Morphisec Reviews

We are in healthcare and when the pandemic started we were really getting hammered with phishing attacks. Thankfully, none of them really got through or were successful, but the uptick in the attacks made me really concerned about the potential for the results of a successful ransomware attack. 

The way I've set up our world is as a bunch of different layers, from what I consider to be best-of-breed. We have a gateway with one company, we have endpoint protection with another company, we have firewalls and connectivity to the internet handled by another company. We also have a company that monitors all of our logs. On top of that, the last thing that I saw as a big hole in my defense strategy was all these Zero-day attacks that were getting through some of the other products. They hadn't gotten through to us yet, but I had read that it was more and more of a threat. Morphisec is just another layer on top.

Part of the reason I purchased the product is that we are a very bottom-heavy IT organization, in that we have a really strong help desk group. Anything more complicated than help desk is my problem, and I have a lot of other responsibilities besides IT. I count on being able to bring in vendors that are very useful to me to subsidize that.

They have a new deal where things are controlled by their cloud controller, which is on AWS. I updated to that about two months ago. It used to be on-premises but thankfully it's not anymore.

As far as I can tell, in the year that it's been in, it hasn't stopped a significant attack of any kind. But that's not a negative for me. It is helping me to feel comfortable that all the other layers I've put in place in front of it are doing their jobs. It has definitely increased my comfort level that we are doing the utmost to protect the systems here.

Morphisec saves me from paying for a higher-tier license to get visibility into Defender AV alerts. While it doesn't really save me any money, because I didn't think it was worthwhile to have a product to do that on its own, I love that I get that as a benefit from using Morphisec. But I wouldn't have spent the money on something just to show me the Defender alerts.

I really like the integration with Microsoft Defender. In addition to having third-party endpoint protection, we're also enabling Defender, although we haven't rolled it out fully yet; we have had a test environment. I like the reporting that we get from Defender, when it comes in. I like that it's one console showing both Morphisec and Defender where it provides me with full visibility into security events from Defender and Morphisec. With our help desk situation—where it all comes to me, and I'm responsible to make sure that I am seeing anything that could possibly be a problem—having both of those in one location has been very important for me.

Morphisec stops attacks without needing knowledge of the threat type or investigation of security alerts. It absolutely does do that and that's because of the way it looks at an executable when it starts and when it asks for memory. If it asks for a specific piece of memory, then Morphisec says, "Okay, it's over here," but it's not really, and then it watches what it tries to do with that. It knows whether it did something that it shouldn't and it will kill that process in that scenario. It doesn't require foreknowledge of the application to protect you from threats. I've seen it happen because we have some old software that does some squirrely stuff, and we've had to allow it to run anyway. That old software does stuff that you wouldn't expect from modern software. If modern software were to do what that old software does, it would definitely be a threat. So I've seen it in action, but not with a live vulnerability.

We have been using Morphisec for a little over a year, although we purchased it about 15 months ago.

It's been very stable. 

Going back to before I had the cloud controller, I probably had to restart the on-premises controller once a month. I would go in and notice that 50 percent of the machines were reporting as offline. I'd restart the web services and they'd all come back. I got into the habit of regularly restarting my machine. That was definitely a stability issue and I was glad to get out of the on-prem solution, to get rid of that.

Scalability wasn't an issue for me because it took very little effort to get it onto our 1,200 machines. I used a third-party software rollout service and it installed, no problem, and worked. 

I don't think scalability is an issue, especially now that it's in the cloud. The on-prem server was never overwhelmed from a resource standpoint, so I think it would have scaled just fine as an on-premises solution, but in the cloud it obviously has all the resources it needs.

It's on every endpoint we have, but I don't think the users know they're using it. It's just running. As administrator, when there's an alert, I go investigate it. That's pretty much it. I don't have to do any maintenance because we have gone to the cloud solution.

In terms of increasing our usage, I could potentially put it back on those application servers, but it's not worth the fight because the software is relatively old on some of those machines and it gives false positives all the time. It's just easier to not have it on them.

If Morphisec had an integration with those older technologies, I would be interested in using it on them. I'd rather have it on every server, but not having it on those application servers doesn't concern me too much. The end-users really can't do anything but run that specific application on the server. They don't have the freedom to run other processes there.

If anything, tech support might be their weakest link. The process of getting someone involved sometimes takes a little time. It seems to me that they should have all the data they need to let me know whether an alert is legitimate or not, but they tend to need a lot of information from me to get to the bottom of something. It usually takes a little longer than I would expect. The last time they did an investigation, it took about two weeks to decide whether the alert was a false positive or not.

The only thing I was unhappy with was that during the sales process, I thought I was going to be getting a cloud controller. I was very disappointed that I had to build my own controller and operate it. But I don't have to do that anymore. That was the only major issue and they fixed it.

I did not have a previous solution. 

During the process of looking into Morphisec, I sent a couple of the details of some of those Zero-day vulnerabilities to the different companies that I was relying on at the time. I said, "Hey, how does your product protect me from this?" and I got them all to basically admit, "Well, we don't." I got back to Morphisec and they were able to explain how their product would protect us from these types of vulnerabilities, because they were memory attacks, and that's what Morphisec does.

The initial setup, when it was on-prem, was kind of complex. It took half a day of working with someone from Morphisec to get it set up and then four or five follow-up calls to make sure everything was set up right. When we went to the cloud controller, obviously, I had knowledge of how to run the product by then, and it took about an hour to get set up and we were running. It couldn't have been easier. I was very happy with that.

When we rolled it out, we had about 1,200 PCs and endpoints. I put the product on about 50 of them to make sure that everything was fine. We do application publishing and I put it on the application publishing servers immediately but that was not a great idea. Those are the servers that were running that old software that I mentioned, the software that was getting false positives all the time. We ended up not putting it onto those servers, but after those 50 machines ran for a couple of weeks with no issues, we rolled it out to the rest of the endpoints.

We were fully running within a month.

The only third party was the reseller, Softchoice, but they didn't do any of the work, they just sold me the product.

They charge per endpoint, per year. For 1,200 endpoints and another 60 servers, with the cloud subscription included, it was just under $43,000 for the year.

I think there are competing companies now, but I don't think there were when I was first introduced to Morphisec. I was looking for a solution and Morphisec was the one that I found. I didn't find anyone else of consequence advertising they were doing the same kind of process that Morphisec does. And I'm not looking at any competitors right now because I'm happy with Morphisec.

I don't want to think that everything I have put in place is perfect, but we haven't been hacked. I know we are being attacked. I see the logs that show we're probed every day and that we have phishing attacks that come through every day. But we haven't been attacked to a point where Morphisec has been hit as the last line of defense. It's a big deal for me just to have that visibility.

We've had lots of reports of potential threats that Morphisec has handled, but we haven't had a single one, yet, that was a legitimate vulnerability that Morphisec stopped. I don't look at that as a negative at all. I look at it as a positive, that the systems that I have in place are doing their jobs. I really consider Morphisec the last line of defense. That's the way it is set up. Nothing should get to Morphisec if everything else is working. It doesn't bother me at all that we haven't had a significant threat make it to Morphisec. But it's great to know that if one of those was to get through, we have it as an additional line of defense.

When we had it on-premises, it didn't send alerts out, so I would go into it on a regular basis to see if anything needed to be checked out. Now, as of the installation of the cloud version, it actually sends alerts. If I get an alert, I go investigate it.

It also has the potential to save money on my security stack. I'm seriously considering getting rid of our standalone third-party AV scanner, when it's time to renew that next year, and just going with Defender and Morphisec alone. I haven't made that decision yet.

I wouldn't say that Morphisec has reduced the amount of time we spend investigating false positives, because every product I use has the capability of throwing false positives at me. Morphisec does as well and I've had to investigate false positives with it.

I'd be reluctant to give it a 10 out of 10, just because it has never done anything significant. But as far as everything that they've promised and put in place, I would give it a nine. They have followed through on everything they promised. The product is working and supporting me, and like I said, even if it's just proving that everything else I have in front of it is doing its job, that's good enough for me.

If someone has the same kind of systems in place that I had before Morphisec, I would almost say it's a luxury, but it's not really because it helps me sleep at night. If someone has had an attack, that means their current systems aren't cutting it and Morphisec is a great product to have in-house. Morphisec as the last line of defense is as good as you can get. Overall, I'm very happy with the product.

Our primary use case is to protect against ransomware.

We had been hit by ransomware and a couple of our servers went down as a result and some staff computers were affected. We locked everything down very quickly. We were able to restore everything and we didn't lose any data. It took us about eight man-hours to restore the servers, restore services, and get everything back up and running, but it could have been a lot worse than it was. So we looked for a solution that bridged the gap because we have antivirus, we use Microsoft ATP and some other network security measures, but none of them caught it.

We were looking for something that we could layer with security, like what we had preexisting. It turns out it works and integrates very well with Microsoft solutions as well. It bridges that little gap of memory protection that we were looking for to help prevent further ransomware attacks and things like that.

Morphisec has enabled us to become a lot less paranoid when it comes to staff clicking on things or accessing things that they shouldn't that could infect the whole system. Our original ransomware attack that happened came from someone's Google drive and then just filtered on through that. It has put our minds at ease a lot more in running it. It's also another layer of security that has been proven to be effective for us.

It makes use of deterministic attack prevention that requires the investigation of security alerts. We can always see those and investigate further. It is pretty self-contained and automated. We have not had to really go in to investigate really.

This has made our security team's operations a lot easier. Ransomware has been the biggest threat for us. Of course, we get little attacks here and there on other threat vectors, viruses, and other malware that we have to go in and disinfect. But ransomware has not been an issue and we've even gone through and run a couple of simulated tests for ransomware from other companies. None of them have been successful like Morphisec. It just stopped it dead in its track and it was not able to do anything.

Morphisec has reduced the amount of time we spend investigating false positives. I would say by about 5% to 10%. That typically is how many ransomware-type attacks that we see. It's a low number but it's a very destructive number.

Our team's overall workload has also been reduced by about 5% to 10%. That's just for normal detection, looking for these threats, and trying to find out what it is.

Now, if we were to be infected again, it would then be reduced by a lot, just because depending on how far the infection gets, how many man-hours that would be, we know that would be very significant. We've only been hit once in the past by this. And luckily it was pretty minimal, but it could have been very severe, and then it would have really impacted us on man-hours.

It helps us to save money on our security stacks. It's priceless just because if we were to lose all of our data from an attack like that, there would be no way to get it back without paying massive amounts for ransomware. And there's no guarantee that if you pay for the decryption key from whoever's holding your data ransom, that that's even going to work or that you'll get everything back at the end. Morphisec has been a real lifesaver.

It makes it super easy for IT teams of any size to prevent breaches of critical systems. They have a way to mass deploy it on all of our Morphisec clients. It's very easy to manage, very easy to deploy, and it's also very easy to maintain.

The fact that it's able to automatically detect and block ransomware attempts is the most valuable feature. 

The dashboard is the area that requires the most improvement. We have about, I would say 5,500 computers currently, and searching through all of those takes some time to filter. So as soon as you apply the filter, it takes a few seconds. It crunches, it thinks, and then it brings up the clients that match.

Our computers are named and they have a serial number in front of their name. To be able to see who is signed in or who has a computer-based on their Microsoft account, that part is cut off unless you have a larger screen on a tablet. But on your cell phone, there's no way that I can find a scroll over to see who owns that device because the username is just cut off. Besides that, it's a simple interface. It's a simple product that's easy to maintain and manage. There's not a lot that we have to do with it. It just does what it needs to do.

I have been using Morphisec for close to a year. 

In terms of stability, so far it's worked great. It's been very stable, with no problems, and it continues to be effective so far. If for any reason, we get ransomware infection in the future, we'll know that there's a problem, but so far it's been good. All of the tests that we've run with ransomware simulated software from other vendors have all failed.

Scalability is very easy. It's not a problem. If you have the means to remotely deploy the client to all of your computers, scalability seems so far infinite, it's not a problem. If you can afford the budget for all your computers then you're good.

We are right around 5,000 or 5,500 users and their roles are anywhere from student to staff members, to administrators, and even our board of directors use it. Everyone has it. All of our computers are deployed by us. So everyone gets a computer, whether it's a student or a staff member, it's not on personal devices.

Every one of our computers is using it. All of our servers are using it. It's pretty extensive in how we're using it in that sense. But it's really just toward the ransomware side.

We used technical support only for the deployment or the migration from on-prem to the cloud. We've been having to deal with them on what steps we need to take and what we need to do to make it work. They made sure that it's a smooth transition, that we don't leave anything exposed as we're moving from one to the other, but that's it.

Support is pretty good for the most part, once in a while though, just because of their accent, it's kind of hard to understand them. We in particular had one tech that we were speaking to about the migration portion of it. There were three of us sitting in on that meeting and none of us could really understand or comprehend what he was trying to convey. It was not an issue with everyone else that we had dealt with.

We were using another solution that wasn't necessarily specific to ransomware. We were using Microsoft ATP in conjunction with Sentinel. We were starting to deploy Sentinel as well, which is also Microsoft's product, and trying to tie everything together, to make it more robust, but they did not have anything that dealt with the memory type encryption that Morphisec uses to help protect against those types of infections that ransomware often exploits. We didn't have anything specific to ransomware other than Microsoft's ATP and it does not catch everything.

But we still run ATP anyway. It ties in with Morphisec very well, even within the Defender dashboard, you can punch in your key and it will bring it up and give you some more information about it, making sure that they play well together. It literally bridges a gap that Microsoft ATP has.

The initial setup was very straightforward, especially for self-hosting. One thing to note is that we're currently looking to move to their cloud-hosted system and move away from the on-prem. That is proving to be so far a little more complicated to move from one to the other, at least from on-prem to the cloud. But not impossible. There are a lot more steps and processes to getting everything migrated over. We have to push out a new client to all of our client computers.

The deployment was a matter of a couple of hours once they provisioned the license and everything for us and provided us with everything. We were able to spin up a virtual machine to install everything on, open up the ports that were necessary, which were very easy. Then we just push out the client to all of our devices. We use a combination of Intune and SmartDeploy for remote imaging to push the software out to everybody. Once that was done, we plugged the license key into our Microsoft ATP, just for the integration of that. And that was it. It was up and running and good to go.

We tested it on just a couple of client computers initially, and then one test virtual machine for our servers. Once everything was looking like it was fine, then we just went ahead and pushed out to everything. There were no conflicts, there were no problems. Nothing came up as a red flag. Nothing got blocked that shouldn't have been. It went nice and smooth.

It took two of us to get this done, and that was our systems admin who deals with our servers and a lot of our client computers and then myself, which I handled the networking side, like opening up ports, making sure all the IP addresses were correct. 

We went directly through Morphisec. I don't think we had a third party or a vendor for the implementation.

We absolutely saw ROI. We did not pay that much for the licensing. It was very affordable. The peace of mind and not having to deal with or worry about as much as we did in the past about ransomware attacks, and just knowing that we're pretty well covered for the most part is ROI.

It is a very cost-effective solution. It's very affordable for what we're having to use Morphisec for.

It's extremely affordable for what it does, at least the product that we're using through Morphisec. I know that they have a few others that we're not using, but we don't need it. They did provide us with educational pricing as well. They were very flexible because we deployed it during COVID times and a lot of people were getting hit more and more with ransomware. And so they were also very flexible in what they were able to provide for the price. They understood that our budget was being cut because we had lost a lot of students as a result of COVID. They really worked with us, which was great. 

The licensing is also very fair. It's per device. So it was also very easy.

It's just a year-to-year license that we are paying for. There's nothing hidden, no extra charges that were unexpected or anything like that. It was very straightforward.

We looked at a couple of solutions and it would have been a full deployment where we would have to install their entire antivirus line on the product. They didn't have anything that just handled what Morphisec does. It would be a full product suite. We'd have to deploy that to everybody. We would have to ditch Microsoft ATP, which, again, we get free because we are Microsoft partners in education so it's included with our licensing of Office 365. And it would have been a lot more expensive to go a different route than what we found in the end.

My advice would be to make sure that if there are a lot of computers, especially if they're remotely distributed, make sure they have some sort of solution to easily push out and deploy it to multiple clients. That's probably the biggest hurdle that I think a lot of people would have. And we had two solutions already in place for us in the past that worked and that were compatible. The nice thing is that they were able to provide a Microsoft MSI Installer so that you can even have it so that it pre deploys it while you're imaging your computers if you're using Microsoft for imaging. It's the same thing if you're using Intune through Microsoft.

We've always been looking for something that would help to protect more against ransomware in our case. And this was it. This is the best solution that we found that worked for us.

I would rate it a ten out of ten. My only complaints are the dashboard and that's not even terrible. It still works. You just have to be a little patient.

We purchased Morphisec primarily to help mitigate and protect us against Ryuk ransomware back in December when that was running really rampant. The antivirus that we were using at that point was outdated. We were looking to move to a new vendor, and we needed something as a stopgap to supplement our current antivirus. Morphisec fit that bill perfectly. It had features that our antivirus did not. It had an immediate deployment and immediate return on investment that we just would not be able to get if we were to turn around and try to deploy a full-blown antivirus across the entire environment. Morphisec was quick, simple, and did not conflict with anything that we already had. It also did not cause any additional delays in our virtualized environment, which was a huge concern for our infrastructure team. It just fit perfectly.

We've detected things that our antivirus was not picking up. We had no visibility or control over anything that was running in process memory. Morphisec immediately started blocking things that should not have been running in process memory. It also gave us visibility into the Windows Defender antivirus that we did not have without increasing our Microsoft licensing and gave us some basic control over Defender as well. We previously used McAfee.

The fact that Morphisec uses deterministic attack prevention that does not require human intervention has affected our security team's operations by making things much simpler. We don't have to really track down various alerts anymore, they've just stopped. At that point, we can go in and we can clean up whatever needs to be cleaned up. There are some things that Morphisec detects that we can't really remove, it's parts of Internet Explorer, but it's being blocked anyway. So we're happy with that.

It's very important to us that it offers visibility into and control over Windows 10, native device control, disc encryption, and personal firewall. We're actually in the process now of deploying the control over the firewall so that we can consolidate to a single pane of glass for our antivirus and controls. It will help us through leveraging group policy, which can fail, especially if the machine drops off of the domain, we have a significantly larger remote than we did a year ago. We have machines that don't necessarily get the policies they need to get when they need to get them. Morphisec fixed that.

The level of control from Morphisec Guard compared to Windows 10 Native Security tools is a bit more basic than the Windows 10 Native Controls. You basically enable the firewall or you disable it, based on the various profiles. I have not yet seen a way to create exceptions in the firewall or rules and things like that but those can be pushed through group policy, regardless. As long as the firewall is enabled, it's functioning and it's doing better than if there was no policy applied at all.

Morphisec Guard enabled us to see at a glance whether our users have device control and disk encryption enabled properly. It is especially important with our remote workforce. Disc encryption is an absolute must. And the device control, USB devices, is also an absolute must.

It has reduced the amount of time we spend investigating false positives. It reduced our amount of chasing antivirus alerts by about 80% a week.

Our team's overall workload has also been reduced by about 30% on a weekly basis of our workload, we would spend a lot of time tracking alerts.

It has enabled us to take Morphisec and leverage one product where we would have had to have had at least two previously. I don't really have numbers for what that would look like. We didn't really investigate too many other vendors in that space, but it's probably at least 50% savings over what we would have needed. So it has helped us to save money on our security stack.

Some of the filters for the console need improvement. There are alerts that show up and just being able to acknowledge that we've seen those and not turn them off, but dismiss them, would be a huge benefit.

We've been using Morphisec for about six months now. It is installed on our endpoints and servers. We have a SaaS version of the console.

I've had 100% availability anytime I've needed to go look. I have not had any issues in any of our environments with the agents.

Scalability is very easy. We can just call and say that we need more licenses and they give us more licenses and we can push that agent out. It's the same executable file we have on our file shares. We just expand however many we need, to as large as we want to go.

We have about 8,000 endpoints, 2,500 servers, and 4,000 virtualized desktops.

Our next step would be to purchase the Linux agent and get that on the few Linux servers and appliances that we have.

The technical support has been fantastic. Any feature requests I've had, any issues I've run into, which have been very minimal, they've had an immediate response. Turnaround for feature requests is really, really fast. I've seen it within the next update which they do monthly. They provide great technical support. 

We looked at Bitdefender, Trend Micro, and Microsoft Defender. We are still using Microsoft Defender in conjunction with Morphisec in a small pilot group. We're still evaluating where we want to go for a true antivirus solution. So, we still have a small deployment of Defender.

Deployment was the biggest difference between Morphisec and the other solutions. It was far simpler to deploy Morphisec without having to remove another antivirus, without having to make a large-scale project, or look for compatibility. It works on all supported operating systems. It works in conjunction with other antiviruses. We didn't have to create exceptions and there were no conflicts with the antivirus we were running and Morphisec. So that really helped us make that decision, purchase this, roll it out, and have it supplement our existing technologies. And it gave us an almost immediate return on investment.

The initial setup was very straightforward. We deployed it via group policy. We had it deployed across the entire environment in about three days.

There are no additional costs to standard licensing. We've had full support. I get biweekly calls with my technical account manager and we purchased the licenses for everything we needed for a single cost.

If you have the ability to get Morphisec into their environment, it's going to be a hundred percent return on investment. I would recommend it every time.

If you can, get it and run with it, because it's great. It's been eye-opening, the things that other antiviruses were missing, and we've seen it protect against zero days. We've seen it protect against ransomware that other antiviruses have not even seen.

I would rate Morphisec a ten out of ten. 

We do a multi-layered security approach. Morphisec is really our last layer of defense. It is our insurance policy. So, if a vulnerability gets through the user, network security layer, and antivirus, then Morphisec will then come into the fight.

We have it deployed across all of our workstations and server environments. We have 800 workstation licenses and 75 server licenses. 

Right now, we are using 100% on-prem. We have just converted to Office 365. With that, we will be doing cloud hosting as well

In the last month, we have had two instances that Morphisec stopped, one with Internet Explorer (IE) and the second with another update. We don't know the specific vulnerability that was exploited. We shouldn't be using Internet Explorer here. So, it notified us:

1. We had a user using IE.
2. It prevented something. 

I don't know what vulnerability within IE that it was attacking, but it did go to attack a vulnerability, and Morphisec prevented that.

Morphisec makes use of deterministic attack prevention that doesn’t require investigation of security alerts. It changes the memory locations of where certain applications run. If you think of Excel, opening a PDF, running an Excel macro, or opening a web page and clicking on a link, all of those actions run in a certain area of memory. Morphisec changes the memory locations of where those run. 

If an attack comes in and the hackers are doing a vulnerability on an Excel macro, for example, they know macros are always deployed in a certain area of memory. They write their hacks to that area of memory. Morphisec removes that area of memory and deploys all macros into a different place. When the macro goes to run, it runs in that old area of memory, which no longer is running Excel macros. It basically goes to deploy and blows up, so nothing happens. By morphing the memory location, the hack still gets through, i.e., it doesn't stop the hack from getting through. However, when it goes to run, it doesn't do anything. From that standpoint, it's really looking at: If something happens, it is the last line of defense. 

We have a number of other applications that are more forward-thinking where we are looking at logs and training people as well as doing network security. But if a hacker actually gets through all of those different protocols and goes to deploy a vulnerability or malicious piece of code, it will deploy but not do anything. The reason it won't do anything is because Morphisec has moved that process to a different area. So, it is really after the fact. 

Morphisec is really good about sending us alerts of security incidents that have happened in the world, saying, "Okay, here is an incident that is happening. It is a zero-day and Morphisec protected it in our labs." They send those out as they come up. I usually get one a week. 

We heard there was a company that had deployed Morphisec on most of their servers, but not all of their servers. They actually got hit by a hacker. All of their servers that had Morphisec running were 100% protected. All of the servers that did not have Morphisec got hit. From my standpoint, we have Morphisec across the board. We are acquiring a few other companies, and one of the first things that we are doing is deploying Morpiesec to all the servers and workstations in those other companies.

What it does is valuable. A vulnerability might be able to potentially get through and still not be able to run. This is not a question of "If," but a question of "When" someone will get through. If they do get through into our environment, we are comfortable knowing that our last line of defense is Morphisec. A lot of times, without Morphisec, we wouldn't know until we knew. You either get the encryption or it could take a long time to understand. This solution is more of a peace of mind for us.

Morphisec stops attacks without needing knowledge of the threat type or reliance on indicators of compromise. Their development team has developed the security capabilities over a large number of different vulnerabilities, e.g., Adobe Acrobat or Excel macros. We don't have to be experts on any of these. More importantly, the zero-days concern me. All our other security software says that they can stop zero-day threats, but hackers are really good and this is really profitable for them. When the zero-day threats actually get used, it's nice knowing that we have Morphisec. 

We don't have false positives with Morphisec.

From a company standpoint, a little more interaction with the customers throughout the year might be beneficial. I would like check-ins from the Morphisec account executives about any type of Morphisec news as well as a bit more interaction with customers throughout the year to know if anything new is coming out with Morphisec, e.g., what they are working on in regards to their development roadmap. We tend not to get that up until the time that we go for a yearly renewal. So, we end up talking to people from Morphisec once a year, but it is usually at renewal time.

I tried to sign up for something, but I am still not getting any alerts when Morphisec releases a new version or when our console has been updated. So, I would like to be cognizant when any changes are being made or feature enhancements are added. It would just be helpful to be alerted when that stuff comes out.

Until we migrated to their cloud platform, I wasn't even aware that some of the updates were being pushed out. Then, I came to find out that we were two iterations behind a major release. So, getting those updates or bulletins are very helpful.

If I look at the dashboard, I can see one or two applications hit every once in a while for things like Internet Explorer or some Visual Basic Scripts. I can see that stuff is being prevented, but I don't know exactly if it is securing us in any way that we wouldn't have already had in place. Overall, I don't know 100% if it's increasing our security posture, but it does give us a nice peace of mind.

We have been using it for two years.

It seems very stable and rock-solid because it is not causing any issues.

I don't require any maintenance on our side.

There haven't been any issues with scalability since we have been on the cloud platform. We do not have to maintain the on-premises servers anymore. It is hosted in an AWS environment, which should be pretty easy to deploy once we add more employees.

Our technical resource is the solo admin at this current time. Two other people have access, but there is not much that we look at or review on it. We just make sure it gets deployed on all our endpoints. That is the only thing we really monitor. As for looking at the console, unless there is something that we need to look at, we are not really reviewing it.

We get security bulletins and an email that says, "Hey, this vulnerability just took down whatever company." So, we get technical bulletins that say, "This new zero-day vulnerability just came out, we have tested and stopped it."

The technical support is pretty solid. I did have some issues after we migrated from versions, switching to the cloud version. I ran into a few deployment issues that turned out to be a bad package. They were able to help me with that. They have been pretty good. Anytime I have an issue or question, they are pretty responsive.

Before Morphisec, we did not use anything greater than our normal antivirus or malware protection.

The initial deployment was pretty straightforward. It was basically just following the included documentation and working with the admin at the time. We set up a package to push the install out to all our machines. Then, anything that was outside the default library. I added to the protector plan. Certain applications, like Notepad, weren't included in the original deployment. This is stuff that is specific to our environment, like Power BI.

Our deployment took about two weeks.

My technical resource was the one who implemented Morphisec.

It has given us peace of mind that we won't be on the news. We do a good job with backups, but if we don't have to use them, that is much better. If the federal government and major corporations who have full-on security teams can get hacked and are vulnerable, then I am not going to say we are not vulnerable. So, for us, it is just a question of when. With Morphisec, at least when it does happen, I feel confident that we have in place solutions that will not only prevent it, but also let us know when something has happened.

Morphisec has 100% enabled our team to focus on other responsibilities or affected productivity. It has reduced our workload by one full-time employee. 

Our return on investment is that we haven't needed to have a full-time employee manage it. It hasn't taken away from our other initiatives. Efficiency is really where the savings is. We are getting peace of mind at a decent cost. We can see it working, and it doesn't take full-time resources to manage it.

It is priced correctly for what it does. They end up doing a good deal of discounting, but I think it is priced appropriately.

Through the years, we looked at Darktrace as well as two or three others. They came with astronomical price tags, while I think Morphisec hit the better price point.

It was not just the initial price tag, but the number of people required to manage the solution. On some of the other solutions, we were able to knock down the pricing considerably, but we needed one to two full-time employees, which we don't have, just to manage the solution. With Morphisec, our technical resource is the main person who works on it. He spends less than two percent of his time managing Morphisec. It is plug and play. It doesn't take a lot of resources, which gives us more time savings as well as being more efficient.

Ease of implementation and ongoing management of the solution were the two top priorities. Our secondary priority would have been cost.

Make sure you implement it on all machines, workstations, and servers. Don't buy it and miss some machines.

Morphisec says they haven't been hacked. From the instances that I have seen when doing research, I find that to be true. Time will tell, but so far it has been working for us.

We will be implementing the Morphisec Guard probably next month. We are just rolling out Microsoft Defender right now. We are evaluating it now. I think we have also started replacing our former antivirus. 

Windows Defender and Morphisec go hand in hand, at least from an antivirus standpoint. Morphisec was built to work with Defender, and Defender is a pretty good product. So, that is what we will be using moving forward. From an antivirus standpoint, we just switched our antivirus to Defender within the last month. Between Defender and Morphisec, we don't really have another antivirus need after that.

I would rate this solution as a seven or eight out of 10.

We are using Morphisec on 100% of our endpoints.  The Morphisec protector installation is pretty straightforward, currently using the scripting capabilities of ConnectWise Automate.

Previously, we had a mix of AV and EDR solutions that required a fair amount of management.  Policy management was more complex, and reviewing exception reports was very time-consuming.  Even with this extra effort, we still encountered viruses on a somewhat regular basis. At least once or tiwce a month we would have to work on a machine to remediate it. Since we started using Morphisec, that hasn't happened even once. 

This alone has definitely reduced our team's workload. I would estimate we save between four and ten hours a month previously spent on remediation.

The attack prevention doesn't require investigation into security alerts, although we do periodically look and see what types of things are taking place. Even so, we don't spend a lot of time doing those investigations because the attack has been prevented and we don't see it occur again.

Another benefit, something that is important to me, is that Morphisec Guard enables us to see at a glance whether users have device control and disk encryption enabled properly. We want to make sure that we're properly secured and following best practices. Prior to that information being made available to us through Morphisec, we didn't really have a great way of confirming whether a machine had an encrypted disk or other security features enabled.

The solution also saves us from paying for a higher-tier license to get visibility into our Defender AV alerts. 

The primary feature, of course, is the prevention of Zero-day attacks and other related issues.

It also provides full visibility into security events from Microsoft Defender and Morphisec in one dashboard. We've always had that capability with Morphisec. The more recent version appears to do that even a little bit more natively and it's given us visibility that we didn't have otherwise.

We are now beginning to use Morphisec Scout, which provides vulnerability information. At this time, it is able to recognize vulnerabilities and reporting them to us, but it's not actually resolving them. There's still a separate manual process to resolve those vulnerabilities, primarily through upgrades, which are done outside of Morphisec. It might be a bit much to ask, but if Morphisec could somehow have that capability, either natively or through interactions with an RMM system, that would be very effective.

We have been using the Morphisec Breach Prevention Platform for a little over two years.

It's been very stable, both in terms of Morphisec Guard and the administrative console.

We have one primary, default protection plan that applies to all of our machines, and it does the job very well. It's pretty easy to use the administrative console to check on the status of the protectors. For us, it has been very scalable -- we have 1,200 employees, and Morphisec is on every machine.

I can imagine with more complex environments there might be a need for more varied protection plans, and any limitations of the administrative user interface might be exposed. However, that's not something that has impacted us at all.

I know Morphisec is continuing to evolve and to look for additional ways to be of value to its customers, but in our case, the specific items that we are currently using from Morphisec have already provided great value.

We've only had a few instances where it's been necessary to contact their technical support, but when we have engaged them the support has been very good. We've had good responsiveness and the people we've worked with have been very knowledgeable.

Positive

We previously used more familiar EDR tools like Carbon Black and Sophos.  We still use SentinelOne on a portion of our machines, but we found that Morphisec is so effective that those EDR tools rarely have the opportunity to do the work that they would normally do before Morphisec has already prevented the attack.

Every one of those other solutions required more hands-on management and more direct involvement. With Morphisec, we just make sure it's installed.  With the default policies we have in place, things work well without much additional oversight

There were two factors that occurred simultaneously that drove us to make our initial decision about Morphisec. One was that we were in the middle of a transition from Carbon Black to SentinelOne, and I was concerned that we might encounter circumstances during that transition where we were not fully protected. I considered Morphisec to be a good additional layer. We always strive to have layers of security, and in this case, the additional layer did not negatively impact any of the other security processes we had in place. Since that time, it has been a layer that has proved to be very effective at what it does.

The second factor was that we recognized that Morphisec has a different, complementary approach to how secures our endpoints.  That approach has been very effective in dealing with unknown vulnerabilities.

The setup was fairly straightforward. We were one of the first to use the hosted  cloud instance, so there were some small discrepancies in the documentation that didn't properly recognize our scenario. But I perceive the number of clients using cloud instances has increased dramatically—it may be the norm now for Morphisec customers.  The documentation has definitely improved.

Our implementation strategy was to install it on roughly 10 percent of our environment to assess whether there were any unintended consequences,  such as performance issues. Once we validated both the effectiveness and the low impact on performance, we then deployed it across our entire environment.

The deployment didn't take long, and it went very smoothly. The reporting it provides is very good, giving you a sense of the progress. There was nothing of concern. 

I would note that there have been two different instances where we've had to manually push out significant version updates. We're now working with a version where the agent, the protector, will update itself.  We are interested to see how well this works with the next significant update.

In terms of staff requirements for deployment and maintenance, somebody has to initiate the solution, but it's not a primary role for anybody among our IT employees. We have our basic processes in place to make sure the Morphisec Protector is on every new machine that we deploy. Beyond that, we don't really spend much time looking at any of the incidents that have taken place, or managing the security policies. There is very minimal overhead.

We implemented in-house.  The documentation and the onboarding support made the process very easy to manage.

It is definitely a tool that has saved us enough time and reduced our risk enough that the cost is well-justified.

That elimination of instances where we had to manually remediate machines that were affected by a virus has saved us time. We also don't feel it's quite as necessary to use more expensive EDR solutions on every single machine, and we're just better protected. We haven't had issues where we've had data loss or exfiltration.

I'm not sure if we were an early adopter or not, but we enjoyed very competitive pricing when we began working with Morphisec a couple of years ago.  We've been very happy with the value the service provides.

This is the first year that we've had Morphisec Scout in addition to Morphisec Guard. We are eager to take advantage of the additional capabilities it offers. Of course there is an additional cost associated with Scout, but we feel the value will definitely justify the costs.

We evaluated other next-generation EDR antivirus options, but not any other options like Morphisec. I don't know if there are any security solutions quite like Morphisec.

Defender does well with known vulnerabilities, whereas Morphisec does a job that others can't, with unknown vulnerabilities. The other tools that we have in place, such as our file sharing and email services, do a pretty good job of eliminating the known vulnerabilities from even entering into our environments. But if unknown vulnerabilities are somehow used in an attack, Morphisec has done an excellent job with those attacks.

It just works and it's very easy both to install and manage. I definitely recommend evaluating it. I'm confident that anyone would see the same benefits that we have.

There are two things I've learned from using the solution. One is that their Moving Target Defense is a very unique approach and very effective. It's pretty novel.

The second lesson is the benefit of having that layering. Having Defender and Morphisec has been a really good tandem approach to things. There are a lot of companies out there that may not be comfortable relying on Defender alone, even though it's very effective at managing known attacks. Even in the instances where we're using an EDR, in our case SentinelOne, those Defender and Morphisec layers work really well. We've had good success.

Morphisec does a good job of helping us make sure our endpoints are secure. We've definitely benefited from that. The Morphisec protectors have absolutely done their job. We have not had any instances with viruses, and I would even go so far as to say the EDR tools we have in place have been largely underutilized. They're just sitting there because there really hasn't been much for them to take action on.

We use it for ransomware protection.

It is the first product that we are using globally. Beside that, it is a good security solution. It is good for centralizing our IT, the way we think about security, people, and processes.

Morphisec Guard enables us to see at a glance whether our users have device control and disk encryption enabled properly. This is important because we are a global company operating with multiple entities. Previously, we didn't have that visibility. Now, we have visibility so we can pinpoint some locations where there are machines that are not really protected, offline, etc. It gives us visibility, which is good.

It easily prevents breaches of critical systems. It stops them before you detect them, then you don't have to delve into an attack since it was stopped.

There is no performance degradation on remote working. We work on PDIs at home without any performance degradation, which is great.

The solution provides full visibility into security events from Microsoft Defender and Morphisec in one dashboard. This is important because it is always good to have less dashboards and panes of glass. If it is all in one, then it is so easy to manage, see, and report on it. This makes the world a much easier place. We use this in our South African entity. However, at our HQ and other entities, we do not use Windows Defender. We have another antivirus or endpoint security tool, so that is not in one dashboard, though we are probably going to move to Windows Defender. The single dashboard is a factor in our consideration for moving to Microsoft Defender as well as cost.

We use Morphisec Guard for antivirus first. It offers visibility into and control over Windows 10-native device control, disk encryption, and personal firewalls. It is one of the key features for why we are using it since we are all Windows 10 users. Morphisec Guard is very important.

We wanted to have multi-tenants in their cloud platform, so every entity can look into their own systems and not see other systems in other entities. I have a beta version on that now. I would like them to incorporate that in the cloud solution.

I have been using Morphisec for a year.

It has been very stable.

There are two dedicated IT maintenance, and that's it. We also have other people who are now engaged with the implementation of Morphisec. We also train them on administration tasks, e.g., how to look at the dashboard and see if there are any problems.

Not much maintenance is required. Upgrading and pushing the upgrades to the endpoints is done by Morphisec. We only have to look to see if it works on all our machines. If not, then we contact Morphisec.

It is very scalable.

My company has multiple entities, i.e., multiple suborganizations and locations. One entity can be a location or a geographically dispersed organization.

There are about 3,000 end users who have their own endpoints. We have a large number of servers and are a logistics company. Administrators, operations staff, and clerks all do the same types of tasks.

Morphisec is used for every system in the organization. It is on every system, server, and endpoint. Everybody is using it, not actively, but they have it on their machines.

Every week. I speak with someone from Morphisec. If there is something wrong, I can immediately tell them. Then, in the next meeting, they will provide me with a solution.

Their tech support is very good, understanding, and flexible. They know exactly how to work with different people and cultures. 

Positive

There wasn't a solution like this one, previously. We only had the endpoint security, endpoint protection platforms, EDRs, XDRs, and MDRs, but they don't really have the stuff that Morphisec is doing.

Previously, we didn't investigate false positives. Our company was security immature. If something happened, we didn't investigate it deeply. We just reacted to the fact that something didn't work, then we recovered it and it worked again. Now, we are seeing less false positives using Morphisec.

Our organization is complex and the network is complex, so the initial setup was complex. There was some friction with GPO. We technically implemented it the right way, but it didn't go in automatically. They had to rewrite and recode some parts of it before it could be done automatically.

We are still deploying it. In the end, it has taken more than a year.

We started at HQ and another entity (South Africa), then we wanted to move forward to entities who were in the same network domain as the HQ. We are now in phrase three. It is a global program. We are now implementing, during phase three, in the entities who have their own network structure. 

We worked with Morphisec for deployment and implementation. We worked side by side with Morphisec for many of the problems that we encountered during implementation.

Morphisec has given our security team's operations peace of mind and more time for patching.

In the end, it saves us money on our security stack because we use a very expensive endpoint protection platform. We are planning on moving towards Office 365, then having Windows Defender integrated into that so we can save money on our endpoint protection.

We are paying per endpoint/machine. We have a two-year contract with Morphisec.

We have had some additional costs because of their cloud. We have needed to make some changes within the cloud environment of the Morphisec tooling, which have added some additional costs.

It does not have multi-tenants. If South Africa wants to show only the machines that they have, they need their own cloud incidence. It is not possible to have that in a single cloud incidence with multiple tenants in it, instead you need to have multiple cloud incidences. Then, if you have that, it will be more expensive. However, they are going to change that, which is good.

We evaluated other solutions, but they were quite expensive nor did they do what Morphisec does.

Morphisec Guard has more control than Windows 10-native security tools. For example, with Windows Defender, you can configure it, but you don't have a dashboard. Monitoring with it is a bit difficult. It is better with Morphisec Guard. However, Morphisec combines well with Windows Defender.

I am quite happy with the way they perform, providing us with information, new possibilities, and new features. My advice, "Just do it," if you are looking at implementing this solution.

Morphisec makes use of deterministic attack prevention that doesn’t require investigation of security alerts. If you want, you can deep dive into an attack, but you don't need to. In the future, we may have more security personnel and want to deep dive into an attack to see where it happened, what happened, and learn from it. Then, maybe we can have some other controls in place in other areas of our IP environments. Because of the deep dive and benefit analysis, it is good. However, we don't do that now.

The solution has added some workload because there previously wasn't a security team in place. Now, with the focus on security getting higher, the board of directors wanted to have some more security in place. One of the first tools that we bought was Morphisec, besides endpoint protection, antivirus, and firewalls. Our dedicated security tooling was Morphisec. It added focus in the company on security. Also, some people are busy with security now, besides their normal jobs. 

If we have more machines, then we will definitely increase usage. Also, Linux is now out of scope because they don't have it in their suite yet. If this is added into their suite, then we could have Linux protection as well.

Biggest lesson learnt: It is quite difficult to have an organization with a lot of complexity in their networking as well as differences in the way the network is architectured. It is always more difficult than you think. 

I would rate this solution as nine out of 10.

Our use case is to augment our antivirus software that's on our endpoints to go in tandem with Microsoft Defender. It's also going on our Windows and Linux servers as well. 

Morphisec has helped us in our deployment strategy of endpoints and keeping a good inventory of our assets. We do that with Defender, but this is another tool to help us know what assets we have deployed, the ones that Defender doesn't always cover. 

If Defender is turned off somehow and Morphisec is on then we can investigate. Or the other way around, if Defender's on and Morphisec is not installed, we can have it installed. It does checks and balances on our deployment so we're not left with an endpoint that's unprotected.

The ability to stop attacks without having to detect or have a signature for the attack is the most valuable feature. It's just a different way of stopping attacks, by defeating it at the endpoint before any damage is done.

Morphisec provides full visibility into security events from Microsoft Defender and Morphisec in one dashboard. Defender and Morphisec are integrated. It's important because it lowers the total cost of maintenance on the engineer's time. The administrative time is dramatically reduced in maintaining the product and saves an engineer around four to five hours a week.

It's extremely easy to deploy. It functions without needing to talk to a server. It's completely silent once you've installed it. It's been really silent behind the scenes and has not conflicted with other software. It's a real set and forget.

We started in the Linux platform and we deployed to Linux. The licensing of that has been confusing between Linux licensing and Windows licensing. The overall simplicity of licensing or offering an enterprise license to cover everything and not needing to count needs improvement.

They've integrated with Defender well, but they should continue maturing that integration so that you can just check boxes with Defender installed to add Morphisec as well. There's licensing and all that, but they should try to make the implementation as easy as possible. It's easy now but they should continue down the path of making it as easy as possible.

I have been using Morphisec for two and a half years with a POC before that. 

From what we've seen it's stable as it can be. If there's such a thing as 100% availability, it's there. I think the architecture of it being deployed and standalone for all desk purposes makes it super stable. The biggest concern was conflicting with the applications on the desktop, and we had not seen that at all. It's been very reliable. We haven't been on the cloud version for very long, but so far it's been very reliable.

It should scale without an issue. It's about the deployment strategy and getting it deployed. Once you have a good deployment strategy, then it can scale to hundreds of thousands of endpoints, if you have them.

We are protecting around 3,000 endpoints. Then when we're all finished, there'll be about five to 6,000.

There is no upgrade that we know of yet, so we're on the latest version. I would anticipate once a year that we would have an upgrade to the endpoints. And it would probably take 10 to 20 hours of information security engineer's time to make that happen.

Their technical support is very good, responsive, and has good follow-through on open tickets. We don't have any issues with them.

The initial setup was relatively straightforward. We first installed Morphisec before they had their cloud server, which was a little bit more complicated. But now we've converted to their cloud server, which has made it much, much easier. You don't have the burden of setting up a server and getting the missing libraries and all the issues of setting up a server. Now with the cloud, it's simple.

It took us three weeks to set up with the server.

We did a proof of concept first, and then we tested it to make sure it would catch known malware with no antivirus on the endpoint. Then we started the deployment strategy and our deployment strategy was laptops first, then virtual desktops, and then servers.

We worked with Morphisec and our own engineers for the deployment.

We had a very good experience with their engineers. They were very knowledgeable about the Microsoft stack, easy to work with, and responsive.

Our ROI is having another level of control. I can't yet identify breaches that Morphisec stopped directly, but it'll pay for itself once it does that. It's really the extra layer of control that we didn't have before.

We've gone through several iterations over renewals. I think it's reasonably priced. I wouldn't say it's cheap, but I also wouldn't say that it's over-the-top pricing. An enterprise agreement would be nice so we don't have to try to count or get an estimate of the number of endpoints. If we go through growth and add 500 laptops, I don't want to have to go back and change our licensing to add that capacity. I'd rather just have that built into the contract.

We haven't seen any additional costs to the standard licensing. 

The options we looked at were more in the antivirus space. Morphisec as a product does not have direct competitors because of its unique architecture. There are other advanced endpoint protections that I looked at, but this one was by far the most unique architecture. It has a unique way of adding another layer of controls on the endpoints.

Morphisec hasn't added to my team's workload. It hasn't reduced it, but it hasn't added to it.

I didn't buy it to save us money. I bought it to add another level of control at the endpoint beyond antivirus. So it's really adding another layer of defense.

My advice would be to understand how Morphisec works from the Bad Actor's perspective, on how a Bad Actor or malware can compromise Windows or Linux. Morphisec gets to the root of those compromises. Rather than trying to detect the compromise, a design in the operating system issues and defeating those there or rather than trying to respond to changes in malware, they're defeating it right at the exploit level.

I'm part of Morphisec's sales team half the time when I'm trying to educate other IT leaders, my peers, or other CISOs on how it's actually working because it takes a little while to understand it. So my advice would be to really try to ask questions about how the architecture works. Because it doesn't really work like another AV. It works much differently than other endpoint protectors.

I would rate Morphisec a nine out of ten. 

Our primary use case is to have it for more protection than Defender can give us. We wanted more protection against the threats that are out there with malware and ransomware being the biggest. It's to supplement threat protection in addition to having Microsoft Defender. 

We only use the agent. We've transitioned from on-prem to the cloud this year.

We haven't had an issue since we've had Morphisec, so it's working. If we see something, we'll ask them about it, and then if we need to, we'll look at the machine. Generally though, if we find something, we tend to re-image a machine as opposed to fixing it. We just wipe it.

Morphisec gives me even more than Microsoft can give me, even if I were to pay. It doesn't technically save us money because we're paying for a Microsoft package that comes with Defender. 

It has reduced the team's workload by a couple of hours a week. It also saves money on our security stack. It's cheaper than others. It saves between $10,000 to $15,000 yearly. 

We liked the ability to see both the Defender and Morphisec through a single console to see the problems that might be going on.

It provides full visibility into security events and from both solutions in one dashboard. I'm not a big security guy, if I have a threat that looks like there's a problem, I will ask Morphisec to dissect it for me, and tell me what might be happening. Because it tends to be all hash codes, so I can tell what's going on. They've been pretty good with that.

I haven't been able to get the cloud deployment to work. When there's an update, I'm supposed to be able to roll it out for the cloud solution, but right now I'm continuing to use our SCCM solution to update it.

I have been using Morphisec for a year and a half. 

They've been very good. We've been able to see any problems that we have easily. We've been able to deploy new solutions. The migration from on-prem to cloud was very easy because Morphisec did it for us. They migrated the data. When I do have problems, if I need it, I can call them. They've been right there for me.

The agent that is installed on the endpoints stable doesn't take up a lot of resources. 

I haven't had any problems scaling it. I only have about 3,100 devices to deploy it to plus seven servers. 

In terms of maintenance, I just look at the reports and see what's happening and if there's something that's going to need attention.

Technical support was very helpful. I just told them I had a problem and they went and found the solutions.

I have had other solutions. We were just on the Defender and we added Morphisec to that. 

The initial setup was straightforward. For the original, we built the on-prem solution, which was a single install that they provided, and then we deployed our clients through our SCCM. We just did it with an MSI file. It was very straightforward. It took half a day. 

We deployed it ourselves. 

The ROI is that we haven't had any outbreaks. It's working.

Pricing was competitive. There were no additional costs to standard licensing. 

We looked at a full Malwarebytes deployment and Sophos. We liked the price and then supplemental for the Defender since we were already paying for Microsoft.

We were going to be required to remove Defender, which would have been extra steps, and that almost never goes smoothly. Plus we were concerned about the size of some of the clients and how well they were going to perform for us. They had older machines.

It's been a good experience. Morphisec has been helpful and we haven't had any outbreaks since running it. The install was easy. Updates have been pretty easy.

I would rate Morphisec a ten out of ten.