A comprehensive solution to reduce vulnerabilities and address loopholes in the infrastructure
What is our primary use case?
I was working on a project that required using ROC tools and SOC 2 compliance. To address this, we integrated with the Drata tool to reduce vulnerabilities in the infrastructure and address other loopholes. Additionally, Drata seamlessly integrated with our cloud services, including SysTrack S3 and other key creation and GuardDuty services.
Drata can identify loopholes and provide solutions for improved security. Drata secures the organisation's infrastructure, achieve SOC 2 compliance, and address HIPAA requirements. It can identify and close security loopholes proactively.
What is most valuable?
Drata is a comprehensive and informative tool that provides in-depth guidance on how to protect your infrastructure. However, it is also quite expensive and requires restarting if any loopholes are available.
What needs improvement?
The solution has a latency of three to five minutes. Also, the solution is quite costly.
For how long have I used the solution?
I have been using Drata as a customer for eight to nine months.
What do I think about the stability of the solution?
The product is stable.
I rate the solution’s stability a nine-point five out of ten.
What do I think about the scalability of the solution?
We were six guys using this product.
I rate the solution’s scalability a nine-point five out of ten.
Which solution did I use previously and why did I switch?
We used Drata only because it is popular. Also, the organization supports the use of Drata for SOC 2 compliance.
How was the initial setup?
The initial setup is straightforward and user-friendly, making it accessible to anyone. If a guy starts the journey in security, this tool will help. He can quickly pick up the entire information if he has extensive knowledge about cloud services. He needs to follow the steps to use the whole infrastructure.
What other advice do I have?
It would be helpful if the solution could provide screenshots to illustrate the steps outlined. Additionally, provide a day-by-day breakdown of the tasks, addressing potential loopholes that users may encounter. For instance, if we need to address three buckets, we could tackle each bucket one day at a time. This approach would make the process less overwhelming and more manageable. Drata provides steps on how to handle low falls. To do this, you need to turn certain options on or off. You can also edit or track these points. Additionally, you can include screenshots and highlight specific areas of interest.
Overall, I rate the solution a nine-point five out of ten.
Great Tool and Support!
What do you like best about the product?
Drata helped us to stay organized and aware of deliverables for continuous compliance.
- The platform is easy to use
- Interface is friendly
- Compliance Monitoring
- Ease of Implematation
- Customer Support
What do you dislike about the product?
There isn't much to complain about.
Even though there were a minor issues with integrations, the team was still able to provide soultions to help with automated contols.
What problems is the product solving and how is that benefiting you?
SOC 2 compliance
Great at reducing work across multiple audit frameworks.
What do you like best about the product?
I like the automated monitoring to be confident that we're compliant year-round. It's also really good at providing templates for commonly needed policies, risk reviews, and more. When you start with one framework like SOC 2 and add a second in the future like ISO 27001, you won't need to gather all-new evidence; each control is mapped to all applicable standards.
What do you dislike about the product?
It's difficult to exclude some out-of-scope resources in an environment that's always changing, as exceptions are done on an individual resource basis. For example, if your AWS account has applications in scope for GDPR plus many others, they'll all get pulled into Drata and it's not easy to stay on top of the exceptions.
What problems is the product solving and how is that benefiting you?
It helps us get ready for security compliance audits. Saves hours of prep and saves time on calls with auditors by giving them a portal where they can see live status. However, it doesn't cover nearly all of what a thorough auditor will ask for, so it's not a magic bullet.
Drata has been great for our start-up.
What do you like best about the product?
The project team assigned to our account, as well as the Drata platform itself, have both been top notch. Great experience.
What do you dislike about the product?
Not much to report here! We haven't come across any negatives yet.
What problems is the product solving and how is that benefiting you?
In our SaaS product, start-up environment, Drata is helping us remain aligned on our "security first" approach to our product and security posture. The platform is also helping us remain on track towards our SOC2 certification goals.
Great platform and outstanding customer success team!
What do you like best about the product?
The navigation and user interface are well organized and easy to use. The Customer Success Team is outstanding! Jessica has been a fantastic resource to us.
What do you dislike about the product?
Sometimes the integrations don't enable accurate updates.
What problems is the product solving and how is that benefiting you?
Drata allows us to project manage our SOC-2 and GDPR requirements and evaluations.
Good customer experience despite a rocky start
What do you like best about the product?
Knowledgeable customer success managers to help guiding our team through SOC2. Comprehensive software product, easy to integrate with our infrastructure.
What do you dislike about the product?
Some lost momentum in our SOC2 implementation, especially when it came to writing our policies. The template experience is overwhelming, and the Drata team took too long to identify that we needed help and an external partnership to succeed at writing our policies.
What problems is the product solving and how is that benefiting you?
Guiding our team through SOC2 compliance, starting with 0 knowledge.
A simple method for monitoring assets, staying compliant with various frameworks and controls.
What do you like best about the product?
The "Help Center", ease of use for the portal, tracking employee compliance and my customer success manager.
What do you dislike about the product?
I wish I was able to search policies for key words.
What problems is the product solving and how is that benefiting you?
Tracking everything in one dashboard and focusing on tasks that need to be completed.
Like a second-mind..
What do you like best about the product?
Drata is fantastic at allowing me to stay organized and aware of my deliverables for continuous compliance. I'm able to track and assign tasks to relevant parties, organize my thoughts on our control structures & get introspection on how the auditing criteria refer back to us. It's like having a second-helper who keeps track of everything & allows me to focus on policy creation & control creation/evaluation.
What do you dislike about the product?
Drata is fantastic if you have lots of industry-grade integrations but if you don't, your return on value might be lower. I still great utility out of it, but for the price point it wouldn't necessarily still be worth it. There are still small gotcha's in Drata, for instance the policy changelogs require manual updating- why are my changes to the policy not filling out the changelog itself? The Statement of Applicability in the ISO27001 frameworks are a large table, but most of that information should be part of the continuous compliance so why am I having to create so much? There are also lots of little things, like the Statement of Applicability, where I pulled things out of policy/out of Drata, and ended up creating a spreadsheet for them all over again because it's just going to be easier to maintain over time. Yes my Statement of Applicability will be uploaded to Drata as evidence, but I'd rather have something like this more built-in to the program rather then feeling that the best option is to create a spreadsheet & do it myself.
What problems is the product solving and how is that benefiting you?
Drata helps us with observability into our control infrastructure. I can see our management responsibilities, our technical controls, & plan for the future. In a very disorganized company, this is extremely effective for assisitng with holding people accountable to completing their responsibilities. Their support is fantastic & Hailee at Drata has been absolutely amazing. The Drata help articles are detailed & excellent when you are searching for something with only a few search terms. It is sometimes hard to find things if you don't know where they are- for instance, the templates used in vendor upload, business continuity/disaster recovery, etc & without Hailee's help, we would have never known about them. But our Customer Success Manager Hailee, was excellent at providing these documents. It would be nice if the Help Section had a dedicated Resources section for items like this.
Powerful platform, great docs and human support
What do you like best about the product?
After 10 years in a previous role in a highly regulated domain, I wish I had a tool like Drata. It made document management far simpler, had ties into my compliance goals with excellent documentation as well. The human support is also fantastic, either via the online support chat or conversations with our customer success manager. This allows us to be more transparent in security posture to our customers, while also having automated checks to ensure compliance. The product is easy to use, and pretty feature complete.
What do you dislike about the product?
There isn't much to complain about! I do wish that the policy editor would allow for embedded diagrams/images, rather than having to refer to them elsewhere. Allowing for collaborative editing as well would be a nice to have, but definitely not a necessity.
What problems is the product solving and how is that benefiting you?
The templates with links into InfoSec framework requirements has made compliance far easier than doing it on our own. Also giving us a means for our clients to see our security posture and automated checks under NDA allows our clients to use our services with confidence.
SOC 1/2 Type 2
What do you like best about the product?
Compliance experts available through chat was invaluable. They took the time to understand the specific set of circumstances and varaibles to my question and did not provide templated answers.
What do you dislike about the product?
A little click heavy for certain workflows but they are working to stream line them.
What problems is the product solving and how is that benefiting you?
Reduction of timeline and internal effort to become SOC 1/2 compliant.
