Morphisec vs NetWitness NDR comparison

Morphisec and NetWitness are both solutions in the Endpoint Protection Platform (EPP) category. Morphisec is ranked #49, while NetWitness is ranked #50. Morphisec holds a 0.6% mindshare in EPP, compared to NetWitness’s 0.7% mindshare. Additionally, 100% of Morphisec users are willing to recommend the solution, compared to 87% of NetWitness users who would recommend it.

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Sep 9, 2024

NetWitness NDR and Morphisec are two prominent solutions in network detection and response. Morphisec stands out due to its proactive approach to security, though some users feel it is worth the higher price.

Features: Users highly value NetWitness NDR for its comprehensive network monitoring and analytics. NetWitness NDR excels in detailed forensic analysis. Morphisec is praised for its advanced threat prevention capabilities and lightweight design. Morphisec's strength lies in its proactive defense mechanisms.

Room for Improvement: NetWitness NDR users seek enhancements in its integration capabilities. They also desire a more intuitive learning curve and better scalability. Morphisec users desire expanded reporting features and better scalability. Enhanced integration is also sought after in both products.

Ease of Deployment and Customer Service: NetWitness NDR offers flexible deployment options but receives mixed feedback on complexity. Customer service for NetWitness is well-regarded. Morphisec, noted for its simplicity in deployment, garners positive reviews for customer service efficiency. Morphisec’s ease of deployment is a distinct advantage.

Pricing and ROI: NetWitness NDR is perceived to have higher initial setup costs, yet users acknowledge substantial long-term ROI. Morphisec, despite a higher price point, is seen as an investment worth the cost due to its effective threat mitigation. Morphisec users report quicker ROI due to reduced incidents.

To learn more, read our detailed Morphisec vs. NetWitness NDR Report (Updated: March 2026).

Buyer's Guide

Morphisec vs. NetWitness NDR

March 2026

Download the complete report

Helped 885,264 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Cortex XDR by Palo Alto Net...

Mindshare comparison

As of March 2026, in the Endpoint Protection Platform (EPP) category, the mindshare of Cortex XDR by Palo Alto Networks is 3.5%, down from 4.0% compared to the previous year. The mindshare of Morphisec is 0.6%, up from 0.4% compared to the previous year. The mindshare of NetWitness NDR is 0.7%, up from 0.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Endpoint Protection Platform (EPP) Mindshare Distribution
Product	Mindshare (%)
Cortex XDR by Palo Alto Networks	3.5%
Morphisec	0.6%
NetWitness NDR	0.7%
Other	95.2%

Endpoint Protection Platform (EPP)

Featured Reviews

ABHISHEK_SINGH

Senior Process Expert at A.P. Moller - Maersk

Gained full visibility and streamlined threat detection through behavior-based insights and AI integration

Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.

Read full review

Rick Schibler

VP of Information Technology at Kentucky Trailer

Offers in-memory protection at a lower price than competitors

Morphisec's in-memory protection is probably the most valuable feature because it stops malicious activity from occurring. If something tries to install or act as a sleeper agent, Morphisec will detect and stop it. Morphisec's Moving Target Defense is critical to hardening our attack surface. If it detects something, it indicates whether it's valid. That means you've got a breach requiring investigation. It detects anomalies but doesn't necessarily point to what caused them. You still need to do that work. The solution is reasonably easy to administer. They made some changes last year, adding a cloud-based monitoring solution that makes deploying and monitoring our endpoints easy.

Read full review

reviewer1799727

Manager, IT Security Operations at a non-profit with 11-50 employees

Reliable and good support but can be expensive

I have no real complaints about the solution. Threat detection could be better. They need to enhance their threat intelligence feeds. We would like to have more IOCs or more trade intelligence to not only rely on the intelligence of the engineer in charge but to have some threat intelligence and some seeds of IOCs and to have the host have some artificial intelligence to reduce the number of false positives. I don't see this solution being very scalable. The solution is pricey.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The anti-exploit is impenetrable."

"Its ability to react to cyber data attacks is awesome."

"Cortex XDR by Palo Alto Networks saves time in various ways, although the user interface is fairly standard."

"It's a nice product that's stable and scalable."

"The dashboard is customizable."

"There are a lot of lead solutions in this space, however, Palo Alto is number one."

"Threat identification and detection are the most valuable features of this solution."

"Cortex XDR features advanced threat detection capabilities."

More Cortex XDR by Palo Alto Networks pros

"All the alerts are on the dashboard, which is quite simple and useful for us. You can easily check all the alerts that are being blocked or allowed, or whatever the action is. You can easily see that and you can take the necessary actions. You can add a PowerShell extension or any activities for blocking at your network level or for endpoints."

"What's valuable is really the whole kit and caboodle of the Morphisec agent."

"What's valuable is really the whole kit and caboodle of the Morphisec agent. What it does is genius, in a way, until the bad guys get wise to it. You set it up and then you watch the dashboard. There isn't really much tinkering."

"Morphisec gives me even more than Microsoft can give me, even if I were to pay."

"Morphisec makes use of deterministic attack prevention that doesn’t require investigation of security alerts. It changes the memory locations of where certain applications run. If you think of Excel, opening a PDF, running an Excel macro, or opening a webpage and clicking on a link, all of those actions run in a certain area of memory. Morphisec changes the memory locations of where those run."

"Morphisec makes it very easy for IT teams of any size to prevent breaches of critical systems because of the design of their tool. When we evaluated Morphisec, the CIO and I sat and listened. What attracted us to them is the fact that it stops activity at the point of detection. That saves a lot of time because now we are not investigating and trying to trace down what to turn off. We have already prevented it, which makes it very much safer and more secure."

"Morphisec stops attacks without needing to know what type of threat it is, just that it is foreign. It is based on injections, so it would know when a software launches. If a software launches and something else also launches, then it would count that as anomalous and block it. Because the software looks at the code, and if it executes something else that is not related, then Morphisec would block it. That is how it works."

"The ability to stop attacks without having to detect or have a signature for the attack is the most valuable feature."

More Morphisec pros

"We use it for IT security purposes; this is our central log management solution, so we incorporate all of our servers and PCs into this software and can monitor the logs from there."

"Technical support is knowledgeable."

"RSA NetWitness Endpoint has helped our organization from its many advantages and because it provides overall visibility of all of our endpoints within the enterprise network."

"It is very easy to use, and its usability is great. The use cases are also very easy. The visualizations of the use cases are magnificent. You cannot find this in any other solution. From my point of view, it is great."

"RSA NetWitness does market analysis in a more granular form. It gives you full visibility."

"This solution allows us to locate the malware in real-time."

"It helps our security team respond more accurately when there are threats, then we get less false positives or negatives."

"It is stable. We have been using it for some time, without any issues."

More NetWitness NDR pros

Cons

"Being able to filter the events to see those that are related to the actual alert would save time spent by the engineer."

"While using Cortex, I noticed some aspects that could be improved, such as increasing the synchronization speed between XDR and Xnor."

"The solution should enhance the ADR and reporting."

"The solution should force customers to integrate with network traffic to see the full benefits of XDR."

"I recommend adding a data loss prevention (DLP) solution to Cortex XDR by Palo Alto Networks. The inclusion of this feature would allow the application of DLP policies alongside antivirus policies via a single agent and console, making it more competitive as other OEMs often offer DLP solutions as part of their antivirus products."

"There are some false positives."

"They have the worst support, as a company, that I have ever worked with, as they are difficult to get a hold of and keep on the phone. They don't know what they are talking about when you get them on the phone. They don't like to respond to messages when you send them to them. They like to "research problems" for weeks on end, then pass you off to somebody else."

"Every 30 or 40 days, there's a new version and we need to go and make sure our customer's laptops are upgraded."

More Cortex XDR by Palo Alto Networks cons

"I haven't been able to get the cloud deployment to work."

"It would be useful for them if they had some kind of network discovery. That kind of functionality I think would give IT administrators a little bit more confidence that they have 100 percent coverage, and it gives them something to audit against. Network discovery would be one area I would definitely suggest that they put some effort into."

"The weakest point of this product is how difficult it is to understand the reasons for an alert."

"We wanted to have multi-tenants in their cloud platform, so every entity can look into their own systems and not see other systems in other entities."

"It might be a bit much to ask, but we are now beginning to use Morphisec Scout, which provides vulnerability information. At this time, it's recognizing vulnerabilities and reporting them to us, but it's not necessarily resolving them. There's still a separate manual process to resolve those vulnerabilities, primarily through upgrades. We have to do that outside of Morphisec. If Morphisec could somehow have that capability built into it, that would be very effective."

"We sometimes have to depend on the support team to know what action we should take."

"If anything, tech support might be their weakest link."

"The dashboard is the area that requires the most improvement. We have about, I would say 5,500 computers currently, and searching through all of those takes some time to filter. So as soon as you apply the filter, it takes a few seconds. It crunches, it thinks, and then it brings up the clients that match."

More Morphisec cons

"The solution lacks a reporting engine."

"The threat intelligence could improve in RSA NetWitness Endpoint."

"The solution is modular, for example you can buy the RSA ePack, which you buy as a module is not part of the conduit solution. They could include it and have it as an all-in-one solution."

"NetWitness Endpoint's blocking feature does not work properly - if there's a malicious process, it's not possible to kill it via a custom rule unless and until it's flagged as malicious."

"The problem with this product is that it's a bit slow."

"The contamination feature could be improved."

"Its price could be improved. It is an expensive product. Its training is also too expensive. It would be great if they can have a better pricing scheme for the training."

"I don't see this solution being very scalable."

More NetWitness NDR cons

Pricing and Cost Advice

"I don't have any issues with the pricing. We are satisfied with the price."

"I don't like that they have different types of licenses."

"Our license will require renewal in August, after which the maintenance will continue as usual."

"Cortex XDR is a costly solution."

"Very costly product."

"Every customer has to pay for a license because it doesn't work with what you get from a managed services provider."

"The solution is expensive. It's pricing is on a yearly-basis."

"We pay about $50,000 USD per year for a bundle that includes Cortex XDR."

More Cortex XDR by Palo Alto Networks pricing and cost advice

"We are still using a separate tool. I know for our 600 or I think we're actually licensed for up to 700 users, it runs me 23 or $24,000 a year. When you're talking to that many users plus servers being protected, that's well worth the investment for that dollar amount."

"Licenses are per endpoint, and that's true for the cloud version as well. The only difference is that there is a little extra charge for the cloud version."

"Our licensing is tied into our contract. Because we have a long-term contract, our pricing is a little bit lower. It is per year, so we don't get charged per endpoint, but we do have a cap. Our cap is 80 endpoints. If we were to go over 80, when we renewed our contract, which is not until three years are over. Then, they would reevaluate, and say, "Well, you have more than 80 devices active right now. This is going to be the price change." They know that we are installing and replacing computers, so the numbers will be all over the place depending on whether you archive or don't archive, which is the reason why we just have to keep up on that stuff."

"Morphisec is reasonably priced because our parent company's other subsidiaries use different products like CrowdStrike. CrowdStrike is four or five times more expensive than Morphisec. The competitive pricing saves us money in our overall security stack."

"It is a little bit more expensive than other security products that we use, but it does provide us good protection. So, it is a trade-off."

"Compared to their competitors, the price of Morphisec is not that high. You can easily deploy it on a large-scale or small-scale network."

"It is priced correctly for what it does. They end up doing a good deal of discounting, but I think it is priced appropriately."

"Price-wise, it's on the higher side. A traditional antivirus solution is cheaper, but in terms of security and manageability, its ROI is better than a traditional antivirus. I would recommend it to anybody evaluating or considering an antivirus solution. If your system gets compromised, the cost of ransom would be a lot more. This way, it saves a lot of cost."

More Morphisec pricing and cost advice

"The pricing is not very economical. It is a quite costly product for India. One thing is that when you purchase it, you have to purchase a module separately."

"The cost depends on the number of endpoints that you want to monitor, but it is not expensive."

"The price of the solution depends on the environment. If the environment is large then it will cost more. However, the larger the environment with more endpoints, you will receive an increased discount. If the environment is very small, then you might think it is expensive. It is always better to buy in bulk to receive a discount. The minimum number of assets is usually 500, with discounts on 1000 and 2000."

"I do not have any opinion on the pricing or licensing of the product."

"It is highly scalable. It can be bought based on your requirements."

"It is an expensive product."

"With RSA, there is flexibility in choosing the service, products, and the range that meets your requirement, as well as they are flexible in terms of pricing."

"NetWitness Endpoint is less costly than its competitors, but it offers fewer features."

More NetWitness NDR pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Endpoint Protection Platform (EPP) solutions are best for your needs.

See recommendations

885,264 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Manufacturing Company

Computer Software Company

Financial Services Firm

Comms Service Provider

Outsourcing Company

17%

Manufacturing Company

10%

Financial Services Firm

Computer Software Company

Financial Services Firm

Manufacturing Company

Outsourcing Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	44
Midsize Enterprise	20
Large Enterprise	47

By reviewers
Company Size	Count
Small Business	5
Midsize Enterprise	8
Large Enterprise	8

By reviewers
Company Size	Count
Small Business	10
Midsize Enterprise	2
Large Enterprise	5

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One

Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...

See all answers

Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)

Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...

See all answers

How is Cortex XDR compared with Microsoft Defender?

Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...

See all answers

Ask a question

Earn 20 points

Ask a question

Earn 20 points

Comparisons

Microsoft Defender for Endpoint vs Cortex XDR by Palo Alto Networks

Compared 9% of the time

SentinelOne Singularity Complete vs Cortex XDR by Palo Alto Networks

Compared 6% of the time

CrowdStrike Falcon vs Cortex XDR by Palo Alto Networks

Compared 4% of the time

Cortex XSIAM vs Cortex XDR by Palo Alto Networks

Compared 4% of the time

Symantec Endpoint Security vs Cortex XDR by Palo Alto Networks

Compared 3% of the time

More Cortex XDR by Palo Alto Networks Competitors

Halcyon vs Morphisec

Compared 7% of the time

CrowdStrike Falcon vs Morphisec

Compared 6% of the time

FortiCNAPP vs Morphisec

Compared 5% of the time

Deep Instinct Prevention Platform vs Morphisec

Compared 4% of the time

SentinelOne Singularity Complete vs Morphisec

Compared 4% of the time

More Morphisec Competitors

Trellix Endpoint Security Platform vs NetWitness NDR

Compared 6% of the time

Darktrace vs NetWitness NDR

Compared 6% of the time

ServiceNow Security Operations vs NetWitness NDR

Compared 4% of the time

ExtraHop Reveal(x) vs NetWitness NDR

Compared 4% of the time

Tanium vs NetWitness NDR

Compared 2% of the time

More NetWitness NDR Competitors

Product Reports

Buyer's Guide

Cortex XDR by Palo Alto Networks

March 2026

Download Cortex XDR by Palo Alto Networks product report

Buyer's Guide

Morphisec

March 2026

Download Morphisec product report

Buyer's Guide

NetWitness NDR

March 2026

Download NetWitness NDR product report

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps

Morphisec, Morphisec Moving Target Defense

RSA ECAT, NetWitness Network

Overview

Cortex XDR by Palo Alto Networks provides advanced threat detection with AI-driven endpoint protection and seamless integration, ensuring multi-layered security and automatic threat response.

Cortex XDR is designed to safeguard endpoints against malware and suspicious activities. It offers advanced threat detection and response capabilities using behavioral analysis, AI, and machine learning. It seamlessly integrates with security infrastructures, providing endpoint security, firewall integration, and enhanced visibility in both cloud-based and on-premises environments.

What are the key features of Cortex XDR?

Advanced Threat Detection: Uses AI and machine learning for proactive threat identification.
Multi-layered Security: Combines various security measures for comprehensive protection.
Endpoint Protection: Safeguards against malware and exploits.
Behavioral Analysis: Monitors suspicious activity for early detection.
Automatic Threat Response: Automates responses to neutralize threats.

What benefits should users expect?

Ease of Use: Simplifies security management with intuitive design.
Resource Efficiency: Minimizes impact on system resources.
Integration Capabilities: Works well with existing security setups.
Reduced Analyst Workload: Automates processes to decrease manual intervention.

Organizations in diverse sectors deploy Cortex XDR to protect against malware, leveraging its advanced threat detection capabilities. Its integration with existing security infrastructures appeals to those seeking comprehensive protection in both cloud and on-premises environments, providing enhanced visibility and threat intelligence.

Palo Alto Networks

Morphisec delivers signatureless endpoint-specific protection, effectively blocking zero-day threats and ransomware without affecting performance, making it a preferred choice for enhancing security strategies.

Morphisec empowers users by providing comprehensive protection against advanced threats with its innovative signatureless and in-memory security features. Its seamless integration with Microsoft Defender ensures complete visibility and automatic threat blocking through a unified dashboard. The Moving Target Defense technology enhances deployment efficiency while its lightweight design maintains system performance. Despite some challenges in cloud deployment and feature updates, users find value in its ease of use and minimal administrative effort.

What are the key features of Morphisec?

Signatureless Protection: Blocks threats without relying on signatures, ensuring up-to-date defense.
In-Memory Protection: Prevents attacks targeting system memory to safeguard endpoints.
Zero-Day Threat Blocking: Offers proactive defense against undiscovered threats.
Unified Dashboard: Provides comprehensive security event visibility and integration with Microsoft Defender.
Lightweight Design: Ensures smooth operation without system performance issues.

What benefits can users expect when evaluating Morphisec?

Enhanced Security: Strengthens defense layers against ransomware and memory attacks.
Seamless Integration: Works alongside existing antivirus solutions like Microsoft Defender.
Minimal Administration: Requires low maintenance due to its set-and-forget nature.
Automatic Updates: Keeps protection current without manual intervention.
Broad Coverage: Suitable for desktops, servers, and cloud platforms.

In industries with high security needs, deploying Morphisec adds a robust defense against advanced threats. Its compatibility with antivirus solutions and cloud platforms makes it adaptable to diverse environments, ensuring effective threat mitigation and detection.

Morphisec

Using a centralized combination of network and endpoint analysis, behavioral analysis, data science techniques and threat intelligence, NetWitness NDR helps analysts detect and resolve known and unknown attacks while automating and orchestrating the incident response lifecycle. With these capabilities on one platform, security teams can collapse disparate tools and data into a powerful, blazingly fast user interface.

NetWitness

Sample Customers

CBI Health Group, University Honda, VakifBank

Lenovo/Motorola, TruGreen, Covenant Health, Citizens Medical Center

ADP, Ameritas, Partners Healthcare

Buyer's Guide

Morphisec vs. NetWitness NDR

March 2026

Free Report: Morphisec vs. NetWitness NDR

Find out what your peers are saying about Morphisec vs. NetWitness NDR and other solutions. Updated: March 2026.

DOWNLOAD NOW

885,264 professionals have used our research since 2012.

See our Morphisec vs. NetWitness NDR report.

See our list of best Endpoint Protection Platform (EPP) vendors and best Endpoint Detection and Response (EDR) vendors.

We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.