External reviews
External reviews are not included in the AWS star rating for the product.
Great GRC for companies of any size
What do you like best about the product?
I love the most DRATAs approach to security controls, their monitoring and evidence mapping.
It is simple to use and saves lot of time during yearly audits. Thanks to multiple usecases - Policy Center, Vendor management, etc. - it covers most of the areas required by many security standards.
Integrations to multiple systems - HR, Communication, Vulnerability management and others - makes the DRATA super useful in gathering the data at one place and using them efficiently.
It is simple to use and saves lot of time during yearly audits. Thanks to multiple usecases - Policy Center, Vendor management, etc. - it covers most of the areas required by many security standards.
Integrations to multiple systems - HR, Communication, Vulnerability management and others - makes the DRATA super useful in gathering the data at one place and using them efficiently.
What do you dislike about the product?
I dislike the DRATA simplified approach to Risk assessmnt (don´t misread with Enterprise Risk Management). It is too generic and doesn´t help our organisation to evaluate the current risks.
We would love to see imprvements in this area so that it would be more useful.
We would love to see imprvements in this area so that it would be more useful.
What problems is the product solving and how is that benefiting you?
Drata solves:
- continuous security frameworks monitoring (controls, monitoring, evidence etc.)
- vendor management
- governance (policy management)
- internal audit (audit hub)
- sharing security posture (trust center)
- employee compliance and HR processes
- device controls / protectin (drata agent)
- integrations (Slack, AWS, GitHub, Jira)
Whole company can be more efficient while using DRATA since it keeps our security posture well maintained. It reminds us about missing security evidence, upcoming audits and tasks which keeps the information up to date.
I consider drata reasonably cheap for the ammount of service / efficiency it provides to our company.
- continuous security frameworks monitoring (controls, monitoring, evidence etc.)
- vendor management
- governance (policy management)
- internal audit (audit hub)
- sharing security posture (trust center)
- employee compliance and HR processes
- device controls / protectin (drata agent)
- integrations (Slack, AWS, GitHub, Jira)
Whole company can be more efficient while using DRATA since it keeps our security posture well maintained. It reminds us about missing security evidence, upcoming audits and tasks which keeps the information up to date.
I consider drata reasonably cheap for the ammount of service / efficiency it provides to our company.
- Leave a Comment |
- Mark review as helpful
Drata made our first audit possible
What do you like best about the product?
The guidance and built in workflow for on boarding gets you started very quickly. Quickstart is the Easy Button for our SOC2 journey, making our implementation efficient.
The automation makes keeping your controls in place much easier. The dashboard helped us understand how we were progressing on our journey. The staff were knowledgeable, friendly, and provided clear guidance on where to go next. Direct integration with our various service providers and the automation around that significantly reduced the time to get started.
The automation makes keeping your controls in place much easier. The dashboard helped us understand how we were progressing on our journey. The staff were knowledgeable, friendly, and provided clear guidance on where to go next. Direct integration with our various service providers and the automation around that significantly reduced the time to get started.
What do you dislike about the product?
Sometimes it was hard to understand how the automated controls worked and wy they were failing. We figured most out in the end, but the automated offboarding evidence was unclear why it was failing. mostly I think it is just. missing a refresh button to force another query against Jira.
What problems is the product solving and how is that benefiting you?
Drata enabled us to get started on our SOC2 type 1 audit and to prepare for our Type 2 audit later this year.
Fantastic experience working with Drata
What do you like best about the product?
The platform is extremely well designed and intuitive. The customer support is exceptionally fast.
What do you dislike about the product?
My experience has been overwhelmingly positive.
What problems is the product solving and how is that benefiting you?
We used Drata for our SOC 2 Type 2 audit
Thank you Drata & Elizabeth!
What do you like best about the product?
Drata has been an instrumental tool in keeping us organized and ensuring steady progress on our SOC2 journey. The platform's intuitive design and comprehensive features have simplified what could have been a complex process, allowing us to maintain focus and efficiency.
The highlight of our experience with Drata has been working with Elizabeth. Her expertise, guidance, and insightful navigation through the SOC2 landscape have been invaluable. We sincerely believe that without her contributions, moving forward would have been a much more challenging endeavor.
Moreover, the team's responsiveness deserves special mention. Whenever we needed assistance or had queries, they were always ready and eager to help, demonstrating a high level of customer service and commitment.
The highlight of our experience with Drata has been working with Elizabeth. Her expertise, guidance, and insightful navigation through the SOC2 landscape have been invaluable. We sincerely believe that without her contributions, moving forward would have been a much more challenging endeavor.
Moreover, the team's responsiveness deserves special mention. Whenever we needed assistance or had queries, they were always ready and eager to help, demonstrating a high level of customer service and commitment.
What do you dislike about the product?
some kind of batch feature i thought was missing
What problems is the product solving and how is that benefiting you?
Soc2 compliancy
Simplify compliance monitoring, review, audit and document management
What do you like best about the product?
It adds a more formal structure to otherwise very chaotic process. Here's a short description of some features which made our work many orders of magnitude easier. The on-boarding experience was straightforward and intuitive.
- Integration with other tools
Having to export a large stack of documents, format each one and finally find a place to store them pose a significant challenged and pain point. Drata makes it easy to setup, configure and use a wide range of tools.
- Infrastructure monitoring
We cannot emphasize the importance of this feature enough. Drata's ability to integrate with our infrastructure components such as cloud provides, user directory etc eliminates otherwise one of most labor intensive tasks in compliance audits as well as maintaining compliance.
- Document management
Instead of having documents everwhere, we are able to upload, track documents to a single shared space. It also provides a rich set of features with regards to special documents which require frequent update (e.g user access audits, security review reports etc)
We use Drata on almost daily basis. Whether it is onboarding a new employee, uploading quarterly security reviews or making sure our infrastructure components have not drifted away from a compliant state.
Excellence in customer support. Drata team provides efficient and effective supports in both compliance as well as technical domains. This helped our team to elimate any guess work and consult experts throughout our preparation work. Even individuals with less experience engage and perform compliance related duties with high confidence.
Finally, the audit experience was completely transformed thanks to Drata. We were able to on-board auditors with minimal effort. Provide them with all necessary permissions to resources and documents with nothing more than a few easy clicks.
- Integration with other tools
Having to export a large stack of documents, format each one and finally find a place to store them pose a significant challenged and pain point. Drata makes it easy to setup, configure and use a wide range of tools.
- Infrastructure monitoring
We cannot emphasize the importance of this feature enough. Drata's ability to integrate with our infrastructure components such as cloud provides, user directory etc eliminates otherwise one of most labor intensive tasks in compliance audits as well as maintaining compliance.
- Document management
Instead of having documents everwhere, we are able to upload, track documents to a single shared space. It also provides a rich set of features with regards to special documents which require frequent update (e.g user access audits, security review reports etc)
We use Drata on almost daily basis. Whether it is onboarding a new employee, uploading quarterly security reviews or making sure our infrastructure components have not drifted away from a compliant state.
Excellence in customer support. Drata team provides efficient and effective supports in both compliance as well as technical domains. This helped our team to elimate any guess work and consult experts throughout our preparation work. Even individuals with less experience engage and perform compliance related duties with high confidence.
Finally, the audit experience was completely transformed thanks to Drata. We were able to on-board auditors with minimal effort. Provide them with all necessary permissions to resources and documents with nothing more than a few easy clicks.
What do you dislike about the product?
- List of third-party integrations; though growing, it's still limited.
- Management of recurring tasks needs more improvement to enhance visibility
- Management of recurring tasks needs more improvement to enhance visibility
What problems is the product solving and how is that benefiting you?
Compliance monitoring and audit
Managing policies
Managing policies
Excellent experience
What do you like best about the product?
The platform helps to simplify the compliance process for various industry standards. Their cloud automation integrations help to reduce the amount of time and manual labor involved in the arduous process of continious compliance. It's all backed by an dedicated team of caring professionals.
What do you dislike about the product?
Customized risk register could use some work.
What problems is the product solving and how is that benefiting you?
Drata is helping us maintain our SOC 2 Type 2 certification via their cloud compliance platform and easy of controls management. Their automations help reduce the onus involved in the historic manual efforts.
An effective tool to assist with SOC2 compliance
What do you like best about the product?
Drata makes it easy to establish the necessary technology controls for a particular framework, like SOC2. Drata maintains a library of these controls, with the appropriate descriptions and common ways these controls are implemented technically (e.g. MFA implemented on admin accounts or CPU/memory usage is monitored).
It also provides a library of auditor-approved policies, maps these to the appropriate controls and connects with your key business systems to monitor the implementation of the controls. It would have taken a lot of manual effort to do this without a platform like Drata.
Drata has also begun implementing task management, to streamline activities when a control fails, new evidence is required or a policy needs to be reviewed. It provides a number of integrations with task management systems like Trello.
Drata also makes it easy to maintain a Vendor / Supplier register.
I recommend it to anyone looking to meet the requirements of a framework like SOC2 or ISO27001.
It also provides a library of auditor-approved policies, maps these to the appropriate controls and connects with your key business systems to monitor the implementation of the controls. It would have taken a lot of manual effort to do this without a platform like Drata.
Drata has also begun implementing task management, to streamline activities when a control fails, new evidence is required or a policy needs to be reviewed. It provides a number of integrations with task management systems like Trello.
Drata also makes it easy to maintain a Vendor / Supplier register.
I recommend it to anyone looking to meet the requirements of a framework like SOC2 or ISO27001.
What do you dislike about the product?
Drata doesn't connect with every system that you may have, albeit it is continually adding more integrations. In cases where it cannot monitor a particular control, you need to manually link evidence. This process can be a little time consuming. It would be nice to see a function that allows for configuration of a custom integration (e.g. a webhook that an application could call to post data to Drata, or pointing drata an application's APIs and then having a data/field mapping function in Drata to pick out data as evidence (and indicate compliant/non-compliant) for a particular control).
I would also like to see Drata implement an Incident Management tool, to centrally record incidents and map these against potential control failures or the need for new controls. Similarly, it would be nice to see a Risks Register module to record all risks associated with the organisation, and map these risks to mitigating technology controls.
I would also like to see Drata implement an Incident Management tool, to centrally record incidents and map these against potential control failures or the need for new controls. Similarly, it would be nice to see a Risks Register module to record all risks associated with the organisation, and map these risks to mitigating technology controls.
What problems is the product solving and how is that benefiting you?
Drata helps us maintain the appropriate technology and operational controls for us to be SOC2 compliant. We have successfully used Drata with our external auditor in two audits now, and we have received feedback from the auditor that it makes their job easier and there is less back-and-forth to get things in order.
Drata's control monitoring has been especially useful as it alerts us when a configuration change or something else has caused a technical control to fail. This ensures not only that we are fulfiling our SOC2 obligations throughout the entire period, but it also has a direct benefit of uplifting our security and mitigating potential security holes.
Drata has enabled a relatively small business (compared to major financial institutions) to achieve a high standard of compliance. This has enabled us to provide services to these large financial institutions, which demand a high degree of compliance.
Drata's control monitoring has been especially useful as it alerts us when a configuration change or something else has caused a technical control to fail. This ensures not only that we are fulfiling our SOC2 obligations throughout the entire period, but it also has a direct benefit of uplifting our security and mitigating potential security holes.
Drata has enabled a relatively small business (compared to major financial institutions) to achieve a high standard of compliance. This has enabled us to provide services to these large financial institutions, which demand a high degree of compliance.
Good organizational tool for managing IT audits
What do you like best about the product?
I like the built-in tools to help manage the various audit processes we must comply with. It has helped our various team members go to one tool to manage the disparate and various needs of our audit process.
The default integrations matched 90% of the platforms we use today. Enabling Drata to scan our various tools regularly to ensure compliance.
The default integrations matched 90% of the platforms we use today. Enabling Drata to scan our various tools regularly to ensure compliance.
What do you dislike about the product?
The interface can be confusing at times.
What problems is the product solving and how is that benefiting you?
Drata is responsible for our Compliance Management, this has aided us keep our systems secure and transcat with enterprise level customers.
Compliance automation done right
What do you like best about the product?
Comprehensive compliance automation platform. I particularly like the monitoring and automated testing.
What do you dislike about the product?
Support is sometimes slow, requiring me to follow up with them.
What problems is the product solving and how is that benefiting you?
Drata is solving the need to manage a diversity of controls across different areas, with monitoring and automation of things like AD accounts, version control, endpoints etc. Their Drata Agent is fantastic, saves us from either collecting screenshots or deploying more heavyweight monitoring tools
The most automated compliance platform we could find!
What do you like best about the product?
Many automated tests, reminders. Once we familiarized ourselves with the UI, it's really simple to use and it provides everything we need.
What do you dislike about the product?
It took me a while to get familiar with the UI. Also setting up connections was sometimes a bit tricky and we needed to contact Drata support to reset it and try again.
What problems is the product solving and how is that benefiting you?
Drata checks our identity provider, cloud accounts, ticketing system etc. and it all clicks together.
showing 101 - 110