Try our new research platform with insights from 80,000+ expert users

Morphisec vs Qualys CyberSecurity Asset Management (CSAM) comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 9, 2024
 

Categories and Ranking

Morphisec
Ranking in Vulnerability Management
28th
Average Rating
9.2
Number of Reviews
21
Ranking in other categories
Endpoint Protection Platform (EPP) (44th), Advanced Threat Protection (ATP) (24th), Endpoint Detection and Response (EDR) (33rd), Cloud Workload Protection Platforms (CWPP) (18th), Threat Deception Platforms (10th)
Qualys CyberSecurity Asset ...
Ranking in Vulnerability Management
14th
Average Rating
9.0
Reviews Sentiment
7.8
Number of Reviews
12
Ranking in other categories
Patch Management (9th), Cyber Asset Attack Surface Management (CAASM) (4th), Attack Surface Management (ASM) (5th), Software Supply Chain Security (7th)
 

Featured Reviews

Islam Shaikh - PeerSpot reviewer
Oct 19, 2022
Lightweight, detects everything quickly, and takes corrective action
We sometimes have to depend on the support team to know what action we should take. If the solution for an alert can be built into the report that we are getting, it will save time, and the interaction with support would be less. At times, corrective action is required, but at times, we don't need to take any action. It would be good if we get to know in the report that a particular infection doesn't require any action. It will save us time and effort. Other than that, nothing else is required. They have taken care of everything. We are getting alerts, and we can have multiple admins. We get a good model with this view.
Brad Mathis - PeerSpot reviewer
Jun 10, 2024
Improves visibility, reliability, and scalability
The external attack surface management identified unexpected assets, suggesting some exist outside our known inventory. While these may not be directly managed by us, the process has brought valuable awareness to the fact that our core servers are externally hosted, prompting a review of similar situations. An external attack surface management scan revealed several outsourced name services, along with one unexpected third-party-linked IP. It's unclear if this was due to past consulting work or a registration error, but since it wasn't relevant to our company, it was easily excluded from future scans. The benefits of Qualys CyberSecurity Asset Management are immediate. We already had the cloud agents installed. They were already on all the servers and workstations. Once we upgraded from the VMDR included GAV (Global AssetView) to CSAM, it was no time before I could see the end-of-life, end-of-service software, and hardware. In addition to vulnerabilities, CSAM provides a better view of other risk factors, but VMDR is very powerful. VMDR was already seeing our limitations in hardening our vulnerabilities. CSAM enhanced our view by adding more visibility and insight into what we have. TruRisk scoring goes beyond traditional vulnerability scoring like CVSS to prioritize both vulnerabilities and assets based on real-world exploitability and industry targeting. This provides a clearer picture of our actual risk by considering factors like published exploits and what attackers are currently focusing on, allowing us to quickly identify critical issues and avoid wasting time on vulnerabilities with a high theoretical risk but low real-world threat. Qualys Cloud Agents can now be configured as passive sensors to discover all devices on our network in real-time, eliminating the requirement for separate virtual or physical passive sensor appliances. These cloud agent sensors monitor network broadcasts instead of egress traffic, and they can even designate a secondary sensor to take over if the primary becomes unavailable, ensuring continuous asset discovery and populating our CSAM platform with managed and unmanaged devices.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The simplicity of the solution, how easy it is to deploy and how small it is when deployed as an agent on a device, is probably the biggest aspect, given what it can do."
"The biggest feature is that it hides everything from your operating system that's running in-memory from anything to try to run against it. That's the most unique thing that's on the market. There's nothing else out there that's quite like that. That's a big selling point and why we went with it. It does exactly what the design does. If you can't find it, you can't execute against it."
"Morphisec has enabled us to become a lot less paranoid when it comes to staff clicking on things or accessing things that they shouldn't that could infect the whole system. Our original ransomware attack that happened came from someone's Google drive and then just filtered on through that. It has put our minds at ease a lot more in running it. It's also another layer of security that has been proven to be effective for us."
"All the alerts are on the dashboard, which is quite simple and useful for us. You can easily check all the alerts that are being blocked or allowed, or whatever the action is. You can easily see that and you can take the necessary actions. You can add a PowerShell extension or any activities for blocking at your network level or for endpoints."
"Since using Morphisec we have seen a downturn in attacks because Morphisec protects us versus Defenders and whatnot that are signature-based. I know we have not had any issues with ransomware or other zero-day attacks that we've seen with machines that, all of a sudden, have become before we instituted the product. Now the machine had to be re-imaged and there was a loss of data because something was on the machine. You couldn't really determine what was on the machine because nothing was picking it up. The products we were using weren't picking it up."
"Morphisec Guard enables us to see at a glance whether our users have device control and disk encryption enabled properly. This is important because we are a global company operating with multiple entities. Previously, we didn't have that visibility. Now, we have visibility so we can pinpoint some locations where there are machines that are not really protected, offline, etc. It gives us visibility, which is good."
"Morphisec makes it very easy for IT teams of any size to prevent breaches of critical systems because of the design of their tool. When we evaluated Morphisec, the CIO and I sat and listened. What attracted us to them is the fact that it stops activity at the point of detection. That saves a lot of time because now we are not investigating and trying to trace down what to turn off. We have already prevented it, which makes it very much safer and more secure."
"Morphisec's in-memory protection is probably the most valuable feature because it stops malicious activity from occurring. If something tries to install or act as a sleeper agent, Morphisec will detect and stop it."
"My favourite feature of Qualys CyberSecurity Asset Management is its ability to target missing software."
"Qualys CyberSecurity Asset Management offers comprehensive features to cover our entire attack surface."
"With Qualys CSAM, we can see which assets have critical application vulnerabilities. This feature helps us prioritize and address these vulnerabilities more efficiently."
"Qualys CyberSecurity Asset Management offers valuable features such as continuous vendor support, rapid response times, dedicated vendor partnerships, and advanced technical capabilities for risk identification."
"Qualys CSAM is valuable for providing end-of-life and end-of-sale information. It gives me visibility into the number of products or hardware items that are end-of-life."
"The most valuable feature is the real-time visibility Qualys CyberSecurity Asset Management provides into all assets across our development and operational environments."
"Tags are very useful for us since we can tag virus applications in infrastructure types such as databases, operating systems, or web platforms."
"Our favorite features are the tagging and the ability to quickly find assets in the portal."
 

Cons

"We have discovered some bugs in the new releases that they've had to fix, so I would like to see more testing and QA on their side before they release."
"The dashboard is the area that requires the most improvement. We have about, I would say 5,500 computers currently, and searching through all of those takes some time to filter. So as soon as you apply the filter, it takes a few seconds. It crunches, it thinks, and then it brings up the clients that match."
"We started in the Linux platform and we deployed to Linux. The licensing of that has been kind of confusing between Linux licensing and Windows licensing. The overall simplicity of licensing or offering an enterprise license to just cover everything and then we don't have to count needs improvement."
"We have only had four attacks in the last year, "attacks" being some benign PDF from a vendor that, for some reason, were triggered. There were no actual attacks. They were just four false positives, or something lowly like adware. There have been false positives with both the on-premises solution and the cloud solution."
"It would be useful for them if they had some kind of network discovery. That kind of functionality I think would give IT administrators a little bit more confidence that they have 100 percent coverage, and it gives them something to audit against. Network discovery would be one area I would definitely suggest that they put some effort into."
"It might be a bit much to ask, but we are now beginning to use Morphisec Scout, which provides vulnerability information. At this time, it's recognizing vulnerabilities and reporting them to us, but it's not necessarily resolving them. There's still a separate manual process to resolve those vulnerabilities, primarily through upgrades. We have to do that outside of Morphisec. If Morphisec could somehow have that capability built into it, that would be very effective."
"The only area that really needs improvement is the reporting functionality. Gathering the detailed information that is in the system for an executive, or for me as a director, could be better. Some of the interface and reporting aspects are a little bit dated. They're working on it."
"We wanted to have multi-tenants in their cloud platform, so every entity can look into their own systems and not see other systems in other entities. I have a beta version on that now. I would like them to incorporate that in the cloud solution."
"Currently, whenever the agent is running, it consumes over ten percent of my CPU, indicating that CPU consumption is another area Qualys needs to address."
"One improvement that they can make in the EASM module is the scan frequency. After EASM is configured the first time, it allows you to do the complete configuration, but if you want to reconfigure it, it will not ask or provide any option for scan frequency. For that, you need to raise a case with Qualys and talk to the Qualys team."
"Further research and development are needed to enhance integration with other cloud agents and products, particularly improving communication with external products and vendors."
"In our reporting, we faced a challenge syncing with cloud devices."
"All required features are available in Qualys CSAM. However, it would be helpful if Qualys CSAM started incorporating AI models. An inclusion of threat details for AI and LLM-related risks would be beneficial."
"The only minor issue is occasionally being redirected to multiple teams, causing slight delays."
"Qualys CyberSecurity Asset Management could be more cost-effective by offering a lower price point or integrating with existing VMDR features."
"Qualys CSAM is not super responsive, and there can be delays sometimes, especially with the network passive sensor. You might see duplicate objects which eventually disappear but it takes time. If that can be done faster, it will be great."
 

Pricing and Cost Advice

"We are still using a separate tool. I know for our 600 or I think we're actually licensed for up to 700 users, it runs me 23 or $24,000 a year. When you're talking to that many users plus servers being protected, that's well worth the investment for that dollar amount."
"It does not have multi-tenants. If South Africa wants to show only the machines that they have, they need their own cloud incidence. It is not possible to have that in a single cloud incidence with multiple tenants in it, instead you need to have multiple cloud incidences. Then, if you have that, it will be more expensive. However, they are going to change that, which is good."
"Licenses are per endpoint, and that's true for the cloud version as well. The only difference is that there is a little extra charge for the cloud version."
"Our licensing is tied into our contract. Because we have a long-term contract, our pricing is a little bit lower. It is per year, so we don't get charged per endpoint, but we do have a cap. Our cap is 80 endpoints. If we were to go over 80, when we renewed our contract, which is not until three years are over. Then, they would reevaluate, and say, "Well, you have more than 80 devices active right now. This is going to be the price change." They know that we are installing and replacing computers, so the numbers will be all over the place depending on whether you archive or don't archive, which is the reason why we just have to keep up on that stuff."
"Price-wise, it's on the higher side. A traditional antivirus solution is cheaper, but in terms of security and manageability, its ROI is better than a traditional antivirus. I would recommend it to anybody evaluating or considering an antivirus solution. If your system gets compromised, the cost of ransom would be a lot more. This way, it saves a lot of cost."
"It is priced correctly for what it does. They end up doing a good deal of discounting, but I think it is priced appropriately."
"Morphisec is reasonably priced because our parent company's other subsidiaries use different products like CrowdStrike. CrowdStrike is four or five times more expensive than Morphisec. The competitive pricing saves us money in our overall security stack."
"The pricing is definitely fair for what it does."
"Qualys offers excellent value for money."
"The pricing for Qualys Cybersecurity Asset Management is reasonable, with an annual subscription costing around $1,000 per year or a monthly subscription starting at approximately $72 per month, depending on the specific package and features included."
"Qualys CyberSecurity Asset Management can be expensive, especially if we already have VMDR."
"The cost for Qualys CyberSecurity Asset Management is high."
"It is cost-effective because, in a single tool, we are getting everything. All the solutions come in a single license or price."
"Qualys is competitively priced for its features. Its pricing is suitable for large organizations with more than 4,000 assets, but for smaller organizations with few assets, such as banks, the costs might be high. They should come up with packages that are suitable for small organizations."
"The pricing is fair. I would love to see the price come down a little bit, but we do get a lot of value out of it. We are squeezing every ounce of value we can out of the tool."
report
Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
815,209 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
16%
Manufacturing Company
12%
Computer Software Company
11%
Outsourcing Company
9%
Computer Software Company
23%
Financial Services Firm
10%
Government
10%
Retailer
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Morphisec Unified Threat Prevention Platform?
Morphisec's in-memory protection is probably the most valuable feature because it stops malicious activity from occurring. If something tries to install or act as a sleeper agent, Morphisec will de...
What is your experience regarding pricing and costs for Morphisec Unified Threat Prevention Platform?
Morphisec is reasonably priced because our parent company's other subsidiaries use different products like CrowdStrike. CrowdStrike is four or five times more expensive than Morphisec. The competit...
What needs improvement with Morphisec Unified Threat Prevention Platform?
We have discovered some bugs in the new releases that they've had to fix, so I would like to see more testing and QA on their side before they release.
What is your experience regarding pricing and costs for Qualys CyberSecurity Asset Management (CSAM)?
It is cost-effective because, in a single tool, we are getting everything. All the solutions come in a single license or price. In my opinion, Qualys is one of the best solutions available in the m...
What needs improvement with Qualys CyberSecurity Asset Management (CSAM)?
In Qualys CSAM, there is a module called EASM. One improvement that they can make in the EASM module is the scan frequency. After EASM is configured the first time, it allows you to do the complete...
What is your primary use case for Qualys CyberSecurity Asset Management (CSAM)?
I am working as a senior security analyst. I provide enterprise vulnerability management solutions. CyberSecurity Asset Management helps us categorize all the assets and products. We can see the cu...
 

Also Known As

Morphisec, Morphisec Moving Target Defense
No data available
 

Learn More

 

Overview

 

Sample Customers

Lenovo/Motorola, TruGreen, Covenant Health, Citizens Medical Center
Information Not Available
Find out what your peers are saying about Morphisec vs. Qualys CyberSecurity Asset Management (CSAM) and other solutions. Updated: October 2024.
815,209 professionals have used our research since 2012.