Try our new research platform with insights from 80,000+ expert users

HackerOne vs Morphisec comparison

HackerOne and Morphisec are both solutions in the Vulnerability Management category. HackerOne is ranked #39 with an average rating of 8.0, while Morphisec is ranked #27 with an average rating of 9.0. Additionally, 83% of HackerOne users are willing to recommend the solution, compared to 100% of Morphisec users who would recommend it.
HackerOne
Read 4 HackerOne reviews
  • 183 Views
  • 154 Comparison Views
83% willing to recommend
Morphisec
Read 21 Morphisec reviews
  • 237 Views
  • 126 Comparison Views
100% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Jul 14, 2024

HackerOne and Morphisec are two prominent products in the security space, each offering unique features and value propositions. Morphisec appears to have an upper hand due to its robust features and preventive technology, which justifies its higher price.

Features: HackerOne is highlighted for its extensive vulnerability reporting, community engagement, and intuitive platform for managing security issues. Morphisec stands out for its advanced threat prevention, automated defenses, and proactive protection capabilities.

Room for Improvement: HackerOne users suggest enhancements in the rewards distribution system, more expansive integrations, and better user documentation. Morphisec users recommend improved reporting capabilities, more intuitive management tools, and better customization options.

Ease of Deployment and Customer Service: HackerOne is commended for its straightforward deployment and responsive customer service. Users find it easy to integrate into existing workflows. Morphisec’s deployment is praised for its effectiveness but noted for its slightly more complex setup due to advanced configurations. Its customer service is highly rated for resolving issues promptly.

Pricing and ROI: HackerOne offers competitive pricing, making it accessible for various budgets. Users report a good ROI due to effective vulnerability management. Morphisec’s pricing is higher, reflecting its advanced features, and users acknowledge a significant ROI attributed to its strong protection capabilities.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed HackerOne vs. Morphisec Report (Updated: October 2024).
Buyer's Guide
HackerOne vs. Morphisec
October 2024
Download the complete report
Helped 814,528 peers since 2012
 

Categories and Ranking

HackerOne
Ranking in Vulnerability Management
39th
Average Rating
8.6
Number of Reviews
4
Ranking in other categories
Application Security Tools (32nd), Bug Bounty Platforms (1st), Penetration Testing Services (2nd), Attack Surface Management (ASM) (12th)
Morphisec
Ranking in Vulnerability Management
27th
Average Rating
9.2
Number of Reviews
21
Ranking in other categories
Endpoint Protection Platform (EPP) (43rd), Advanced Threat Protection (ATP) (24th), Endpoint Detection and Response (EDR) (32nd), Cloud Workload Protection Platforms (CWPP) (18th), Threat Deception Platforms (10th)
 

Featured Reviews

Hrithik Kumar - PeerSpot reviewer
May 28, 2024
Offers bug bounty opportunities and helps to earn extra money
In college, I started using HackerOne and taught my 10-20 juniors how to use it. I'm sure they might still be using it in their lives right now. The biggest challenge integrating HackerOne into my existing security protocols has been on my side, not the tool's. I need to take the time out to use and practice with it, but currently, I'm unable to give it the time I used to. There's no issue from the application side. To use the tool, you first need a basic knowledge of cybersecurity terms, like exploits and vulnerabilities, and how to identify them. Once familiar with these basics, you can learn more from the resources and platforms HackerOne provides. They offer tickets and guides to help you understand the methods for finding and exploiting vulnerabilities. Before deciding to use the solution in your organization, consider the purpose. HackerOne is a multi-platform. If the goal is to spread awareness about cybersecurity or to make the security team more active in learning about hacking methods and new vulnerabilities, then it can be very effective. It allows the team to earn extra money while learning and exploring new vulnerabilities in the market, potentially even finding zero-day vulnerabilities. I would rate HackerOne around an eight to nine out of ten. The application is simple to use, offering numerous opportunities and scopes for exploration. It covers many platforms, including web, Android, and iOS applications. However, the high traffic can sometimes be a drawback. If they manage this issue by implementing features like consolidation pricing for duplicate vulnerabilities, it could easily be a ten out of ten.
Read full review
Islam Shaikh - PeerSpot reviewer
Oct 19, 2022
Lightweight, detects everything quickly, and takes corrective action
We sometimes have to depend on the support team to know what action we should take. If the solution for an alert can be built into the report that we are getting, it will save time, and the interaction with support would be less. At times, corrective action is required, but at times, we don't need to take any action. It would be good if we get to know in the report that a particular infection doesn't require any action. It will save us time and effort. Other than that, nothing else is required. They have taken care of everything. We are getting alerts, and we can have multiple admins. We get a good model with this view.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Apart from getting all the bug bounty opportunities, we also get the chance to practice in a safe environment, like a demo setup. These features are great for beginners who want to explore bug bounties in the future."
"The most valuable feature of HackerOne is its variety of programs. These programs provide depth into various areas, such as mobile, API, and websites."
"It helps me to get new sales, profits, and other benefits."
"Morphisec Guard enables us to see at a glance whether our users have device control and disk encryption enabled properly. This is important because we are a global company operating with multiple entities. Previously, we didn't have that visibility. Now, we have visibility so we can pinpoint some locations where there are machines that are not really protected, offline, etc. It gives us visibility, which is good."
"Morphisec provides full visibility into security events from Microsoft Defender and Morphisec in one dashboard. Defender and Morphisec are integrated. It's important because it lowers the total cost of maintenance on the engineer's time, more or less. So the administrative time is dramatically reduced in maintaining the product. This saves an engineer around four to five hours a week."
"It provides full visibility into security events and from both solutions in one dashboard. I'm not a big security guy, if I have a threat that looks like there's a problem, I will ask Morphisec to dissect it for me, and tell me what might be happening. Because it tends to be all hash codes, so I can tell what's going on. They've been pretty good with that."
"All the alerts are on the dashboard, which is quite simple and useful for us. You can easily check all the alerts that are being blocked or allowed, or whatever the action is. You can easily see that and you can take the necessary actions. You can add a PowerShell extension or any activities for blocking at your network level or for endpoints."
"Morphisec makes use of deterministic attack prevention that doesn’t require investigation of security alerts. It changes the memory locations of where certain applications run. If you think of Excel, opening a PDF, running an Excel macro, or opening a webpage and clicking on a link, all of those actions run in a certain area of memory. Morphisec changes the memory locations of where those run."
"Morphisec is a straightforward solution that is efficient and very stable."
"What's valuable is really the whole kit and caboodle of the Morphisec agent. What it does is genius, in a way, until the bad guys get wise to it. You set it up and then you watch the dashboard. There isn't really much tinkering."
"Since using Morphisec we have seen a downturn in attacks because Morphisec protects us versus Defenders and whatnot that are signature-based. I know we have not had any issues with ransomware or other zero-day attacks that we've seen with machines that, all of a sudden, have become before we instituted the product. Now the machine had to be re-imaged and there was a loss of data because something was on the machine. You couldn't really determine what was on the machine because nothing was picking it up. The products we were using weren't picking it up."
More Morphisec pros
 

Cons

"Response time can be improved. The HackerOne Trust team can be slow to respond sometimes. They're not using AI, which could help reduce the number of duplicate reports."
"One issue I've experienced is traffic. Many people try to participate when an opportunity with a bounty of around 1,000-15,000 dollars comes up. In this case, the first person to report the vulnerability gets the bounty. If a second person reports the same vulnerability, they are marked as duplicated instead of receiving some recognition. The second person also invested time finding the issue, so I think this can be improved."
"The ability to view the conversation between the triagers and the programs will be really good."
"Automating reports needs improvement. I would like to have better reporting capabilities within it or automated reporting to be a little bit more dynamic. That's something I know they're working on. We literally are in the process. We started the process a week and a half ago of going to their latest version, so I've not seen their latest one up and running yet."
"If anything, tech support might be their weakest link. The process of getting someone involved sometimes takes a little time. It seems to me that they should have all the data they need to let me know whether an alert is legitimate or not, but they tend to need a lot of information from me to get to the bottom of something. It usually takes a little longer than I would expect."
"In the Windows Defender integration, they have put in a report of computers that need Windows Defender updates. If those updates could be kicked off directly from the dashboard, instead of having to go to another system entirely, that would be good."
"From a company standpoint, a little more interaction with the customers throughout the year might be beneficial. I would like check-ins from the Morphisec account executives about any type of Morphisec news as well as a bit more interaction with customers throughout the year to know if anything new is coming out with Morphisec, e.g., what they are working on in regards to their development roadmap. We tend not to get that up until the time that we go for a yearly renewal. So, we end up talking to people from Morphisec once a year, but it is usually at renewal time."
"The only area that really needs improvement is the reporting functionality. Gathering the detailed information that is in the system for an executive, or for me as a director, could be better. Some of the interface and reporting aspects are a little bit dated. They're working on it."
"Sometimes it generates false positive alerts. They need to continue working on that. They have provided solutions for it and have fixed issues with updated versions. The service is quite good but they need to work on it more so that there are no false positive alerts."
"We sometimes have to depend on the support team to know what action we should take. If the solution for an alert can be built into the report that we are getting, it will save time, and the interaction with support would be less. At times, corrective action is required, but at times, we don't need to take any action. It would be good if we get to know in the report that a particular infection doesn't require any action. It will save us time and effort."
"It might be a bit much to ask, but we are now beginning to use Morphisec Scout, which provides vulnerability information. At this time, it's recognizing vulnerabilities and reporting them to us, but it's not necessarily resolving them. There's still a separate manual process to resolve those vulnerabilities, primarily through upgrades. We have to do that outside of Morphisec. If Morphisec could somehow have that capability built into it, that would be very effective."
More Morphisec cons
 

Pricing and Cost Advice

"The solution is free."
"The tool is open-source and free for bug bounty hunters."
"Our licensing is tied into our contract. Because we have a long-term contract, our pricing is a little bit lower. It is per year, so we don't get charged per endpoint, but we do have a cap. Our cap is 80 endpoints. If we were to go over 80, when we renewed our contract, which is not until three years are over. Then, they would reevaluate, and say, "Well, you have more than 80 devices active right now. This is going to be the price change." They know that we are installing and replacing computers, so the numbers will be all over the place depending on whether you archive or don't archive, which is the reason why we just have to keep up on that stuff."
"It is a little bit more expensive than other security products that we use, but it does provide us good protection. So, it is a trade-off."
"The pricing is definitely fair for what it does."
"It is an annual subscription basis per device. For the devices that we have in scope right now, it is about $25,000 a year."
"Compared to their competitors, the price of Morphisec is not that high. You can easily deploy it on a large-scale or small-scale network."
"Licenses are per endpoint, and that's true for the cloud version as well. The only difference is that there is a little extra charge for the cloud version."
"Price-wise, it's on the higher side. A traditional antivirus solution is cheaper, but in terms of security and manageability, its ROI is better than a traditional antivirus. I would recommend it to anybody evaluating or considering an antivirus solution. If your system gets compromised, the cost of ransom would be a lot more. This way, it saves a lot of cost."
"We are still using a separate tool. I know for our 600 or I think we're actually licensed for up to 700 users, it runs me 23 or $24,000 a year. When you're talking to that many users plus servers being protected, that's well worth the investment for that dollar amount."
More Morphisec pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
See recommendations
814,528 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
17%
Manufacturing Company
11%
Financial Services Firm
11%
University
8%
Financial Services Firm
15%
Computer Software Company
12%
Manufacturing Company
12%
Outsourcing Company
9%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What is your experience regarding pricing and costs for HackerOne?
It is free.
See all answers
What needs improvement with HackerOne?
The ability to view the conversation between the triagers and the programs will be really good. When an issue gets reported, the understanding conveyed to the program by the triagers is not visible...
See all answers
What is your primary use case for HackerOne?
I mainly use it for downtime activities, earning extra cash alongside a full-time job, and to get new sales and profits.
See all answers
What do you like most about Morphisec Unified Threat Prevention Platform?
Morphisec's in-memory protection is probably the most valuable feature because it stops malicious activity from occurring. If something tries to install or act as a sleeper agent, Morphisec will de...
See all answers
What is your experience regarding pricing and costs for Morphisec Unified Threat Prevention Platform?
Morphisec is reasonably priced because our parent company's other subsidiaries use different products like CrowdStrike. CrowdStrike is four or five times more expensive than Morphisec. The competit...
See all answers
What needs improvement with Morphisec Unified Threat Prevention Platform?
We have discovered some bugs in the new releases that they've had to fix, so I would like to see more testing and QA on their side before they release.
See all answers
 

Comparisons

Bugcrowd vs HackerOne Logo
Bugcrowd vs HackerOne
Compared 31% of the time
Intigriti vs HackerOne Logo
Intigriti vs HackerOne
Compared 23% of the time
YesWeHack vs HackerOne Logo
YesWeHack vs HackerOne
Compared 16% of the time
Synack vs HackerOne Logo
Synack vs HackerOne
Compared 15% of the time
Cobalt vs HackerOne Logo
Cobalt vs HackerOne
Compared 5% of the time
More HackerOne Competitors
CrowdStrike Falcon vs Morphisec Logo
CrowdStrike Falcon vs Morphisec
Compared 41% of the time
Code42 Incydr vs Morphisec Logo
Code42 Incydr vs Morphisec
Compared 14% of the time
SentinelOne Singularity Complete vs Morphisec Logo
SentinelOne Singularity Complete vs Morphisec
Compared 13% of the time
Cortex XDR by Palo Alto Networks vs Morphisec Logo
Cortex XDR by Palo Alto Networks vs Morphisec
Compared 7% of the time
Halcyon vs Morphisec Logo
Halcyon vs Morphisec
Compared 7% of the time
More Morphisec Competitors
 

Product Reports

Buyer's Guide
Vulnerability Management
October 2024
HackerOne reportDownload HackerOne product report
Buyer's Guide
Morphisec
October 2024
Morphisec reportDownload Morphisec product report
 

Also Known As

HackerOne Assets, HackerOne Pentesting Services, HackerOne Security Assessments, HackerOne Vulnerability Management
Morphisec, Morphisec Moving Target Defense
 

Learn More

HackerOne
Morphisec
 

Overview

HackerOne becomes your partner who executes all aspects of your bug bounty program, including triage, bounty pricing, and hacker relations, allowing you to fully focus on fixing vulnerabilities.

Morphisec's cybersecurity platform is centered around its Moving Target Defense technology. This innovative approach is designed to prevent attacks by making the system environment dynamically unpredictable to attackers, thereby neutralizing zero-day threats, evasive malware, and in-memory exploits without requiring prior knowledge of attack patterns. Unlike traditional security systems that rely on detection and response strategies, Morphisec operates on the principle of attack prevention, reducing the system's attack surface and minimizing security operation efforts.

Morphisec provides cybersecurity defense solutions that protect against advanced threats through proactive and predictive security measures. Key features include Moving Target Defense, which Constantly changes system memory and application structures, making them hard to target. Also, Morphisec enables threat-hunting and visibility by providing detailed forensic data on blocked attacks, enabling advanced threat-hunting capabilities.

    Morphisec’s key capabilities include:

    • Anti-ransomware: Advanced ransomware protection leveraging dedicated AMTD mechanisms for safeguarding against ransomware attacks, from early attack stages to the impact/encryption phase.
    • Credential theft protection: Advanced credential theft protection leveraging AMTD for safeguarding against Infostealer/credential stealing attacks
    • Enhanced cyber-resilience: Implementing AMTD to efficiently mitigate the costs associated with recovery from advanced, previously unknown evasive threats, thereby bolstering overall cyber defense strategy.
    • Prevention-first security: Prevents threats without prior knowledge: signatures, behavioral patterns, or indicators of attacks (IoAs).
    • Operational efficiency: Providing simple installation with negligible performance impact and no additional staffing requirements. 
    • Lower IT and security costs: Significantly reducing security analyst alert triage time and costs due to early prevention, exact threat classification and prioritization of high-risk alerts.
    • Risk-based vulnerability prioritization for exposure management: Empowering organizations with continuous business context and risk-driven remediation recommendations, enabling effective prioritization of patching processes and reduced exposure with patchless protection, powered by AMTD.  
    • Flexible deployment: Offering a SaaS-based, multi-tenant and API-driven platform. 
    • Incident Response Services: The Morphisec Incident Response Team works collaboratively with client organizations to triage critical security incidents and conduct forensic analysis to solve immediate cyberattacks as well as provide recommendations for reducing the organization's risk exposure. Morphisec's team helps to identify and resolve unknown threats to get organizations' networks restored quickly.

    Morphisec is particularly effective in industries such as finance, healthcare, and government, where highly sensitive data is often targeted. Its ability to provide robust protection without the need for extensive updates makes it suitable for environments where system stability and uptime are critical.

    In summary, Morphisec offers a proactive cybersecurity solution designed to outsmart modern cyber threats through a strategic, preventative approach, making it an excellent choice for organizations aiming to bolster their defenses against sophisticated attacks.

     

    Sample Customers

    Zenefits, Adobe, Yelp
    Lenovo/Motorola, TruGreen, Covenant Health, Citizens Medical Center
    Buyer's Guide
    HackerOne vs. Morphisec
    October 2024
    Free Report: HackerOne vs. Morphisec
    Find out what your peers are saying about HackerOne vs. Morphisec and other solutions. Updated: October 2024.
    DOWNLOAD NOW
    814,528 professionals have used our research since 2012.
    See our HackerOne vs. Morphisec report.
    See our list of best Vulnerability Management vendors.

    We monitor all Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.