Morphisec vs Qualys CyberSecurity Asset Management comparison

Morphisec and Qualys are both solutions in the Vulnerability Management category. Morphisec is ranked #30 with an average rating of 9.0, while Qualys is ranked #10 with an average rating of 9.2. Additionally, 100% of Morphisec users are willing to recommend the solution, compared to 100% of Qualys users who would recommend it.

Morphisec

Read 21 Morphisec reviews

230 Views
133 Comparison Views

100% willing to recommend

Qualys CyberSecurity Asset ...

Read 17 Qualys CyberSecurity Asset Management reviews

289 Views
186 Comparison Views

100% willing to recommend

Morphisec

Qualys CyberSecurity Asset ...

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Jan 16, 2025

Morphisec and Qualys CyberSecurity Asset Management compete in the cybersecurity solutions category. Based on feature comparisons, Morphisec has the upper hand due to its real-time threat prevention and integration capabilities.

Features: Morphisec stands out for its unique in-memory attack prevention, seamless integration with Microsoft Defender, and zero-day threat protection, providing real-time visibility into security events without pre-existing signatures. Qualys CSAM excels in asset discovery and inventory management, offering extensive tagging and classification for enhanced visibility into risks associated with complex IT infrastructures.

Room for Improvement: Morphisec users desire more proactive communication about product updates and enhanced reporting and filtering options; improvements in integration with multifactor systems are also recommended. Qualys CSAM could benefit from better scan frequency control, a more intuitive user interface, and refinement in tagging, asset categorization, and integration capabilities, particularly for smaller enterprises.

Ease of Deployment and Customer Service: Morphisec offers flexibility across Public, Private, and Hybrid Cloud environments and is backed by responsive customer support, though some language barriers exist. Qualys CSAM supports diverse deployment environments and provides effective technical support during cloud transitions, despite some reports of longer resolution times.

Pricing and ROI: Morphisec is seen as competitively priced, delivering clear ROI through a reduction in cybersecurity incidents, even though it's pricier than traditional antivirus solutions. Qualys CSAM, while potentially costly for smaller organizations, delivers significant value through comprehensive asset management and integration, proving a worthwhile investment for large enterprises.

To learn more, read our detailed Morphisec vs. Qualys CyberSecurity Asset Management Report (Updated: January 2025).

Buyer's Guide

Morphisec vs. Qualys CyberSecurity Asset Management

January 2025

Download the complete report

Helped 831,020 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Morphisec

Ranking in Vulnerability Management

30th

Average Rating

9.2

Reviews Sentiment

7.5

Number of Reviews

Ranking in other categories

Endpoint Protection Platform (EPP) (42nd), Advanced Threat Protection (ATP) (24th), Endpoint Detection and Response (EDR) (33rd), Cloud Workload Protection Platforms (CWPP) (19th), Threat Deception Platforms (10th)

Qualys CyberSecurity Asset ...

Ranking in Vulnerability Management

10th

Average Rating

9.2

Reviews Sentiment

7.7

Number of Reviews

Ranking in other categories

Patch Management (7th), Cyber Asset Attack Surface Management (CAASM) (2nd), Attack Surface Management (ASM) (4th), Software Supply Chain Security (6th)

Featured Reviews

Islam Shaikh

Senior Manager - IT at IndiGrid Limited

Lightweight, detects everything quickly, and takes corrective action

We sometimes have to depend on the support team to know what action we should take. If the solution for an alert can be built into the report that we are getting, it will save time, and the interaction with support would be less. At times, corrective action is required, but at times, we don't need to take any action. It would be good if we get to know in the report that a particular infection doesn't require any action. It will save us time and effort. Other than that, nothing else is required. They have taken care of everything. We are getting alerts, and we can have multiple admins. We get a good model with this view.

Read full review

Revathi VeeraRaghavan

Senior Process Executive at Infosys

Provides comprehensive visibility and covers the complete attack surface

For some of the software, there was no life cycle or general information. We wanted them to give details in the database as and when the software comes. I raised a ticket for that, and after that, they updated the details for more than one million software. They should address the false positives generated in EASM. It is fetching assets that have Infosys as the keyword. They should fix that. When we click on the web application, it only shows potential web assets. The application details are not there. Overall, CSAM has matured a lot. These are the few enhancements that need to be done.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"We have seen it successfully block attacks that a traditional antivirus did not pick up."

"I really like the integration with Microsoft Defender. In addition to having third-party endpoint protection, we're also enabling Defender... I like the reporting that we get from Defender, when it comes in. I like that it's one console showing both Morphisec and Defender where it provides me with full visibility into security events from Defender and Morphisec."

"Morphisec's in-memory protection is probably the most valuable feature because it stops malicious activity from occurring. If something tries to install or act as a sleeper agent, Morphisec will detect and stop it."

"Morphisec stops attacks without needing to know what type of threat it is, just that it is foreign. It is based on injections, so it would know when a software launches. If a software launches and something else also launches, then it would count that as anomalous and block it. Because the software looks at the code, and if it executes something else that is not related, then Morphisec would block it. That is how it works."

"Since using Morphisec we have seen a downturn in attacks because Morphisec protects us versus Defenders and whatnot that are signature-based. I know we have not had any issues with ransomware or other zero-day attacks that we've seen with machines that, all of a sudden, have become before we instituted the product. Now the machine had to be re-imaged and there was a loss of data because something was on the machine. You couldn't really determine what was on the machine because nothing was picking it up. The products we were using weren't picking it up."

"The simplicity of the solution, how easy it is to deploy and how small it is when deployed as an agent on a device, is probably the biggest aspect, given what it can do."

"Morphisec provides full visibility into security events from Microsoft Defender and Morphisec in one dashboard. Defender and Morphisec are integrated. It's important because it lowers the total cost of maintenance on the engineer's time, more or less. So the administrative time is dramatically reduced in maintaining the product. This saves an engineer around four to five hours a week."

"Morphisec makes use of deterministic attack prevention that doesn’t require investigation of security alerts. It changes the memory locations of where certain applications run. If you think of Excel, opening a PDF, running an Excel macro, or opening a webpage and clicking on a link, all of those actions run in a certain area of memory. Morphisec changes the memory locations of where those run."

More Morphisec pros

"The fact that it is integrated makes it very easy to understand."

"Qualys CyberSecurity Asset Management offers valuable features such as continuous vendor support, rapid response times, dedicated vendor partnerships, and advanced technical capabilities for risk identification."

"Our favorite features are the tagging and the ability to quickly find assets in the portal."

"When you implement a dynamic tag using a query, you do not need to manually tag all the servers. It categorizes all the servers that come under that query. The tagging part is automatically done within a few minutes. It reduces the effort."

"Qualys CSAM is valuable for providing end-of-life and end-of-sale information. It gives me visibility into the number of products or hardware items that are end-of-life."

"The best feature is asset discovery through their cloud agent or IP-based scanning."

"I like the EASM part because it provides visibility into unmanaged assets that are public-facing."

"The scanning results are pretty good, and some insights are quite valuable."

More Qualys CyberSecurity Asset Management pros

Cons

"The dashboard is the area that requires the most improvement. We have about, I would say 5,500 computers currently, and searching through all of those takes some time to filter. So as soon as you apply the filter, it takes a few seconds. It crunches, it thinks, and then it brings up the clients that match."

"The weakest point of this product is how difficult it is to understand the reasons for an alert. This is a problem because it is hard to determine whether an attack is real or not."

"We have discovered some bugs in the new releases that they've had to fix, so I would like to see more testing and QA on their side before they release."

"In the Windows Defender integration, they have put in a report of computers that need Windows Defender updates. If those updates could be kicked off directly from the dashboard, instead of having to go to another system entirely, that would be good."

"If anything, tech support might be their weakest link. The process of getting someone involved sometimes takes a little time. It seems to me that they should have all the data they need to let me know whether an alert is legitimate or not, but they tend to need a lot of information from me to get to the bottom of something. It usually takes a little longer than I would expect."

"It would be useful for them if they had some kind of network discovery. That kind of functionality I think would give IT administrators a little bit more confidence that they have 100 percent coverage, and it gives them something to audit against. Network discovery would be one area I would definitely suggest that they put some effort into."

"Right now, it's just their auto-update feature. I know they are currently working on that. When they release a new version of the threat prevention platform, I do have to update that, rolling out to every computer. They have said, "From version 5, you would be able to do an auto-update." While this is very minor, that is the only thing that I would say needs to be upgraded. It would just make life a lot easier for other IT teams. However, I have simplified the process, so all I need to do is just download one file."

"We wanted to have multi-tenants in their cloud platform, so every entity can look into their own systems and not see other systems in other entities. I have a beta version on that now. I would like them to incorporate that in the cloud solution."

More Morphisec cons

"In our reporting, we faced a challenge syncing with cloud devices."

"Qualys could improve by enhancing its dynamic tagging and role-based access control features, and by refining its user interface for a more intuitive and efficient user experience."

"In my opinion, the area that needs improvement is the role-based access control (RBAC). The access privilege management needs to be more robust and streamlined to enhance user access management."

"We have had challenges modifying the agent configuration. Particularly, when we want to change the tenant that the agent is pointing to, we have had difficulties making that reliable and working properly."

"Further research and development are needed to enhance integration with other cloud agents and products, particularly improving communication with external products and vendors."

"Qualys CSAM is not super responsive, and there can be delays sometimes, especially with the network passive sensor. You might see duplicate objects which eventually disappear but it takes time. If that can be done faster, it will be great."

"It is automatically exporting the vulnerabilities and the assets. However, it would be useful to have the ability to select or to filter which we would like to export."

More Qualys CyberSecurity Asset Management cons

Pricing and Cost Advice

"Compared to their competitors, the price of Morphisec is not that high. You can easily deploy it on a large-scale or small-scale network."

"Licenses are per endpoint, and that's true for the cloud version as well. The only difference is that there is a little extra charge for the cloud version."

"The pricing is definitely fair for what it does."

"It is an annual subscription basis per device. For the devices that we have in scope right now, it is about $25,000 a year."

"Morphisec is reasonably priced because our parent company's other subsidiaries use different products like CrowdStrike. CrowdStrike is four or five times more expensive than Morphisec. The competitive pricing saves us money in our overall security stack."

"Our licensing is tied into our contract. Because we have a long-term contract, our pricing is a little bit lower. It is per year, so we don't get charged per endpoint, but we do have a cap. Our cap is 80 endpoints. If we were to go over 80, when we renewed our contract, which is not until three years are over. Then, they would reevaluate, and say, "Well, you have more than 80 devices active right now. This is going to be the price change." They know that we are installing and replacing computers, so the numbers will be all over the place depending on whether you archive or don't archive, which is the reason why we just have to keep up on that stuff."

"We are still using a separate tool. I know for our 600 or I think we're actually licensed for up to 700 users, it runs me 23 or $24,000 a year. When you're talking to that many users plus servers being protected, that's well worth the investment for that dollar amount."

"Price-wise, it's on the higher side. A traditional antivirus solution is cheaper, but in terms of security and manageability, its ROI is better than a traditional antivirus. I would recommend it to anybody evaluating or considering an antivirus solution. If your system gets compromised, the cost of ransom would be a lot more. This way, it saves a lot of cost."

More Morphisec pricing and cost advice

"The cost for Qualys CyberSecurity Asset Management is high."

"Qualys is competitively priced for its features. Its pricing is suitable for large organizations with more than 4,000 assets, but for smaller organizations with few assets, such as banks, the costs might be high. They should come up with packages that are suitable for small organizations."

"Qualys offers excellent value for money."

"It is cost-effective because, in a single tool, we are getting everything. All the solutions come in a single license or price."

"Though the solution is considered expensive, if bundled with other services such as VMDR or cloud agents, its value would significantly increase. It is currently a bit costly, but with bundling, it could become attractive to more customers."

"The pricing is market-competitive."

"The pricing is fair. I would love to see the price come down a little bit, but we do get a lot of value out of it. We are squeezing every ounce of value we can out of the tool."

"The pricing for Qualys CSAM is nominal."

More Qualys CyberSecurity Asset Management pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.

See recommendations

831,020 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

12%

Outsourcing Company

12%

Manufacturing Company

12%

Financial Services Firm

11%

Computer Software Company

24%

Financial Services Firm

14%

Government

10%

Retailer

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

What do you like most about Morphisec Unified Threat Prevention Platform?

Morphisec's in-memory protection is probably the most valuable feature because it stops malicious activity from occurring. If something tries to install or act as a sleeper agent, Morphisec will de...

See all answers

What is your experience regarding pricing and costs for Morphisec Unified Threat Prevention Platform?

Morphisec is reasonably priced because our parent company's other subsidiaries use different products like CrowdStrike. CrowdStrike is four or five times more expensive than Morphisec. The competit...

See all answers

What needs improvement with Morphisec Unified Threat Prevention Platform?

We have discovered some bugs in the new releases that they've had to fix, so I would like to see more testing and QA on their side before they release.

See all answers

What is your experience regarding pricing and costs for Qualys CyberSecurity Asset Management?

The Qualys Cybersecurity Asset Management pricing is well-aligned with our usage.

See all answers

What needs improvement with Qualys CyberSecurity Asset Management?

In my opinion, the area that needs improvement is the role-based access control (RBAC). The access privilege management needs to be more robust and streamlined to enhance user access management. Ad...

See all answers

What is your primary use case for Qualys CyberSecurity Asset Management?

We use Qualys CSAM for information related to EOL and EOS applications. For the machines connected to Qualys CSAM, we have information about the serial number and hardware ID. We have some integrat...

See all answers

Comparisons

CrowdStrike Falcon vs Morphisec

Compared 35% of the time

Code42 Incydr vs Morphisec

Compared 13% of the time

SentinelOne Singularity Complete vs Morphisec

Compared 12% of the time

Halcyon vs Morphisec

Compared 8% of the time

More Morphisec Competitors

Amazon Inspector vs Qualys CyberSecurity Asset Management

Compared 20% of the time

Armis vs Qualys CyberSecurity Asset Management

Compared 19% of the time

Microsoft Defender External Attack Surface Management vs Qualys CyberSecurity Asset Management

Compared 17% of the time

Tanium vs Qualys CyberSecurity Asset Management

Compared 10% of the time

Mandiant Advantage vs Qualys CyberSecurity Asset Management

Compared 5% of the time

More Qualys CyberSecurity Asset Management Competitors

Product Reports

Buyer's Guide

Morphisec

December 2024

Download Morphisec product report

Buyer's Guide

Qualys CyberSecurity Asset Management

December 2024

Qualys CyberSecurity Asset Management report

Download Qualys CyberSecurity Asset Management product report

Also Known As

Morphisec, Morphisec Moving Target Defense

No data available

Learn More

Morphisec

Qualys

Overview

Morphisec integrates seamlessly with platforms like Microsoft Defender, offering signatureless protection against zero-day threats and ransomware. It enhances existing endpoint solutions with minimal maintenance through its set-and-forget deployment, providing heightened security and reduced false positives.

Morphisec strengthens defense strategies by merging memory morphing and signatureless protection to effectively block zero-day attacks and ransomware. It operates efficiently within existing infrastructure, reducing system impact and maintenance needs. Users find its full visibility dashboard invaluable. Despite its strengths, cloud deployment and reporting features can be improved. Stability, alerts, and integration with other systems pose challenges for users, impacting usability and support quality.

What are Morphisec's key features?

Seamless Integration: Works with Microsoft Defender for comprehensive dashboard visibility
Memory Morphing: Hides processes to reduce attack surfaces
Signatureless Protection: Prevents threats without impacting performance
Automatic Threat Blocking: Uses inbuilt intelligence to detect risks
Set-and-Forget Deployment: Simplifies management and reduces maintenance

What benefits should users consider in reviews?

Quick Deployment: Fast setup without disrupting operations
Enhanced Protection: Provides an additional defense layer against advanced threats
Cost-Effectiveness: Works with existing licenses, minimizing extra investments
Improved Compatibility: Integrates smoothly with current antivirus systems
Minimal System Impact: Operates efficiently without overloading resources

In security-focused industries, Morphisec is crucial for protecting workstations and servers against sophisticated attacks like ransomware. Its signatureless technology offers early threat detection, while compatibility with existing systems ensures seamless integration, providing advanced protection without additional licensing costs.

Qualys CyberSecurity Asset Management provides advanced real-time asset visibility, dynamic tagging, and External Attack Surface Management. It streamlines asset discovery and management using cloud agents and IP-based scanning, enhancing risk management and software lifecycle tracking.

Qualys CyberSecurity Asset Management offers a comprehensive solution for managing asset inventories and tracking software lifecycle states. It facilitates network visibility and supports zero-day vulnerability solutions, enhancing security posture through efficient monitoring. Users benefit from its cloud-based interface, which provides in-depth asset configurations and insights. Key features include automated vulnerability scanning and unauthorized software management, reducing manual efforts. The platform also emphasizes the importance of timely remediation and ongoing risk mitigation across multiple environments. Despite its strengths, users note the need for enhanced integration with additional CMDBs beyond ServiceNow, as well as cost efficiency improvements. Requests also include better report customization, more scan control, and a simplified UI.

What are the key features of Qualys CyberSecurity Asset Management?

Real-time Visibility: Offers continuous insight into asset status and condition.
Dynamic Tagging: Allows for flexible organization and assessment of assets.
External Attack Surface Management: Identifies potential threats from external sources.
Automated Vulnerability Scanning: Reduces manual scanning efforts and identifies vulnerabilities instantly.
Unauthorized Software Management: Detects and manages software not approved for use.
Asset Purge Rule: Automates the removal of obsolete assets from the inventory.

What benefits should users look for in reviews?

Enhanced Security Posture: Gains stronger defense through effective asset monitoring.
Efficient Risk Management: Identifies threats quickly, enabling timely resolutions.
Improved Compliance: Assists in meeting industry standards and regulations.
Reduced Manual Effort: Automates repetitive tasks, saving time and resources.
Comprehensive Insight: Provides detailed data for informed decision making.

In industries like finance, healthcare, and manufacturing, Qualys CyberSecurity Asset Management enhances asset control by offering visibility into hardware and software configurations. It aids in maintaining security compliance and identifying unauthorized software, crucial for sectors with strict regulatory requirements.

Sample Customers

Lenovo/Motorola, TruGreen, Covenant Health, Citizens Medical Center

Information Not Available

Buyer's Guide

Morphisec vs. Qualys CyberSecurity Asset Management

January 2025

Free Report: Morphisec vs. Qualys CyberSecurity Asset Management

Find out what your peers are saying about Morphisec vs. Qualys CyberSecurity Asset Management and other solutions. Updated: January 2025.

DOWNLOAD NOW

831,020 professionals have used our research since 2012.

See our Morphisec vs. Qualys CyberSecurity Asset Management report.

See our list of best Vulnerability Management vendors.

We monitor all Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.