I use the solution in my company to apply for SOC 2 certification and to take notes on some controls that we have in AWS and other stuff.
External reviews
1,123 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Good Repository of Policies and Procedures
What do you like best about the product?
Email notifications contain links that generally take me where I need to be. Dashboards and statuses are clear. Implemented quickly and we were quickly using it. The extra support for the first month was beneficial.
What do you dislike about the product?
As an infrequent user (a couple of times a week), I don't always remember which menu/toolbar items I need to click on if I am doing something outside of an email notification. The menu isn't always intuitive for me as to what I should click. The dashboard can be a little misleading when listing the completed task percentage - many tasks may be mostly finished but I'm not sure how to see, for example, that 20 tasks are completed and 40 tasks are 90+% done.
What problems is the product solving and how is that benefiting you?
Drata helps us ensure that our cloud product is secure. Certification will help us win contracts with larger prospects that are starting to ask for certifications completed.
Great customer service and features that solve real-world problems.
What do you like best about the product?
Amazing product and customer service. The best feature are it's customizable cross-map that can go in-depth and assign tasks.
What do you dislike about the product?
It's a good product. The dislike would be probably more investment into the User Experience.
What problems is the product solving and how is that benefiting you?
Agile compliance.
Friendly to use and offers powerful functionalities
What is our primary use case?
What needs improvement?
I wish the tool were more granular with some configurations about the controls or the platforms. I don't know whether the information and the way that we share it with third parties could be made more granular, if the benefit could be done, and if it would be a fine product.
The product can improve in its API documentation area.
For how long have I used the solution?
I have been using Drata for a year and eight months. I am the solution's customer.
What do I think about the stability of the solution?
I never had any issues with the stability of the product.
What do I think about the scalability of the solution?
I was impressed the first time using Drata because you could put all the data that you have in all across all the platforms over there. Drata tells you how good or bad you will be for applying for those certifications. I rate the tool's scalability a nine out of ten.
In the cybersecurity team, three or four people used to use the tool. The rest of the team used only the agents in their laptops.
How are customer service and support?
I didn't use the solution's technical support a lot, but when I had to, it was great. I had no problem. I rate the technical support an eight out of ten.
How would you rate customer service and support?
Positive
What's my experience with pricing, setup cost, and licensing?
The product is really expensive. I remember that my company used to pay 25,000 USD to use the product, but I can recommend it to those who have no team and still need a certification, evidence or anything related to such areas. The product's cost is really high, but it is a powerful tool.
What other advice do I have?
Impact of the product on your company's security posture management has been great because we had a team of three people in the security part, and I was their technical leader. In our company, we have a CIO and an operations team. We have only three people on the team, and Drata helps us to increase and enhance the maturity of our controls and evidence for future auditing and other compliance assessments.
With the automated evidence feature of the product, we connected all our platforms, like Amazon, and then we connected with GitHub Enterprise to get information about the outbound application. Data has a control panel for third parties so that they can read or know what controls are working and how, which is a breaking advantage for such a tool.
The product is 100 percent friendly to use.
I rate Drata's integration capabilities as an eight out of ten.
If I have ten people with Excel and fully commit to write the controls, then maybe we won't require Drata. If you have a small team, and you want to hurry up with things in your company, Drata is the perfect solution.
I rate the tool an eight out of ten.
The Drata platform is instrumental in our ability to maintain our security posture.
What do you like best about the product?
As we started our journey for SOC 2 and ISO certification, having policy templates at our fingertips expedited the process of compliance. In additional, the realtime monitoring of our posture and security controls is invaluable.
What do you dislike about the product?
There is nothing in Drata that would be considered disliked. Every feature, whether we leverage said feature or not, is or will be valuable at some point.
What problems is the product solving and how is that benefiting you?
Drata is part of 3 pillars that we leverage in security and compliance. Drata is the security automation platform, our partner Rhyemetic is our vCISO and other partner Insight Assurance is our auditor. Having all three of those componants allows us to convey our dedication to compliance to our existing and prospective customers.
Drata Makes Compliance Easy
What do you like best about the product?
Drata made it easy to migrate to their tool. Between dedicated onboarding support, easy to use features, and well written documentation, I was able to get started very quickly.
Drata's prebuilt integrations make life easier. I was using a lot of manual scripting to generate inventories and perform basic configuration checks, and Drata automated that all away.
Drata has a ton of small features that you don't know you need until you have them:
- A vendor inventory tool with the ability to attach security documentation and complete structured reviews of third-party audit reports.
- An evidence library that supports one-off evidence tasks and recurring evidence for whatever period you want.
Drata's prebuilt integrations make life easier. I was using a lot of manual scripting to generate inventories and perform basic configuration checks, and Drata automated that all away.
Drata has a ton of small features that you don't know you need until you have them:
- A vendor inventory tool with the ability to attach security documentation and complete structured reviews of third-party audit reports.
- An evidence library that supports one-off evidence tasks and recurring evidence for whatever period you want.
What do you dislike about the product?
As someone who is very particular about how I want my compliance program to work, I want to be able to customize every aspect of a tool. There are some areas where I can't quite customize as I'd like, however Drata has recently introduce some interesting features around building custom monitors.
What problems is the product solving and how is that benefiting you?
A compliance program has a lot of moving parts. Drata helps keep all of it organized, letting you know what needs to be done and when. This frees up a lot of time and saves me from a ton of manual work.
User-friendly and supports SAST and HIPAA frameworks
What is our primary use case?
I use Drata from the auditor's end. I am an information security auditor for companies that provide SaaS and PaaS-based services, and that would be more concentrated on the US SaaS and PaaS-based companies. I use Drata to check and comment on my client's internal security controls, their operative effectiveness, and how they are upholding their security standards.
What is most valuable?
Drata's DCF mapping is really good. The way the tool's controls are linked to the framework, specifically with SAST and HIPAA frameworks or any other frameworks, is really good. Basically, when I look into a control, the control's particular DCF number gives me all the information about the automated tests linked to that control, and then the external evidence that the client provides to me for verification and review is also available in one place. Drata's Audit Hub is useful for communicating with the client, and it is also a really good place where the client can feel safe sharing sensitive information for audits as it is a protected platform.
What needs improvement?
For a particular control, such as vulnerability scans, we mostly have clients provide us with external third-party reports of scans. Drata could have something in place for real-time monitoring so that we could actually see the vulnerabilities directly instead of requesting external vulnerability scans for the platforms or cloud containers one uses.
The thing with Drata is you cannot open multiple tabs on the same interface or the same desktop. When you come out of Drata's Audit Hub, you will have to go back into the client interface and then return to another request. There is a lot of time-consuming activity happening in the tool. When I come out of Drata's Audit Hub, I would like to go to the previous phase I visited without being completely kicked out of the interface.
For how long have I used the solution?
I have been using Drata since September 2022. My firm has a partnership with Drata, but I am unsure about it.
What do I think about the stability of the solution?
In terms of stability, the product has been very smooth. Stability-wise, I rate the solution an eight out of ten.
What do I think about the scalability of the solution?
It is a scalable solution. As far as just seeing the other compliances are concerned in the tool, and since it is not the only compliance tool I use for auditing, I can say that when I compare tools, Drata is fine.
How are customer service and support?
I would not want to talk about my experience with the product's support team extensively, but I can give the technical support a rating of six out of ten. There was a time during the initial stages of my work when I found a lot of data to convert into PDFs or download in an Excel format, and a lot of metadata was coming out. When I reached out to Drata's support team, they said the metadata that was coming out was not their issue but something from my end. The issue eventually vanished, but it was never fixed. I stopped seeing the heavy data again on my interface, but it was never properly received by the tool's support team. I only had one such customer support requirement.
I rate the technical support a six or seven out of ten.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
I have experience with multiple compliance platforms like Vanta and Secureframe.
How was the initial setup?
With the product's initial setup phase, I honestly faced some issues while the clients gave us auditors access to set up cards or read-only access. I have seen a lot of back and forth for multiple clients, and even though the clients tell us that they have given us access, we don't receive it. We don't get Drata's invitation sometimes. I think there is a bit of work, but it is not difficult. It is easy to use the tool to log in to your work emails or Google, but I found some errors in the auditor assignments and access assignments.
What other advice do I have?
In terms of security posture management, as far as I am exposed to Drata, I can say that the tool has some automated tests. The autopilot feature in the tool is really helpful for verifying things, and the client's data is in sync with Drata. The tool has continuous monitoring and it provides me with real-time data on every aspect of the firm's internal security, which is also an add-on.
The tool is really user-friendly. I believe there is always room for improvement.
I do not work on integration processes. We actually have a dedicated team for it, and my team focuses only on testing.
I recommend the product to those who plan to use it since it is a seamless and easy tool to use.
I think going with what is on the interface to view could be the best thing to know more, explore more, and get to the things you want to get to.
I rate the tool an eight out of ten.
Very pleasant experience. Both our account manager and live support are very responsive and helpful.
What do you like best about the product?
Automation of control checks. Customer support is great. Easy to use.
What do you dislike about the product?
Just started using it at the moment haven't experienced anything I dislike.
What problems is the product solving and how is that benefiting you?
Given the users of our technology could be in all sectors, some,but not all, industries may require SOC-2, GDPR, or HIPPA certification for use in their markets.
Easy to use product and great customer experience
What do you like best about the product?
Drata takes away the worry about making sure you have not forgotten any compliance task that needs to get done in your audit window. Additionall it has a great team of customer success people (ours was Elizabeth John) and if you ever have a specific question for an auditor, they have a team available that you can chat with at anytime to answer your questions quickly.
What do you dislike about the product?
It needs to have a way to automatically watermark reports in Trust Center for specific users.
What problems is the product solving and how is that benefiting you?
Ensuring we obtained and continue to maintain our SOC 2 Type II certification.
Great product and team = great overall experience
What do you like best about the product?
Drata takes the pain out of the compliance process by tapping into our existing systems and offering detailed insights into our compliance status. They have a wonderful customer success team that is both knowledgeable and helpful. Additionally, the support team available through the in-platform chat is extremely responsive and well-informed. As someone who had never managed a compliance project before, I was initially apprehensive. However, Drata's system and support has made the entire process seamless and worry-free.
What do you dislike about the product?
When starting my only worry was that the CS team were based in the US so not in my timezone. However, they have recentlt launched their UK team and I now have a UK-based CS manager 👍🏼
What problems is the product solving and how is that benefiting you?
The Drata platform benefits us by significantly reducing the time and effort required to achieve and maintain compliance. The knowledgeable and responsive customer success and support teams further enhance our experience, ensuring that any issues or questions are promptly addressed. For someone like me, who had no prior experience with compliance projects, Drata's user-friendly system and excellent support have made the process straightforward and stress-free.
Best Product Development I Have Experienced
What do you like best about the product?
The company is focused on solving problems that have persisted in the GRC space and reimagining what a GRC can and should be capable of in today's fast moving environment. It started as a compliance automation platform and has added features at a pace I have not experienced in my career to become a complete GRC platform that can perform with the best on features while being much more streamlined and easy to use. Not suprisingly, their feedback mechanisms and prioritization is amazing and the amount of engagement watching something you requested become a live feature in a matter of months with additional questions and QA along the way to ensure its meeting the use case.
Best Aspects of Drata:
1. Product development quality and speed
2. Ease of mapping frameworks to policies to controls to risks for end to end management
3. Balance of configuration versus customization, Drata is still easy to setup and manage while allowing you to meet your current process in the middle
4. Focus on automation whether its automated control tests or smart use of AI for repetitive tasks
Best Aspects of Drata:
1. Product development quality and speed
2. Ease of mapping frameworks to policies to controls to risks for end to end management
3. Balance of configuration versus customization, Drata is still easy to setup and manage while allowing you to meet your current process in the middle
4. Focus on automation whether its automated control tests or smart use of AI for repetitive tasks
What do you dislike about the product?
Drata is a very new company and does still have some gaps in capabilities. However, I am confident based at their speed of development they won't be gaps for long.
What problems is the product solving and how is that benefiting you?
1. Migrating our framework and GRC processes into a single tool.
2. Implementing the principle of "assess once, report many".
3. Ensuring that our framework is grounded by what is happening in security operations and engineering through integrations and process/framework alignment.
2. Implementing the principle of "assess once, report many".
3. Ensuring that our framework is grounded by what is happening in security operations and engineering through integrations and process/framework alignment.
showing 351 - 360