Solid product, helpful support
What do you like best about the product?
- Most important integrations are available and easy to setup
- Drata Agent as lightweight MDM solution
- Simple UI which gets the job done
- REST API to build custom workflows
- OOTB policy templates with guidance
- Customer support is friendly, helpful and usually quick to respond
- Trust page
What do you dislike about the product?
- While SOC 2 is well documented in the help center, ISO 27001 is not always mentioned as well.
- More integrations that could be helpful
What problems is the product solving and how is that benefiting you?
Drata is helping us building and improving processes around compliance and security, preparing us for ISO 27001.
Security monitoring platorm
What do you like best about the product?
I like the effectiveness of Drata in identifying security vulnerabilities and promptly notifying users about pending tasks. Additionally, I find the numerous connectors available to integrate with other applications impressive. The seamless and user-friendly process, coupled with the responsive and helpful customer support, enhances the overall experience with Drata.
What do you dislike about the product?
Cost to operate Drata is very high for Startups.
What problems is the product solving and how is that benefiting you?
Creating and managing policies. Keeping track of Cloud platform security vulnerabilities.
Drata as unique business enabler - compliance is no longer obligation - it's a joy.
What do you like best about the product?
Drata team that designs the product they sell in the way how every single CISO would like it. Simple for users, comprehensive and detailed for auditors, and - visible and transparent for CISOs and other C-level stakeholders. I even made my customers to like Drata via Trust Center, which is truly unexpected result.
What do you dislike about the product?
A lot of dependencies locked in integrations, making me so excited about Integration 2.0 which will allow me integrate my specific tools faster than Drata fastest guy will do it.
What problems is the product solving and how is that benefiting you?
Drata automates my approach to the security way beyond just compliance.
Drata had all the answers
What do you like best about the product?
Elizabeth, our CSM, was an incredible guide throughout our process towards SOC 2 compliance. At every point in the process, we had a clear understanding of what we were missing as well as actionable solutions to solving these issues.
Drata also has a wealth of online resources and Live Chat for any questions we had inbetween check ins. There was never a point in the process where our team didn't feel equipped to tackle the next step. This is all thanks to Drata's meticulous attention to detail, both in their services and in their interface, as well as Elizabeth's wisdom and insight as our CSM.
What do you dislike about the product?
The Drata app is incredibly well organized and easy to use. That being said, there were times when using the Drata dashboard that my changes were not saved. I had to be mindful when loading files or making disposition changes to make sure they went through successfully.
What problems is the product solving and how is that benefiting you?
Drata makes it incredible easy to monitor controls for security compliance, and understand exactly what needs to get done to mature your security posture. They give clear insight into what improvements need to be made, as well as ample resources to make those improvements a reality.
My experience with Drata has been amazing so far.
What do you like best about the product?
Drata is very intuitive to use, populate with evidence and navigate overall. It has additional capabilities on top of its main functionality that bring a lot of value.
What do you dislike about the product?
Some aspects of the app are not fully automated, but those have been confirmed to be in the works by their team.
What problems is the product solving and how is that benefiting you?
Drata is essential in our audit/certification processes, as well as tracking our evidence packages and monitoring our security controls.
Truly exceptional Customer Success team
What do you like best about the product?
The Customer Success team has been fantastic. Our CS manager, Jordan Penn, has gone above and beyond on multiple occassions, he's knowledgeable, friendly and seems genuinely dedicated to ensuring I am able to use the software in the best way possible - it's the most impressed I've been by a CS manager uing any software.
The platform itself is clear and well organised. It's full of helpful tips on what means what and how we should be inputting information. Very easy to integrate with other tech, which helps ensure it is hassle free and hands off keeping on top of everything compliance related.
What do you dislike about the product?
Very little to say in terms of dislikes.
What problems is the product solving and how is that benefiting you?
Helping simplify the process of preparing for an audit
Fairly intuitive product
What do you like best about the product?
Really helpful complimentary documentation, especially for the policies. I did need to reach out to ask for help in order to find the right sections of this documentation but now that I know where it is, super helpful (could be useful to link out in the comments at the top of each policy). The UI is simple to use and has easy link outs ot more details.
What do you dislike about the product?
I expected a formal onboarding, which was never setup or suggested. This may be because I was familiar with similar tools and had already started asking questions, indicating I was already using the platform but it felt like I just suddenly had this tool and needed to find my way from day 1.
What problems is the product solving and how is that benefiting you?
Getting our SOC2 and ensuring constant monitoring as we work to get there.
A comprehensive solution to reduce vulnerabilities and address loopholes in the infrastructure
What is our primary use case?
I was working on a project that required using ROC tools and SOC 2 compliance. To address this, we integrated with the Drata tool to reduce vulnerabilities in the infrastructure and address other loopholes. Additionally, Drata seamlessly integrated with our cloud services, including SysTrack S3 and other key creation and GuardDuty services.
Drata can identify loopholes and provide solutions for improved security. Drata secures the organisation's infrastructure, achieve SOC 2 compliance, and address HIPAA requirements. It can identify and close security loopholes proactively.
What is most valuable?
Drata is a comprehensive and informative tool that provides in-depth guidance on how to protect your infrastructure. However, it is also quite expensive and requires restarting if any loopholes are available.
What needs improvement?
The solution has a latency of three to five minutes. Also, the solution is quite costly.
For how long have I used the solution?
I have been using Drata as a customer for eight to nine months.
What do I think about the stability of the solution?
The product is stable.
I rate the solution’s stability a nine-point five out of ten.
What do I think about the scalability of the solution?
We were six guys using this product.
I rate the solution’s scalability a nine-point five out of ten.
Which solution did I use previously and why did I switch?
We used Drata only because it is popular. Also, the organization supports the use of Drata for SOC 2 compliance.
How was the initial setup?
The initial setup is straightforward and user-friendly, making it accessible to anyone. If a guy starts the journey in security, this tool will help. He can quickly pick up the entire information if he has extensive knowledge about cloud services. He needs to follow the steps to use the whole infrastructure.
What other advice do I have?
It would be helpful if the solution could provide screenshots to illustrate the steps outlined. Additionally, provide a day-by-day breakdown of the tasks, addressing potential loopholes that users may encounter. For instance, if we need to address three buckets, we could tackle each bucket one day at a time. This approach would make the process less overwhelming and more manageable. Drata provides steps on how to handle low falls. To do this, you need to turn certain options on or off. You can also edit or track these points. Additionally, you can include screenshots and highlight specific areas of interest.
Overall, I rate the solution a nine-point five out of ten.
Great Tool and Support!
What do you like best about the product?
Drata helped us to stay organized and aware of deliverables for continuous compliance.
- The platform is easy to use
- Interface is friendly
- Compliance Monitoring
- Ease of Implematation
- Customer Support
What do you dislike about the product?
There isn't much to complain about.
Even though there were a minor issues with integrations, the team was still able to provide soultions to help with automated contols.
What problems is the product solving and how is that benefiting you?
SOC 2 compliance
Great at reducing work across multiple audit frameworks.
What do you like best about the product?
I like the automated monitoring to be confident that we're compliant year-round. It's also really good at providing templates for commonly needed policies, risk reviews, and more. When you start with one framework like SOC 2 and add a second in the future like ISO 27001, you won't need to gather all-new evidence; each control is mapped to all applicable standards.
What do you dislike about the product?
It's difficult to exclude some out-of-scope resources in an environment that's always changing, as exceptions are done on an individual resource basis. For example, if your AWS account has applications in scope for GDPR plus many others, they'll all get pulled into Drata and it's not easy to stay on top of the exceptions.
What problems is the product solving and how is that benefiting you?
It helps us get ready for security compliance audits. Saves hours of prep and saves time on calls with auditors by giving them a portal where they can see live status. However, it doesn't cover nearly all of what a thorough auditor will ask for, so it's not a magic bullet.
