I use the solution in my company to apply for SOC 2 certification and to take notes on some controls that we have in AWS and other stuff.
External reviews
1,119 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Simplifying our ISO27001 Journey with Drata
What do you like best about the product?
Drata has streamlined our ISO27001 compliance process with its user-friendly automation and integrations. It is a great intuitive platform that greatly reduces the manual workload involved in compliance. Its automation capabilities for policy drafting, evidence collection, and monitoring make the entire process much more efficient! Plus, their customer support is truly one of the best we've ever experienced – they're always there to answer any question, no matter how small, and go above and beyond to help.
What do you dislike about the product?
While Drata is an amazing tool overall, the readiness score can sometimes be a bit misleading. It can signal that we are fully prepared when certain controls still require manual evidence to be uploaded. It would be great if there was a clearer way to indicate where manual evidence is still needed, even after the platform shows those controls as “ready.” A more transparent alert system for this would make the process even smoother!
What problems is the product solving and how is that benefiting you?
ISO27001 Compliance
The most responsive support team I've met
What do you like best about the product?
Drata automates and handles most of our ISO and SOC needs across the entire governance and compliance space for our company. It's multiple features and ease of use have been instrumental in completing our certification audits for the past 2 years. Their support team is very responsive and I've even talked with their CISO regarding one issue we had which was almost immediately resolved.
What do you dislike about the product?
In the initial setup for identity it asked for a global admin credentials to be used to set things up. This is a massive risk for any company. However, through working through their team we found a solution that exercised the practice of least privileged access and met my business needs. Needless to say, we've been very successful since that implementation.
What problems is the product solving and how is that benefiting you?
We use Drata to cover all our basis. We've implemented utilities and policies that enable our business to maintain governance and compliance across the infrastructure.
GRC engineering
What do you like best about the product?
Easy to use. Their on-demand support for platform questions is a great model. It is interactive and real-time.
What do you dislike about the product?
User Interface and Risk Management. The user interface isn't very friendly. Risk Register is pretty basic.
What problems is the product solving and how is that benefiting you?
It is monitoring your compliance controls in real time.
Drata has helped to automate our compliance and governance processes
What do you like best about the product?
Ability to track our risks w.r.t to personnel, process, infrastructure , policy and vendors - all in one place is super helpful.
What do you dislike about the product?
Not all auditors use Drata. So we need to supply the evidence manually in those cases.
Also Drata support quality can improve.
Also Drata support quality can improve.
What problems is the product solving and how is that benefiting you?
It integrates well with our cloud platform and its automation to manage the risks across people, process/policy and infrastructure/technology helps us track and remediate those risks timely. It helps with our compliance needs to met our regulations and framework requirements.
Good Repository of Policies and Procedures
What do you like best about the product?
Email notifications contain links that generally take me where I need to be. Dashboards and statuses are clear. Implemented quickly and we were quickly using it. The extra support for the first month was beneficial.
What do you dislike about the product?
As an infrequent user (a couple of times a week), I don't always remember which menu/toolbar items I need to click on if I am doing something outside of an email notification. The menu isn't always intuitive for me as to what I should click. The dashboard can be a little misleading when listing the completed task percentage - many tasks may be mostly finished but I'm not sure how to see, for example, that 20 tasks are completed and 40 tasks are 90+% done.
What problems is the product solving and how is that benefiting you?
Drata helps us ensure that our cloud product is secure. Certification will help us win contracts with larger prospects that are starting to ask for certifications completed.
Friendly to use and offers powerful functionalities
What is our primary use case?
What needs improvement?
I wish the tool were more granular with some configurations about the controls or the platforms. I don't know whether the information and the way that we share it with third parties could be made more granular, if the benefit could be done, and if it would be a fine product.
The product can improve in its API documentation area.
For how long have I used the solution?
I have been using Drata for a year and eight months. I am the solution's customer.
What do I think about the stability of the solution?
I never had any issues with the stability of the product.
What do I think about the scalability of the solution?
I was impressed the first time using Drata because you could put all the data that you have in all across all the platforms over there. Drata tells you how good or bad you will be for applying for those certifications. I rate the tool's scalability a nine out of ten.
In the cybersecurity team, three or four people used to use the tool. The rest of the team used only the agents in their laptops.
How are customer service and support?
I didn't use the solution's technical support a lot, but when I had to, it was great. I had no problem. I rate the technical support an eight out of ten.
How would you rate customer service and support?
Positive
What's my experience with pricing, setup cost, and licensing?
The product is really expensive. I remember that my company used to pay 25,000 USD to use the product, but I can recommend it to those who have no team and still need a certification, evidence or anything related to such areas. The product's cost is really high, but it is a powerful tool.
What other advice do I have?
Impact of the product on your company's security posture management has been great because we had a team of three people in the security part, and I was their technical leader. In our company, we have a CIO and an operations team. We have only three people on the team, and Drata helps us to increase and enhance the maturity of our controls and evidence for future auditing and other compliance assessments.
With the automated evidence feature of the product, we connected all our platforms, like Amazon, and then we connected with GitHub Enterprise to get information about the outbound application. Data has a control panel for third parties so that they can read or know what controls are working and how, which is a breaking advantage for such a tool.
The product is 100 percent friendly to use.
I rate Drata's integration capabilities as an eight out of ten.
If I have ten people with Excel and fully commit to write the controls, then maybe we won't require Drata. If you have a small team, and you want to hurry up with things in your company, Drata is the perfect solution.
I rate the tool an eight out of ten.
Drata Makes Compliance Easy
What do you like best about the product?
Drata made it easy to migrate to their tool. Between dedicated onboarding support, easy to use features, and well written documentation, I was able to get started very quickly.
Drata's prebuilt integrations make life easier. I was using a lot of manual scripting to generate inventories and perform basic configuration checks, and Drata automated that all away.
Drata has a ton of small features that you don't know you need until you have them:
- A vendor inventory tool with the ability to attach security documentation and complete structured reviews of third-party audit reports.
- An evidence library that supports one-off evidence tasks and recurring evidence for whatever period you want.
Drata's prebuilt integrations make life easier. I was using a lot of manual scripting to generate inventories and perform basic configuration checks, and Drata automated that all away.
Drata has a ton of small features that you don't know you need until you have them:
- A vendor inventory tool with the ability to attach security documentation and complete structured reviews of third-party audit reports.
- An evidence library that supports one-off evidence tasks and recurring evidence for whatever period you want.
What do you dislike about the product?
As someone who is very particular about how I want my compliance program to work, I want to be able to customize every aspect of a tool. There are some areas where I can't quite customize as I'd like, however Drata has recently introduce some interesting features around building custom monitors.
What problems is the product solving and how is that benefiting you?
A compliance program has a lot of moving parts. Drata helps keep all of it organized, letting you know what needs to be done and when. This frees up a lot of time and saves me from a ton of manual work.
User-friendly and supports SAST and HIPAA frameworks
What is our primary use case?
I use Drata from the auditor's end. I am an information security auditor for companies that provide SaaS and PaaS-based services, and that would be more concentrated on the US SaaS and PaaS-based companies. I use Drata to check and comment on my client's internal security controls, their operative effectiveness, and how they are upholding their security standards.
What is most valuable?
Drata's DCF mapping is really good. The way the tool's controls are linked to the framework, specifically with SAST and HIPAA frameworks or any other frameworks, is really good. Basically, when I look into a control, the control's particular DCF number gives me all the information about the automated tests linked to that control, and then the external evidence that the client provides to me for verification and review is also available in one place. Drata's Audit Hub is useful for communicating with the client, and it is also a really good place where the client can feel safe sharing sensitive information for audits as it is a protected platform.
What needs improvement?
For a particular control, such as vulnerability scans, we mostly have clients provide us with external third-party reports of scans. Drata could have something in place for real-time monitoring so that we could actually see the vulnerabilities directly instead of requesting external vulnerability scans for the platforms or cloud containers one uses.
The thing with Drata is you cannot open multiple tabs on the same interface or the same desktop. When you come out of Drata's Audit Hub, you will have to go back into the client interface and then return to another request. There is a lot of time-consuming activity happening in the tool. When I come out of Drata's Audit Hub, I would like to go to the previous phase I visited without being completely kicked out of the interface.
For how long have I used the solution?
I have been using Drata since September 2022. My firm has a partnership with Drata, but I am unsure about it.
What do I think about the stability of the solution?
In terms of stability, the product has been very smooth. Stability-wise, I rate the solution an eight out of ten.
What do I think about the scalability of the solution?
It is a scalable solution. As far as just seeing the other compliances are concerned in the tool, and since it is not the only compliance tool I use for auditing, I can say that when I compare tools, Drata is fine.
How are customer service and support?
I would not want to talk about my experience with the product's support team extensively, but I can give the technical support a rating of six out of ten. There was a time during the initial stages of my work when I found a lot of data to convert into PDFs or download in an Excel format, and a lot of metadata was coming out. When I reached out to Drata's support team, they said the metadata that was coming out was not their issue but something from my end. The issue eventually vanished, but it was never fixed. I stopped seeing the heavy data again on my interface, but it was never properly received by the tool's support team. I only had one such customer support requirement.
I rate the technical support a six or seven out of ten.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
I have experience with multiple compliance platforms like Vanta and Secureframe.
How was the initial setup?
With the product's initial setup phase, I honestly faced some issues while the clients gave us auditors access to set up cards or read-only access. I have seen a lot of back and forth for multiple clients, and even though the clients tell us that they have given us access, we don't receive it. We don't get Drata's invitation sometimes. I think there is a bit of work, but it is not difficult. It is easy to use the tool to log in to your work emails or Google, but I found some errors in the auditor assignments and access assignments.
What other advice do I have?
In terms of security posture management, as far as I am exposed to Drata, I can say that the tool has some automated tests. The autopilot feature in the tool is really helpful for verifying things, and the client's data is in sync with Drata. The tool has continuous monitoring and it provides me with real-time data on every aspect of the firm's internal security, which is also an add-on.
The tool is really user-friendly. I believe there is always room for improvement.
I do not work on integration processes. We actually have a dedicated team for it, and my team focuses only on testing.
I recommend the product to those who plan to use it since it is a seamless and easy tool to use.
I think going with what is on the interface to view could be the best thing to know more, explore more, and get to the things you want to get to.
I rate the tool an eight out of ten.
Very pleasant experience. Both our account manager and live support are very responsive and helpful.
What do you like best about the product?
Automation of control checks. Customer support is great. Easy to use.
What do you dislike about the product?
Just started using it at the moment haven't experienced anything I dislike.
What problems is the product solving and how is that benefiting you?
Given the users of our technology could be in all sectors, some,but not all, industries may require SOC-2, GDPR, or HIPPA certification for use in their markets.
Best Product Development I Have Experienced
What do you like best about the product?
The company is focused on solving problems that have persisted in the GRC space and reimagining what a GRC can and should be capable of in today's fast moving environment. It started as a compliance automation platform and has added features at a pace I have not experienced in my career to become a complete GRC platform that can perform with the best on features while being much more streamlined and easy to use. Not suprisingly, their feedback mechanisms and prioritization is amazing and the amount of engagement watching something you requested become a live feature in a matter of months with additional questions and QA along the way to ensure its meeting the use case.
Best Aspects of Drata:
1. Product development quality and speed
2. Ease of mapping frameworks to policies to controls to risks for end to end management
3. Balance of configuration versus customization, Drata is still easy to setup and manage while allowing you to meet your current process in the middle
4. Focus on automation whether its automated control tests or smart use of AI for repetitive tasks
Best Aspects of Drata:
1. Product development quality and speed
2. Ease of mapping frameworks to policies to controls to risks for end to end management
3. Balance of configuration versus customization, Drata is still easy to setup and manage while allowing you to meet your current process in the middle
4. Focus on automation whether its automated control tests or smart use of AI for repetitive tasks
What do you dislike about the product?
Drata is a very new company and does still have some gaps in capabilities. However, I am confident based at their speed of development they won't be gaps for long.
What problems is the product solving and how is that benefiting you?
1. Migrating our framework and GRC processes into a single tool.
2. Implementing the principle of "assess once, report many".
3. Ensuring that our framework is grounded by what is happening in security operations and engineering through integrations and process/framework alignment.
2. Implementing the principle of "assess once, report many".
3. Ensuring that our framework is grounded by what is happening in security operations and engineering through integrations and process/framework alignment.
showing 131 - 140