a lot easier and reduced the amount of time we spend investigating false positives

Pros and Cons

  • "Morphisec has enabled us to become a lot less paranoid when it comes to staff clicking on things or accessing things that they shouldn't that could infect the whole system. Our original ransomware attack that happened came from someone's Google drive and then just filtered on through that. It has put our minds at ease a lot more in running it. It's also another layer of security that has been proven to be effective for us."
  • "The dashboard is the area that requires the most improvement. We have about, I would say 5,500 computers currently, and searching through all of those takes some time to filter. So as soon as you apply the filter, it takes a few seconds. It crunches, it thinks, and then it brings up the clients that match."

What is our primary use case?

Our primary use case is to protect against ransomware.

We had been hit by ransomware and a couple of our servers went down as a result and some staff computers were affected. We locked everything down very quickly. We were able to restore everything and we didn't lose any data. It took us about eight man-hours to restore the servers, restore services, and get everything back up and running, but it could have been a lot worse than it was. So we looked for a solution that bridged the gap because we have antivirus, we use Microsoft ATP and some other network security measures, but none of them caught it.

We were looking for something that we could layer with security, like what we had preexisting. It turns out it works and integrates very well with Microsoft solutions as well. It bridges that little gap of memory protection that we were looking for to help prevent further ransomware attacks and things like that.

How has it helped my organization?

Morphisec has enabled us to become a lot less paranoid when it comes to staff clicking on things or accessing things that they shouldn't that could infect the whole system. Our original ransomware attack that happened came from someone's Google drive and then just filtered on through that. It has put our minds at ease a lot more in running it. It's also another layer of security that has been proven to be effective for us.

It makes use of deterministic attack prevention that requires the investigation of security alerts. We can always see those and investigate further. It is pretty self-contained and automated. We have not had to really go in to investigate really.

This has made our security team's operations a lot easier. Ransomware has been the biggest threat for us. Of course, we get little attacks here and there on other threat vectors, viruses, and other malware that we have to go in and disinfect. But ransomware has not been an issue and we've even gone through and run a couple of simulated tests for ransomware from other companies. None of them have been successful like Morphisec. It just stopped it dead in its track and it was not able to do anything.

Morphisec has reduced the amount of time we spend investigating false positives. I would say by about 5% to 10%. That typically is how many ransomware-type attacks that we see. It's a low number but it's a very destructive number.

Our team's overall workload has also been reduced by about 5% to 10%. That's just for normal detection, looking for these threats, and trying to find out what it is.

Now, if we were to be infected again, it would then be reduced by a lot, just because depending on how far the infection gets, how many man-hours that would be, we know that would be very significant. We've only been hit once in the past by this. And luckily it was pretty minimal, but it could have been very severe, and then it would have really impacted us on man-hours.

It helps us to save money on our security stacks. It's priceless just because if we were to lose all of our data from an attack like that, there would be no way to get it back without paying massive amounts for ransomware. And there's no guarantee that if you pay for the decryption key from whoever's holding your data ransom, that that's even going to work or that you'll get everything back at the end. Morphisec has been a real lifesaver.

It makes it super easy for IT teams of any size to prevent breaches of critical systems. They have a way to mass deploy it on all of our Morphisec clients. It's very easy to manage, very easy to deploy, and it's also very easy to maintain.

What is most valuable?

The fact that it's able to automatically detect and block ransomware attempts is the most valuable feature. 

What needs improvement?

The dashboard is the area that requires the most improvement. We have about, I would say 5,500 computers currently, and searching through all of those takes some time to filter. So as soon as you apply the filter, it takes a few seconds. It crunches, it thinks, and then it brings up the clients that match.

Our computers are named and they have a serial number in front of their name. To be able to see who is signed in or who has a computer-based on their Microsoft account, that part is cut off unless you have a larger screen on a tablet. But on your cell phone, there's no way that I can find a scroll over to see who owns that device because the username is just cut off. Besides that, it's a simple interface. It's a simple product that's easy to maintain and manage. There's not a lot that we have to do with it. It just does what it needs to do.

For how long have I used the solution?

I have been using Morphisec for close to a year. 

What do I think about the stability of the solution?

In terms of stability, so far it's worked great. It's been very stable, with no problems, and it continues to be effective so far. If for any reason, we get ransomware infection in the future, we'll know that there's a problem, but so far it's been good. All of the tests that we've run with ransomware simulated software from other vendors have all failed.

What do I think about the scalability of the solution?

Scalability is very easy. It's not a problem. If you have the means to remotely deploy the client to all of your computers, scalability seems so far infinite, it's not a problem. If you can afford the budget for all your computers then you're good.

We are right around 5,000 or 5,500 users and their roles are anywhere from student to staff members, to administrators, and even our board of directors use it. Everyone has it. All of our computers are deployed by us. So everyone gets a computer, whether it's a student or a staff member, it's not on personal devices.

Every one of our computers is using it. All of our servers are using it. It's pretty extensive in how we're using it in that sense. But it's really just toward the ransomware side.

How are customer service and technical support?

We used technical support only for the deployment or the migration from on-prem to the cloud. We've been having to deal with them on what steps we need to take and what we need to do to make it work. They made sure that it's a smooth transition, that we don't leave anything exposed as we're moving from one to the other, but that's it.

Support is pretty good for the most part, once in a while though, just because of their accent, it's kind of hard to understand them. We in particular had one tech that we were speaking to about the migration portion of it. There were three of us sitting in on that meeting and none of us could really understand or comprehend what he was trying to convey. It was not an issue with everyone else that we had dealt with.

Which solution did I use previously and why did I switch?

We were using another solution that wasn't necessarily specific to ransomware. We were using Microsoft ATP in conjunction with Sentinel. We were starting to deploy Sentinel as well, which is also Microsoft's product, and trying to tie everything together, to make it more robust, but they did not have anything that dealt with the memory type encryption that Morphisec uses to help protect against those types of infections that ransomware often exploits. We didn't have anything specific to ransomware other than Microsoft's ATP and it does not catch everything.

But we still run ATP anyway. It ties in with Morphisec very well, even within the Defender dashboard, you can punch in your key and it will bring it up and give you some more information about it, making sure that they play well together. It literally bridges a gap that Microsoft ATP has.

How was the initial setup?

The initial setup was very straightforward, especially for self-hosting. One thing to note is that we're currently looking to move to their cloud-hosted system and move away from the on-prem. That is proving to be so far a little more complicated to move from one to the other, at least from on-prem to the cloud. But not impossible. There are a lot more steps and processes to getting everything migrated over. We have to push out a new client to all of our client computers.

The deployment was a matter of a couple of hours once they provisioned the license and everything for us and provided us with everything. We were able to spin up a virtual machine to install everything on, open up the ports that were necessary, which were very easy. Then we just push out the client to all of our devices. We use a combination of Intune and SmartDeploy for remote imaging to push the software out to everybody. Once that was done, we plugged the license key into our Microsoft ATP, just for the integration of that. And that was it. It was up and running and good to go.

We tested it on just a couple of client computers initially, and then one test virtual machine for our servers. Once everything was looking like it was fine, then we just went ahead and pushed out to everything. There were no conflicts, there were no problems. Nothing came up as a red flag. Nothing got blocked that shouldn't have been. It went nice and smooth.

It took two of us to get this done, and that was our systems admin who deals with our servers and a lot of our client computers and then myself, which I handled the networking side, like opening up ports, making sure all the IP addresses were correct. 

What about the implementation team?

We went directly through Morphisec. I don't think we had a third party or a vendor for the implementation.

What was our ROI?

We absolutely saw ROI. We did not pay that much for the licensing. It was very affordable. The peace of mind and not having to deal with or worry about as much as we did in the past about ransomware attacks, and just knowing that we're pretty well covered for the most part is ROI.

What's my experience with pricing, setup cost, and licensing?

It is a very cost-effective solution. It's very affordable for what we're having to use Morphisec for.

It's extremely affordable for what it does, at least the product that we're using through Morphisec. I know that they have a few others that we're not using, but we don't need it. They did provide us with educational pricing as well. They were very flexible because we deployed it during COVID times and a lot of people were getting hit more and more with ransomware. And so they were also very flexible in what they were able to provide for the price. They understood that our budget was being cut because we had lost a lot of students as a result of COVID. They really worked with us, which was great. 

The licensing is also very fair. It's per device. So it was also very easy.

It's just a year-to-year license that we are paying for. There's nothing hidden, no extra charges that were unexpected or anything like that. It was very straightforward.

Which other solutions did I evaluate?

We looked at a couple of solutions and it would have been a full deployment where we would have to install their entire antivirus line on the product. They didn't have anything that just handled what Morphisec does. It would be a full product suite. We'd have to deploy that to everybody. We would have to ditch Microsoft ATP, which, again, we get free because we are Microsoft partners in education so it's included with our licensing of Office 365. And it would have been a lot more expensive to go a different route than what we found in the end.

What other advice do I have?

My advice would be to make sure that if there are a lot of computers, especially if they're remotely distributed, make sure they have some sort of solution to easily push out and deploy it to multiple clients. That's probably the biggest hurdle that I think a lot of people would have. And we had two solutions already in place for us in the past that worked and that were compatible. The nice thing is that they were able to provide a Microsoft MSI Installer so that you can even have it so that it pre deploys it while you're imaging your computers if you're using Microsoft for imaging. It's the same thing if you're using Intune through Microsoft.

We've always been looking for something that would help to protect more against ransomware in our case. And this was it. This is the best solution that we found that worked for us.

I would rate it a ten out of ten. My only complaints are the dashboard and that's not even terrible. It still works. You just have to be a little patient.

Which deployment model are you using for this solution?

On-premises
Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
Tom Merkle
Chief Information Officer at Houston Eye Associates
Real User
Helps prove that all the security components I have in front of it are doing their jobs

Pros and Cons

  • "I really like the integration with Microsoft Defender. In addition to having third-party endpoint protection, we're also enabling Defender... I like the reporting that we get from Defender, when it comes in. I like that it's one console showing both Morphisec and Defender where it provides me with full visibility into security events from Defender and Morphisec."
  • "If anything, tech support might be their weakest link. The process of getting someone involved sometimes takes a little time. It seems to me that they should have all the data they need to let me know whether an alert is legitimate or not, but they tend to need a lot of information from me to get to the bottom of something. It usually takes a little longer than I would expect."

What is our primary use case?

We are in healthcare and when the pandemic started we were really getting hammered with phishing attacks. Thankfully, none of them really got through or were successful, but the uptick in the attacks made me really concerned about the potential for the results of a successful ransomware attack. 

The way I've set up our world is as a bunch of different layers, from what I consider to be best-of-breed. We have a gateway with one company, we have endpoint protection with another company, we have firewalls and connectivity to the internet handled by another company. We also have a company that monitors all of our logs. On top of that, the last thing that I saw as a big hole in my defense strategy was all these Zero-day attacks that were getting through some of the other products. They hadn't gotten through to us yet, but I had read that it was more and more of a threat. Morphisec is just another layer on top.

Part of the reason I purchased the product is that we are a very bottom-heavy IT organization, in that we have a really strong help desk group. Anything more complicated than help desk is my problem, and I have a lot of other responsibilities besides IT. I count on being able to bring in vendors that are very useful to me to subsidize that.

They have a new deal where things are controlled by their cloud controller, which is on AWS. I updated to that about two months ago. It used to be on-premises but thankfully it's not anymore.

How has it helped my organization?

As far as I can tell, in the year that it's been in, it hasn't stopped a significant attack of any kind. But that's not a negative for me. It is helping me to feel comfortable that all the other layers I've put in place in front of it are doing their jobs. It has definitely increased my comfort level that we are doing the utmost to protect the systems here.

Morphisec saves me from paying for a higher-tier license to get visibility into Defender AV alerts. While it doesn't really save me any money, because I didn't think it was worthwhile to have a product to do that on its own, I love that I get that as a benefit from using Morphisec. But I wouldn't have spent the money on something just to show me the Defender alerts.

What is most valuable?

I really like the integration with Microsoft Defender. In addition to having third-party endpoint protection, we're also enabling Defender, although we haven't rolled it out fully yet; we have had a test environment. I like the reporting that we get from Defender, when it comes in. I like that it's one console showing both Morphisec and Defender where it provides me with full visibility into security events from Defender and Morphisec. With our help desk situation—where it all comes to me, and I'm responsible to make sure that I am seeing anything that could possibly be a problem—having both of those in one location has been very important for me.

Morphisec stops attacks without needing knowledge of the threat type or investigation of security alerts. It absolutely does do that and that's because of the way it looks at an executable when it starts and when it asks for memory. If it asks for a specific piece of memory, then Morphisec says, "Okay, it's over here," but it's not really, and then it watches what it tries to do with that. It knows whether it did something that it shouldn't and it will kill that process in that scenario. It doesn't require foreknowledge of the application to protect you from threats. I've seen it happen because we have some old software that does some squirrely stuff, and we've had to allow it to run anyway. That old software does stuff that you wouldn't expect from modern software. If modern software were to do what that old software does, it would definitely be a threat. So I've seen it in action, but not with a live vulnerability.

For how long have I used the solution?

We have been using Morphisec for a little over a year, although we purchased it about 15 months ago.

What do I think about the stability of the solution?

It's been very stable. 

Going back to before I had the cloud controller, I probably had to restart the on-premises controller once a month. I would go in and notice that 50 percent of the machines were reporting as offline. I'd restart the web services and they'd all come back. I got into the habit of regularly restarting my machine. That was definitely a stability issue and I was glad to get out of the on-prem solution, to get rid of that.

What do I think about the scalability of the solution?

Scalability wasn't an issue for me because it took very little effort to get it onto our 1,200 machines. I used a third-party software rollout service and it installed, no problem, and worked. 

I don't think scalability is an issue, especially now that it's in the cloud. The on-prem server was never overwhelmed from a resource standpoint, so I think it would have scaled just fine as an on-premises solution, but in the cloud it obviously has all the resources it needs.

It's on every endpoint we have, but I don't think the users know they're using it. It's just running. As administrator, when there's an alert, I go investigate it. That's pretty much it. I don't have to do any maintenance because we have gone to the cloud solution.

In terms of increasing our usage, I could potentially put it back on those application servers, but it's not worth the fight because the software is relatively old on some of those machines and it gives false positives all the time. It's just easier to not have it on them.

If Morphisec had an integration with those older technologies, I would be interested in using it on them. I'd rather have it on every server, but not having it on those application servers doesn't concern me too much. The end-users really can't do anything but run that specific application on the server. They don't have the freedom to run other processes there.

How are customer service and technical support?

If anything, tech support might be their weakest link. The process of getting someone involved sometimes takes a little time. It seems to me that they should have all the data they need to let me know whether an alert is legitimate or not, but they tend to need a lot of information from me to get to the bottom of something. It usually takes a little longer than I would expect. The last time they did an investigation, it took about two weeks to decide whether the alert was a false positive or not.

The only thing I was unhappy with was that during the sales process, I thought I was going to be getting a cloud controller. I was very disappointed that I had to build my own controller and operate it. But I don't have to do that anymore. That was the only major issue and they fixed it.

Which solution did I use previously and why did I switch?

I did not have a previous solution. 

During the process of looking into Morphisec, I sent a couple of the details of some of those Zero-day vulnerabilities to the different companies that I was relying on at the time. I said, "Hey, how does your product protect me from this?" and I got them all to basically admit, "Well, we don't." I got back to Morphisec and they were able to explain how their product would protect us from these types of vulnerabilities, because they were memory attacks, and that's what Morphisec does.

How was the initial setup?

The initial setup, when it was on-prem, was kind of complex. It took half a day of working with someone from Morphisec to get it set up and then four or five follow-up calls to make sure everything was set up right. When we went to the cloud controller, obviously, I had knowledge of how to run the product by then, and it took about an hour to get set up and we were running. It couldn't have been easier. I was very happy with that.

When we rolled it out, we had about 1,200 PCs and endpoints. I put the product on about 50 of them to make sure that everything was fine. We do application publishing and I put it on the application publishing servers immediately but that was not a great idea. Those are the servers that were running that old software that I mentioned, the software that was getting false positives all the time. We ended up not putting it onto those servers, but after those 50 machines ran for a couple of weeks with no issues, we rolled it out to the rest of the endpoints.

We were fully running within a month.

What about the implementation team?

The only third party was the reseller, Softchoice, but they didn't do any of the work, they just sold me the product.

What's my experience with pricing, setup cost, and licensing?

They charge per endpoint, per year. For 1,200 endpoints and another 60 servers, with the cloud subscription included, it was just under $43,000 for the year.

Which other solutions did I evaluate?

I think there are competing companies now, but I don't think there were when I was first introduced to Morphisec. I was looking for a solution and Morphisec was the one that I found. I didn't find anyone else of consequence advertising they were doing the same kind of process that Morphisec does. And I'm not looking at any competitors right now because I'm happy with Morphisec.

What other advice do I have?

I don't want to think that everything I have put in place is perfect, but we haven't been hacked. I know we are being attacked. I see the logs that show we're probed every day and that we have phishing attacks that come through every day. But we haven't been attacked to a point where Morphisec has been hit as the last line of defense. It's a big deal for me just to have that visibility.

We've had lots of reports of potential threats that Morphisec has handled, but we haven't had a single one, yet, that was a legitimate vulnerability that Morphisec stopped. I don't look at that as a negative at all. I look at it as a positive, that the systems that I have in place are doing their jobs. I really consider Morphisec the last line of defense. That's the way it is set up. Nothing should get to Morphisec if everything else is working. It doesn't bother me at all that we haven't had a significant threat make it to Morphisec. But it's great to know that if one of those was to get through, we have it as an additional line of defense.

When we had it on-premises, it didn't send alerts out, so I would go into it on a regular basis to see if anything needed to be checked out. Now, as of the installation of the cloud version, it actually sends alerts. If I get an alert, I go investigate it.

It also has the potential to save money on my security stack. I'm seriously considering getting rid of our standalone third-party AV scanner, when it's time to renew that next year, and just going with Defender and Morphisec alone. I haven't made that decision yet.

I wouldn't say that Morphisec has reduced the amount of time we spend investigating false positives, because every product I use has the capability of throwing false positives at me. Morphisec does as well and I've had to investigate false positives with it.

I'd be reluctant to give it a 10 out of 10, just because it has never done anything significant. But as far as everything that they've promised and put in place, I would give it a nine. They have followed through on everything they promised. The product is working and supporting me, and like I said, even if it's just proving that everything else I have in front of it is doing its job, that's good enough for me.

If someone has the same kind of systems in place that I had before Morphisec, I would almost say it's a luxury, but it's not really because it helps me sleep at night. If someone has had an attack, that means their current systems aren't cutting it and Morphisec is a great product to have in-house. Morphisec as the last line of defense is as good as you can get. Overall, I'm very happy with the product.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
WB
Director, DevOps at a tech services company with 51-200 employees
MSP
Top 20
Anything that is suspected of being ransomeware gets blocked immediately on the machine

Pros and Cons

  • "Morphisec has absolutely helped save money on our security stack. The ransomware at the end of the day can cost organizations millions upon millions of dollars. Investing in tools like Morphisec is a great reduction in that cost. If I can spend $10,000 in a year to protect assets that could be ransomed for $20,000,000, that's definitely a bet that one should pursue. Morphisec absolutely it's worth the investment."
  • "It would be useful for them if they had some kind of network discovery. That kind of functionality I think would give IT administrators a little bit more confidence that they have 100 percent coverage, and it gives them something to audit against. Network discovery would be one area I would definitely suggest that they put some effort into."

What is our primary use case?

We use version 4. It's not the absolute leading edge, but it was the first version that they supported with Linux.

We use both environments to protect our corporate Windows assets and we also use them to protect our production Linux servers. We're using an on-prem option where we installed the Morphisec server on one of our own pieces.

Our primary use case of Morphisec is to prevent in-memory attacks that would be conducted from ransomware. It's used for frontline and back-end protection. We have it installed on our front-facing web servers and on the backend database servers as well.

How has it helped my organization?

Morphisec has given me a lot more visibility into if my employees are actually encountering ransomware. Luckily, to date, we have not actually had any positives come through. We have had false positives, but at least it has given me the peace of mind that upon the investigation that we have not been exploited or have had ransomware, for that matter.

In the future, it'll help me with ensuring that viruses are not inundating our machines as well. Right now I have to go through a separate interface for that.

Morphisec makes use of deterministic attack prevention that doesn't require the investigation of security alerts. Anything that's suspected gets blocked immediately on the machine, which is nice. It allowed us to go back and see what was going on in that situation. And if it was in fact a false positive, then either we figure out a different way to execute whatever the person was trying to do or we can whitelist the event.

Morphisec does not save us at this point from paying for a higher-tier license to get visibility into Defender AV alerts. I'm sure once we get upgraded, absolutely it will, from what I've seen.

It reduced the amount of time we spend investigating false positives. In the past, we haven't had any legitimate ransomware attacks, all we have had is a false positives pop-up. But knowing that ransomware, once it's on a machine, pretty much tanks it, I'd say it saves me hours upon hours of having to recover individual machines, and of course, it could become exponential requirements if there was more than one machine affected. At the very least when it could be one server, it would definitely save me hours of labor up the scale if I had 80 machines that I had to fix. But, that would be a serious time issue. The protection itself saves me potentially an exponential number of hours trying to recover the organization.

Morphisec reduced our team's workload. Instead of having to go to multiple UIs, or instead of having to do manual investigations, I should say rather. It's at least put stuff to the forefront. More so, after we do the upgrade. 

Morphisec has absolutely helped save money on our security stack. The ransomware at the end of the day can cost organizations millions upon millions of dollars. Investing in tools like Morphisec is a great reduction in that cost. If I can spend $10,000 in a year to protect assets that could be ransomed for $20,000,000, that's definitely a bet that one should pursue. Morphisec absolutely it's worth the investment.

It gives us 99% peace of mind in terms of knowing our systems are not being ransomwared. Once we get the upgrade, I'm sure it'll give me much more peace of mind in terms of the antivirus functionalities, knowing that there are no viruses on our machines, as well. But, for now, the only thing I can definitively say is that it gives me confidence that in terms of ransomware attacks, we are not going to be susceptible.

What is most valuable?

The in-memory attack features have been the most valuable. As we transition to a newer version, I'm excited to see the antivirus reporting functionality search come into effect. We are planning on updating and renewing our contract with them.

My company offers online and mobile banking services. Much like your own bank or credit union, the company has apps and a web interface and provides that to various credit unions and banks. As such, we have direct connections into the various financial institutions' banking courses. We see our environment as a prime area, or vector of attack against this course. We've installed Morphisec over two different production data centers, and it's hooked into our workstations. 

Morphisec's new version provides full visibility into security events from Microsoft Defender and Morphisec in one dashboard. The version that we're on right now does not. That's one of the things I'm excited about getting in the upgrade.

This is extremely important to my work. My team is very small. We have four guys across two data centers. Our data centers are through Rackspace, but we are the primary people that interface it. We have a team of four people that own those two data centers and make sure services are functional. We have a small team and having as much information in one basic user interface is critical.

The ease of use is great. It's a basic UI. It clearly tells us how many of our agents are checked in and how many are not. It gives us a very simple UI to be able to see attacks over time-series data, and to be able to drill down very quickly to see which assets or computers are affected. We can see what user was on there and what application was at play. So, in terms of being able to drill down really quickly, they're great.

What needs improvement?

It would be useful for them if they had some kind of network discovery. That kind of functionality I think would give IT administrators a little bit more confidence that they have 100 percent coverage, and it gives them something to audit against. Network discovery would be one area I would definitely suggest that they put some effort into.

For how long have I used the solution?

I have been using Morphisec for around a year and a half. 

What do I think about the stability of the solution?

So far it's been extremely stable. Their UI has never crashed once. The agents do check in regularly. Overall, I have not had a single issue with them which is the way it should be.

What do I think about the scalability of the solution?

We have the Ansible playbook for doing the automated install on Linux. At this point, we tell it what server to install to and it does it. In terms of scalability, it's really easy. It's pretty straightforward.

There are four users using this solution including the director of DevOps, the director of Software Engineering, and we have a DevOps Engineer and a Corporate IT Engineer.

The DevOps side folks and the software engineering guy are focused mainly on what our production systems are saying through the UI here, while the corporate IT guy is focusing much more on the Windows workstations. That said, if we do notice an attack, all four of us come together to analyze what we're seeing there.

We don't require any staff for deployment and maintenance.

At this point, we have to do the installations of any updates to the Morphisec server, or the Morphisec clients. But for that one person is enough to handle that. It's either me or the IT administrator, but it's really not that painful. 

The Windows corporate machine is the weakest spot because we don't have automation configuration managers for the Windows side. But, on the Linux side, as far as running updates, it's very straightforward. A couple of commands and run through the Samson playbook and off it all goes.

We do have plans to increase usage. So, as we transitioned to AWS, we're planning on having them with us right off the bat. 

It's critical to our security portfolio. 

How are customer service and technical support?

We contacted technical support a couple of times towards the start, and just had to do with installation. When we first started working with them, it was using a release candidate of their latest stuff. So, it was just a couple of back and forth exchanges, but they were very attentive and forthcoming.

How was the initial setup?

The setup was straightforward. With our Linux environment, our production Linux environments, we were able to deploy using Ansible playbooks to automate, and then on the windows side, they have a number of options available to us. However, because we don't have, on the corporate side, any kind of configuration management tool or whatever, I did have to have my IT admins go in and run a PowerShell script that made the appropriate calls for set up scripts so that they're set up. In terms of our own windows deployment, it was more of a manual process. But, I can tell you from experience with larger organizations and all as well, that the packages that were provided to us could have easily been loaded into a configuration management tool and pushed out much more automatedly.

Once we had things going, I mean, we had everything installed I think, in a total of 10 minutes. That's running these installations concurrently of course, or in parallel. And on the windows side, I'd say over the course of a week, we are able to manually go into all of our workstations and get this installed. Being the COVID environment that it is right now, a lot of our employees are working remotely. A lot of that overhead in that week was simply negotiating when we can actually have the employee make their machine available, remotely.

Our first and foremost deployment was on our Linux front-end servers. We're thinking, get our production environment for a layer of protection right off the bat. So, we protected our web front end as most attackers would be coming through the front door, essentially, aka those web boxes. So, we figured that if we deployed there first that we'd get a nice level of protection.

From there, we did the installations of the windows front end or the endpoints of the window on the corporate side, just to make sure that employees that would be interfacing our source code, or our production environments, would have protection in place, not only to protect their own assets but to also protect the rest of the network that they'd be interfacing with. From there, we went back and upgraded or installed the backend Morphisec agents.

What about the implementation team?

We did our own deployment.

What was our ROI?

If there was a valid attack one could easily say that they could have tried to ransom us 20 million dollars.

What's my experience with pricing, setup cost, and licensing?

We pay per year, and per endpoint. So, if it's a Windows server, it has its own skew. Versus, a Linux server has its own skew. Pricing is a little bit different between those.

To cover 100 Windows endpoints we're at $5,699. It all comes with the annual maintenance and support crew.

Which other solutions did I evaluate?

We had looked at a couple of options, but none of them actually seemed to be really what we were looking for because Morphisec handles everything in-memory as things are going. Whereas it seems like a lot of those other tools out there, like Kaspersky and the like seem to be more reactive.

What other advice do I have?

My advice would be to really consider the reality. It's not a question of if you're going to get attacked by ransomware, it's a question of when. And while this seems like something that would be easy to kick down the road, in terms of evaluating the overall battlefield if you will, a ransomware attack will take down your organization. There's no doubt about it.

I would advise you to realize that with that inevitability and how much of your environment it can takedown or render useless. This would probably be one of the higher, first choices, and first endeavors you should make as you go into your source of security portfolio.

The biggest takeaway from this that I've had is, never underestimate would-be attackers. You have something on the internet, they're going to go for it. The other lesson I've learned is that sometimes users of computers do weird things, or do things differently than others would normally. That leaves the door open for would-be attackers of having tools like this in place. It will help you avoid headaches down the road.

I would rate Morphisec a nine out of ten.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
AG
VP IT at a retailer with 501-1,000 employees
Real User
Top 20
We have peace of mind that zero-day attacks are being prevented

Pros and Cons

  • "Morphisec makes use of deterministic attack prevention that doesn’t require investigation of security alerts. It changes the memory locations of where certain applications run. If you think of Excel, opening a PDF, running an Excel macro, or opening a webpage and clicking on a link, all of those actions run in a certain area of memory. Morphisec changes the memory locations of where those run."
  • "From a company standpoint, a little more interaction with the customers throughout the year might be beneficial. I would like check-ins from the Morphisec account executives about any type of Morphisec news as well as a bit more interaction with customers throughout the year to know if anything new is coming out with Morphisec, e.g., what they are working on in regards to their development roadmap. We tend not to get that up until the time that we go for a yearly renewal. So, we end up talking to people from Morphisec once a year, but it is usually at renewal time."

What is our primary use case?

We do a multi-layered security approach. Morphisec is really our last layer of defense. It is our insurance policy. So, if a vulnerability gets through the user, network security layer, and antivirus, then Morphisec will then come into the fight.

We have it deployed across all of our workstations and server environments. We have 800 workstation licenses and 75 server licenses. 

Right now, we are using 100% on-prem. We have just converted to Office 365. With that, we will be doing cloud hosting as well

How has it helped my organization?

In the last month, we have had two instances that Morphisec stopped, one with Internet Explorer (IE) and the second with another update. We don't know the specific vulnerability that was exploited. We shouldn't be using Internet Explorer here. So, it notified us:

  1. We had a user using IE.
  2. It prevented something. 

I don't know what vulnerability within IE that it was attacking, but it did go to attack a vulnerability, and Morphisec prevented that.

Morphisec makes use of deterministic attack prevention that doesn’t require investigation of security alerts. It changes the memory locations of where certain applications run. If you think of Excel, opening a PDF, running an Excel macro, or opening a web page and clicking on a link, all of those actions run in a certain area of memory. Morphisec changes the memory locations of where those run. 

If an attack comes in and the hackers are doing a vulnerability on an Excel macro, for example, they know macros are always deployed in a certain area of memory. They write their hacks to that area of memory. Morphisec removes that area of memory and deploys all macros into a different place. When the macro goes to run, it runs in that old area of memory, which no longer is running Excel macros. It basically goes to deploy and blows up, so nothing happens. By morphing the memory location, the hack still gets through, i.e., it doesn't stop the hack from getting through. However, when it goes to run, it doesn't do anything. From that standpoint, it's really looking at: If something happens, it is the last line of defense. 

We have a number of other applications that are more forward-thinking where we are looking at logs and training people as well as doing network security. But if a hacker actually gets through all of those different protocols and goes to deploy a vulnerability or malicious piece of code, it will deploy but not do anything. The reason it won't do anything is because Morphisec has moved that process to a different area. So, it is really after the fact. 

Morphisec is really good about sending us alerts of security incidents that have happened in the world, saying, "Okay, here is an incident that is happening. It is a zero-day and Morphisec protected it in our labs." They send those out as they come up. I usually get one a week. 

We heard there was a company that had deployed Morphisec on most of their servers, but not all of their servers. They actually got hit by a hacker. All of their servers that had Morphisec running were 100% protected. All of the servers that did not have Morphisec got hit. From my standpoint, we have Morphisec across the board. We are acquiring a few other companies, and one of the first things that we are doing is deploying Morpiesec to all the servers and workstations in those other companies.

What is most valuable?

What it does is valuable. A vulnerability might be able to potentially get through and still not be able to run. This is not a question of "If," but a question of "When" someone will get through. If they do get through into our environment, we are comfortable knowing that our last line of defense is Morphisec. A lot of times, without Morphisec, we wouldn't know until we knew. You either get the encryption or it could take a long time to understand. This solution is more of a peace of mind for us.

Morphisec stops attacks without needing knowledge of the threat type or reliance on indicators of compromise. Their development team has developed the security capabilities over a large number of different vulnerabilities, e.g., Adobe Acrobat or Excel macros. We don't have to be experts on any of these. More importantly, the zero-days concern me. All our other security software says that they can stop zero-day threats, but hackers are really good and this is really profitable for them. When the zero-day threats actually get used, it's nice knowing that we have Morphisec. 

We don't have false positives with Morphisec.

What needs improvement?

From a company standpoint, a little more interaction with the customers throughout the year might be beneficial. I would like check-ins from the Morphisec account executives about any type of Morphisec news as well as a bit more interaction with customers throughout the year to know if anything new is coming out with Morphisec, e.g., what they are working on in regards to their development roadmap. We tend not to get that up until the time that we go for a yearly renewal. So, we end up talking to people from Morphisec once a year, but it is usually at renewal time.

I tried to sign up for something, but I am still not getting any alerts when Morphisec releases a new version or when our console has been updated. So, I would like to be cognizant when any changes are being made or feature enhancements are added. It would just be helpful to be alerted when that stuff comes out.

Until we migrated to their cloud platform, I wasn't even aware that some of the updates were being pushed out. Then, I came to find out that we were two iterations behind a major release. So, getting those updates or bulletins are very helpful.

If I look at the dashboard, I can see one or two applications hit every once in a while for things like Internet Explorer or some Visual Basic Scripts. I can see that stuff is being prevented, but I don't know exactly if it is securing us in any way that we wouldn't have already had in place. Overall, I don't know 100% if it's increasing our security posture, but it does give us a nice peace of mind.

For how long have I used the solution?

We have been using it for two years.

What do I think about the stability of the solution?

It seems very stable and rock-solid because it is not causing any issues.

I don't require any maintenance on our side.

What do I think about the scalability of the solution?

There haven't been any issues with scalability since we have been on the cloud platform. We do not have to maintain the on-premises servers anymore. It is hosted in an AWS environment, which should be pretty easy to deploy once we add more employees.

Our technical resource is the solo admin at this current time. Two other people have access, but there is not much that we look at or review on it. We just make sure it gets deployed on all our endpoints. That is the only thing we really monitor. As for looking at the console, unless there is something that we need to look at, we are not really reviewing it.

How are customer service and technical support?

We get security bulletins and an email that says, "Hey, this vulnerability just took down whatever company." So, we get technical bulletins that say, "This new zero-day vulnerability just came out, we have tested and stopped it."

The technical support is pretty solid. I did have some issues after we migrated from versions, switching to the cloud version. I ran into a few deployment issues that turned out to be a bad package. They were able to help me with that. They have been pretty good. Anytime I have an issue or question, they are pretty responsive.

Which solution did I use previously and why did I switch?

Before Morphisec, we did not use anything greater than our normal antivirus or malware protection.

How was the initial setup?

The initial deployment was pretty straightforward. It was basically just following the included documentation and working with the admin at the time. We set up a package to push the install out to all our machines. Then, anything that was outside the default library. I added to the protector plan. Certain applications, like Notepad, weren't included in the original deployment. This is stuff that is specific to our environment, like Power BI.

Our deployment took about two weeks.

What about the implementation team?

My technical resource was the one who implemented Morphisec.

What was our ROI?

It has given us peace of mind that we won't be on the news. We do a good job with backups, but if we don't have to use them, that is much better. If the federal government and major corporations who have full-on security teams can get hacked and are vulnerable, then I am not going to say we are not vulnerable. So, for us, it is just a question of when. With Morphisec, at least when it does happen, I feel confident that we have in place solutions that will not only prevent it, but also let us know when something has happened.

Morphisec has 100% enabled our team to focus on other responsibilities or affected productivity. It has reduced our workload by one full-time employee. 

Our return on investment is that we haven't needed to have a full-time employee manage it. It hasn't taken away from our other initiatives. Efficiency is really where the savings is. We are getting peace of mind at a decent cost. We can see it working, and it doesn't take full-time resources to manage it.

What's my experience with pricing, setup cost, and licensing?

It is priced correctly for what it does. They end up doing a good deal of discounting, but I think it is priced appropriately.

Which other solutions did I evaluate?

Through the years, we looked at Darktrace as well as two or three others. They came with astronomical price tags, while I think Morphisec hit the better price point.

It was not just the initial price tag, but the number of people required to manage the solution. On some of the other solutions, we were able to knock down the pricing considerably, but we needed one to two full-time employees, which we don't have, just to manage the solution. With Morphisec, our technical resource is the main person who works on it. He spends less than two percent of his time managing Morphisec. It is plug and play. It doesn't take a lot of resources, which gives us more time savings as well as being more efficient.

Ease of implementation and ongoing management of the solution were the two top priorities. Our secondary priority would have been cost.

What other advice do I have?

Make sure you implement it on all machines, workstations, and servers. Don't buy it and miss some machines.

Morphisec says they haven't been hacked. From the instances that I have seen when doing research, I find that to be true. Time will tell, but so far it has been working for us.

We will be implementing the Morphisec Guard probably next month. We are just rolling out Microsoft Defender right now. We are evaluating it now. I think we have also started replacing our former antivirus. 

Windows Defender and Morphisec go hand in hand, at least from an antivirus standpoint. Morphisec was built to work with Defender, and Defender is a pretty good product. So, that is what we will be using moving forward. From an antivirus standpoint, we just switched our antivirus to Defender within the last month. Between Defender and Morphisec, we don't really have another antivirus need after that.

I would rate this solution as a seven or eight out of 10.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
JK
Senior Systems Admin at a transportation company with 501-1,000 employees
Real User
Clean UI and dashboard with cutting-edge technology behind it

Pros and Cons

  • "What's valuable is really the whole kit and caboodle of the Morphisec agent. What it does is genius, in a way, until the bad guys get wise to it. You set it up and then you watch the dashboard. There isn't really much tinkering."
  • "We have only had four attacks in the last year, "attacks" being some benign PDF from a vendor that, for some reason, were triggered. There were no actual attacks. They were just four false positives, or something lowly like adware. There have been false positives with both the on-premises solution and the cloud solution."

What is our primary use case?

We've been using Morphisec as a layered defense in our security plan. We have beefy firewalls and another antivirus; Morphisec isn't technically an antivirus. It's a protection agent. It's one of the layers of our security plan. We use it to defend ourselves from any sort of CryptoLocker attacks or ransomware drive-bys, and it should catch auto-executes that come from ads. We haven't been breached, as far as I'm aware.

We started with it on-prem and we had no complaints. It made sense. A cost analysis was done and on-premises cost less than the cloud, which is how things normally are. We used our own network so the cost was cut because they didn't have to use any of the load on their servers or network. It was all on us. But about a year ago they approached us and we were torn away from the on-premises solution. They made such a compelling cost-savings case for us to go to the cloud that it made sense to go to the cloud. We also got another service from them along with the protector, some sort of BI.

We're using it on all of our endpoints, servers and desktops that users touch. For servers that don't get touched by users, we don't have Morphisec on them because we just don't need it.

How has it helped my organization?

I wouldn't be doing Morphisec any favors saying, "Well I can't tell if it's working because the rest of our security posture seems to be taking care of anything else that gets through." Maybe it's not working at all. I can't tell. It would be useful to set up a virtual machine—and this is something I should bring up with our Morphisec person—and get some triggers that are actually on our dashboard so we can prove to management that Morphisec is doing what they said it was going to do. Worst case scenario, we have an infected virtual machine that I just blow away. The short answer is that we haven't seen it protect us from something yet. 

It hasn't taken anything off my plate. It's just a "gun under my pillow at night". It's something that we can tell our cyber-insurance people, "We have this, and this was used." In "Pretend-Land," where we got compromised, we can say, "We have all these layers of security and it managed to get through all of them, so we did our due diligence. Now please pay us for our losses."

What is most valuable?

What's valuable is really the whole kit and caboodle of the Morphisec agent. What it does is genius, in a way, until the bad guys get wise to it. You set it up and then you watch the dashboard. There isn't really much tinkering. As long as you did the install correctly, it should be pointing at your server and it will tell you a bunch of information on each client.

What needs improvement?

We have only had four attacks in the last year, "attacks" being some benign PDF from a vendor that, for some reason, were triggered. There were no actual attacks. They were just four false positives, or something lowly like adware. There have been false positives with both the on-premises solution and the cloud solution.

I'd rather see false positives than not seeing anything. If I see nothing then I literally cannot tell if it's working or not. But there are some false positives that are ambiguous enough to be caught.

For how long have I used the solution?

We have been using Morphisec for about two years.

What do I think about the stability of the solution?

I don't look at the dashboard every day, but the on-premises solution was flawless. If the network was down between the clients and the server in our local area, we would be in trouble. But Morphisec's AWS implementation has been stable as a rock.

What do I think about the scalability of the solution?

I believe it's scalable. I don't know what the upper limit is. Our company is a medium-sized business, with about 100 end-users and 500 employees in total. Morphisec easily holds those 100 users.

All the end-users are using the solution, meaning the solution is attempting to protect them from the silly mistakes that they make. But there are only two of us who actually look at the dashboard.

The business is growing so we do increase the number of clients. Whenever we add a new computer, we add Morphisec to it. Once we get to version 5, we'll revisit the ATP integration.

Which solution did I use previously and why did I switch?

We didn't have a solution before Morphisec for this specific layer of defense, for the CryptoLocker/ransomware niche. We had an antivirus.

The demos worked great. They would open a bad file on a virtual machine and we watched the CryptoLocker being stopped in real time. It's hard to compare with that.

How was the initial setup?

The initial setup was definitely straightforward. It has to go on every computer. There's a different installer for desktops versus servers. You just choose which one is which. We use PDQ Deploy, and a script that the onboarding technician helped us with, and it worked. It ran perfectly. We even have scripts for uninstalling it and installing the newer version, and Morphisec assisted us with that. It was definitely easy to do.

Before I saw the version 5 update and the notes on that, about how it's going to update automatically, I'd say the implementation was a slight pain. It wasn't a huge pain but you can't really get away from how you have to install this on all your computers. However, they actually made that process very easy, and I can do it with just a couple clicks to almost an entire organization, as long as computers are online.

Over the course of a day, it took about two hours to get the script going and select all the computers for each kind of installer. I kept running it over the course of the day because certain computers would be turned off or they were restarting. I had to do a good couple of runs of it, but it was very simple and quick.

Since there was nothing already doing what Morphisec does, on the computers, and Morphisec plays well with the current antivirus that we are using, we just installed on each computer remotely and it started working. We watched the dashboard fill right up in a matter of minutes.

We're not on the latest version but I'm actually excited for the latest version because it will do away with the manual updating process. The clients will start to update themselves. We will have to wait until one of our Morphisec representatives reaches out to us so that we can get the installer for the newest version. Version 5 is where it begins self-updating. Until now, I've had to manually update each time we wanted to do an update. The new one will mean I won't need to be worrying about updating or if the versions are out of date.

In terms of working with the solution, if Morphisec says, "Hey you're going over the number of licenses," we look to see how many are offline and we look at the versions. We look at it just to make sure that everything is going okay. We have alerts for when there's a threat. We get emailed saying, "Hey, look at this. There's a threat going on on XYZ computer."

What was our ROI?

I haven't seen ROI because I haven't seen a threat that it has protected against, exactly. If you're always wearing a bulletproof vest and you never get shot, was the vest worth it? I'd rather have it than not have it.

What's my experience with pricing, setup cost, and licensing?

We looked across the rest of the security field and we spent more money on Morphisec than other solutions that do a similar thing, but the demos that we've seen were impressive enough to sway management. The technology behind it is clever enough for us to think it's cutting edge. It didn't save us money but we spent money on it because we thought it would be a good product.

Which other solutions did I evaluate?

The way that they explained how their solution works was more in-depth than other solutions that we were looking at. It looks cleaner. It has a good UI for the dashboard. It's not overbearing with security tabs and a lot of other stuff. It tells you, "Here's the list of all of your protectors. Here are all the threats. Here's the dashboard that gives you a little bit of everything," but not in an overwhelming way.

What other advice do I have?

It sells itself, honestly. My advice to others looking into implementing Morphisec would be to use PDQ Deploy. The hardest part was getting all of the endpoints protected in a timely manner, but Morphisec assisted us with that. They suggested PDQ Deploy, which is a great tool. Implementation went so smoothly because of that.

Morphisec provides full visibility into security events from Microsoft Defender and Morphisec in one dashboard, although we're not currently utilizing that feature. We're definitely interested in it. The reason we're not using it is because you have to purchase the upgraded version of Defender for Microsoft. We thought it was the regular Defender that each one comes with, but it's actually ATP, Advanced Threat Protection. That's what integrates with Morphisec. We're just waiting for the CFO to say, "All right, who wants a bigger budget?" and we'll say, "Yes, us, please: ATP." We would do it if we could bend our CFO's arm to get that kind of protection.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
Norman Kromberg
VP of Info Security at SouthernCarlson, Inc.
Real User
Top 20
Does a good job of reporting when it detects anomalous behavior

Pros and Cons

  • "Morphisec makes it very easy for IT teams of any size to prevent breaches of critical systems because of the design of their tool. When we evaluated Morphisec, the CIO and I sat and listened. What attracted us to them is the fact that it stops activity at the point of detection. That saves a lot of time because now we are not investigating and trying to trace down what to turn off. We have already prevented it, which makes it very much safer and more secure."
  • "Morphisec is a venture startup. They are still early in their growth stage. They need to get mature on their customer support and on how they interface with system tools. For example, they need to get multifactor in place and an API for the major multi-factor systems, e.g., Okta, Duo, Ping, and Microsoft. They don't have them built in yet. They are working on them. It is just not there yet. Also, their stability, customer support, and processes need improvement, which is just part of maturity."

What is our primary use case?

We purchased Morphisec to protect our endpoints from anomalous behavior. The biggest use case would be to prevent ransomware, but also to detect other unnecessary programs running on devices. So, the use case has been endpoint protection, both for servers and endpoints, e.g., laptops and desktops.

We do a multi-layered defense in-depth. They are our primary prevention at the endpoints for anomalous behavior. I would classify it as a preventative tool, since Morphisec blocks and prevents execution. So, I would put it at the preventative layer.

We have agents on all of our endpoints and servers pointing to their cloud instance.

How has it helped my organization?

Morphisec makes it very easy for IT teams of any size to prevent breaches of critical systems because of the design of their tool. When we evaluated Morphisec, the CIO and I sat and listened. What attracted us to them is the fact that it stops activity at the point of detection. That saves a lot of time because now we are not investigating and trying to trace down what to turn off. We have already prevented it, which makes it very much safer and more secure.

What is most valuable?

The biggest feature is its ability to prevent. Here is the interesting thing with a tool like Morphisec. You implement it almost as an insurance policy. If it works, nothing happens. If it fails, you have bad things occurring. So far, nothing terrible has happened. It does a good job of reporting when it detects anomalous behavior so we can research it. However, the key is that we can research in a much calmer fashion, since we do not need to uninstall because it blocks the activity.

What needs improvement?

Morphisec is a venture startup. They are still early in their growth stage. They need to get mature on their customer support and on how they interface with system tools. For example, they need to get multifactor in place and an API for the major multi-factor systems, e.g., Okta, Duo, Ping, and Microsoft. They don't have them built in yet. They are working on them. It is just not there yet. Also, their stability, customer support, and processes need improvement, which is just part of maturity.

For how long have I used the solution?

My company has been using Morphisec since mid-December of 2020.

I have been aware of Morphisec since I worked for Optiv and met one of the key sales people back in 2015 or 2016. When I was at that company, I was a consultant helping companies with their roadmaps. So, we connected there and got Morphisec introduced to Optiv, the company I was working with then, who is also a VAR. Therefore, it was getting the product in via another sales route or sales channel.

What do I think about the stability of the solution?

It takes less than one person to deploy and maintain the solution. So far, we have not had to do maintenance. The biggest thing that we are working with Morphisec right now on is the multi-factor interface enhancement.

What do I think about the scalability of the solution?

We have had no issues with scalability. It's worked fine.

We have probably 10 people between our help desk, Tier 2, and executives accessing the system and using the dashboards, which has been pretty straightforward and easy to do.

In the system, our IT people research alerts. We get a daily report of all the events from the prior day. If there was a critical alert, the help desk will go out and research to see if they need to do anything with the endpoint. They have to go into the system to monitor and look at it. If we are running into an issue on a particular server and endpoint, we may go out there to see if there was any indication of an issue or if the actual agent is causing a problem. We have yet to find that the agent is causing a problem, but that is why they potentially would go out there.

It is on every endpoint, e.g., laptops, desktops, and servers, which is pretty extensive. We may expand into their incident response process and a number of other things that we can use them for, but that will be evaluated as we go into our budget cycle at the end of the year.

How are customer service and technical support?

I would rate Morphisec technical support as eight out of 10. They have just been very responsive. They are very strong at follow-up. They won't close tickets until we tell them to. They are very much a customer service focused group. They have been very good at tech support, providing knowledge, information, etc.

Which solution did I use previously and why did I switch?

Morphisec makes use of deterministic attack prevention that doesn’t require investigation of security alerts. We didn't have a protection layer prior to Morphisec, so we added it. The key is the amount of work by the team is minimal. So, it did not increase our workload. We did not have to add staff. It has been a positive benefit that way.

This solution was an additive layer that we didn't have before. So far, it has been successful in the sense that it has not caused us to add resources. So, we have been able to get layer protection without additional expense, in terms of staff. That is a good thing.

How was the initial setup?

The initial setup was very straightforward. It was simple to install the agent. They provided good support. It was just a push, then it just took minutes to get the process rolling. We could monitor how well it rolled out, and they were there to support us. This was one of the easiest that we have ever done.

The deployment took a day or two in total actual work time, so we could confirm it reporting in on the dashboard. 

It probably took us a week or two to get it rolled out to all the devices because of our change control windows. 

We put it in the most conservative setting that we could for prevention. We did roll through certain applications for the logic of what not to include, but they had a pretty good baseline for what we should reference. We then just pushed the agents with some logic on the change windows. So, we did all the desktops and laptops first, then the servers. It was a pretty straightforward implementation.

What was our ROI?

Morphisec helps us save money on our security stack. We probably would have spent $100,000 more on a different solution. So, it did save us on that expense.

What's my experience with pricing, setup cost, and licensing?

It is an annual subscription basis per device. For the devices that we have in scope right now, it is about $25,000 a year.

Which other solutions did I evaluate?

We also evaluated CrowdStrike, Cylance, and SentinelOne. CrowdStrike and Cylance were way too expensive. You could also throw in Sophos and Symantec in there. All those were too expensive and burdensome. SentinelOne was interesting. We were able to get better pricing and better access to the top people at Morphisec, and that is why we went with Morphisec.

We do not use Morphisec for antivirus at this time. We are using another tool for antivirus, but we will look at Morphisec Guard when that license is up.

What other advice do I have?

Don't overthink it. Just do it. Follow the directions of Morphisec and go for it, but make sure you understand what your application stack is before you go full bore, so you don't create false positives. However, they are easy to work with in those terms.

The reality is nobody ever gets to a single pane of glass or a single dashboard. Those claims are made by vendors, even Morphisec will make it. The problem is you have so many layers in your security stack that you will never get to a single pane of glass. So, I never have that as a requirement because I know it is not attainable.

We do not have Microsoft Defender in place, but so far it is providing visibility for what it is installed on.

While I have known of the company since 2016, they are still a startup. They are still equity-backed. I don't know where they are going to end up, but right now I am confident that they have good backing and financial resources. They got a new round of funding just after the first of the year. That is always a good sign.

Biggest lesson is the amount of discipline required in our company to stay current. Morphisec highlights breakdowns that we have in process and procedure, which is a good thing, but it's highlighted to us that we need to be a little bit more disciplined.

I would rate Morphisec as nine out of 10.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
Buyer's Guide
Download our free Morphisec Breach Prevention Platform Report and get advice and tips from experienced pros sharing their opinions.