External reviews
1,130 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Very good experience, controlling my compliance needs
What do you like best about the product?
Policy center
Personnel
Security training
DRATA agent for work stations compliance.
Personnel
Security training
DRATA agent for work stations compliance.
What do you dislike about the product?
The asset list isn't so organized.
.
.
.
.
.
.
.
.
.
.
What problems is the product solving and how is that benefiting you?
A way for managing & controlling your compliance needs.
A powerful automation tool that can facilitates compliance
What do you like best about the product?
The rationalized frameworks provide a simplified view and way of managing regulatory requirements that apply to the organization. This takes an immense burden off organizations!
What do you dislike about the product?
At this time, it is not possible to utilize the Drata policy template when creating new / recreating existing policies for Drata to hold.
What problems is the product solving and how is that benefiting you?
Drata is reducing the manual overhead associated with compliance tasks, thereby saving time and increasing accuracy.
Drata Go Live at Carrot
What do you like best about the product?
Framework coverage and test automation..
What do you dislike about the product?
currently haven't experienced any dislikes
What problems is the product solving and how is that benefiting you?
Our security team is harnessing the power of 10. Drata is enabling a migration from push pull report email confirm to "its in there"
Drata - App is Solid, Support is wonderful. SOC2 ASAP
What do you like best about the product?
Customer Service is great. Onboarding painless.
What do you dislike about the product?
Sometimes has strange error states that refresh as different points. Support is great supporting us but not always intuitive to self-help.
What problems is the product solving and how is that benefiting you?
SOC2 Compliance. Data Hygiene.
Solid compliance software, excellent compliance guidance
What do you like best about the product?
The best thing about Drata is their people. Our account manager has been fantastic, and the sales process was comfortable and much easier to deal with than Vanta's. The "compliance experts" in the Drata dashboard are also very easy to work with and fast at solving problems or answering questions. Drata also referred us to a competent and affordable SOC 2 auditor.
In addition, the Drata dashboard is very well laid out, and makes it clear what needs to be done to achieve your desired compliance certification. Drata also offers much more comprehensive support of compliance frameworks than other players in the space. We chose Drata over other automated SOC 2 monitoring solutions because they also offer FEDRAMP and HIPAA monitoring as well.
In addition, the Drata dashboard is very well laid out, and makes it clear what needs to be done to achieve your desired compliance certification. Drata also offers much more comprehensive support of compliance frameworks than other players in the space. We chose Drata over other automated SOC 2 monitoring solutions because they also offer FEDRAMP and HIPAA monitoring as well.
What do you dislike about the product?
Drata sells their automation quite heavily. While much of the solution is automated, the Drata console does not monitor as many of the SOC 2 controls as I had hoped, and we have ended up having to upload a significant amount of manually-collected evidence. As one example, Drata does not automatically monitor for the existence of a log collection system (like Datadog or New Relic) so we have to supply screenshots of the solution to prove we are using it. I am hopeful that, as Drata evolves, these other controls will be monitored better, but for now be aware that a lot of the process is still manual.
What problems is the product solving and how is that benefiting you?
For us, Drata is solving our SOC 2 certification headache. SOC 2 is a heavy lift, and we failed at our first attempt after going in blind. Drata is sort of like night vision for compliance.
A great compliance solution!
What do you like best about the product?
Easy channels to ask questions and receive quick responses, preconfigured frameworks that allow us to easily identify gaps in our processes.
What do you dislike about the product?
Duplicative evidence uploads for systems that we use that are not currently integrated with Drata. Having to upload evidence in Drata that is additional work for my team.
What problems is the product solving and how is that benefiting you?
Giving us a website that allows us to easily share our security documents. This allowed us to move off of another platform which saves my team time and money.
Simplified infosec GRC management that lives up to its promise.
What do you like best about the product?
Ease of connectivity; simplicity in getting things implemented; fantastic customer success team.
What do you dislike about the product?
Connections with external systems sometimes create false positives.
What problems is the product solving and how is that benefiting you?
Simplifying the implementation of ISMS makes it easy for a consultant to help their client. Saves me time and effort and also keeps the customer engaged.
Drata is a powerful tool that support us on achieve our objectives
What do you like best about the product?
Powerful tool in constant improvement, with great customer support.
What do you dislike about the product?
To make the most of Drata it takes a while and some technical restrictions don't allow it to be fully integrated (although Drata working on it).
What problems is the product solving and how is that benefiting you?
The live monitoring of our key controls allows us to proactively identify control issues.
Recommendations to others considering the product:
I'd recommend Drata to the community
Applying Drata to SaMD context
What do you like best about the product?
The onboarding process was smooth, the sales process was informative but not pushy.
Since signing up we have had excellent support from our CSM Ashley who has made herself available at all times if we need assistance.
The tool itself is easy to navigate and after only a week of use has already helped us get more than 50% of the way to being compliant with our first target framework, HIPAA.
There is a lot to work for customers (and only the customer could do it) in regards to policies and company processes but the Drata tool does help a lot by centralizing these documents and storing sign-off. Daily monitoring of control checks which can be automated is a wonderful timesaver, anything getting out of alignment will be alerted for remediation immediately.
Since signing up we have had excellent support from our CSM Ashley who has made herself available at all times if we need assistance.
The tool itself is easy to navigate and after only a week of use has already helped us get more than 50% of the way to being compliant with our first target framework, HIPAA.
There is a lot to work for customers (and only the customer could do it) in regards to policies and company processes but the Drata tool does help a lot by centralizing these documents and storing sign-off. Daily monitoring of control checks which can be automated is a wonderful timesaver, anything getting out of alignment will be alerted for remediation immediately.
What do you dislike about the product?
We've stumbled over a few minor things that don't quite fit our needs:
- Having the ability to have one of several leaders sign off on policies instead of just a single person
- Being able to store multiple security-related documents against a single vendor (e.g. SOC 2 documentation and HIPAA documentation)
- How to manage skills matrix
Our CSM has been responsive in taking these needs onboard an hopefully we'll see them in a future release!
- Having the ability to have one of several leaders sign off on policies instead of just a single person
- Being able to store multiple security-related documents against a single vendor (e.g. SOC 2 documentation and HIPAA documentation)
- How to manage skills matrix
Our CSM has been responsive in taking these needs onboard an hopefully we'll see them in a future release!
What problems is the product solving and how is that benefiting you?
We're primarily looking to assure our customers of our dedication to security posture. Combining the extensive policy suite along with automated monitoring gives us the ability to provide evidence of our commitment directly to customers without delay.
SOC 2 in a box
What do you like best about the product?
- Drata is open-minded, flexible, and agile to meet any of your feature requests or additional requirements. It was the only vendor on the market that was ready to support an immutable cloud-native AWS infrastructure as code at the time we evaluated the available options (end of 2021). Having multiple production releases per day and spinning a brand new version of the infrastructure for every feature branch, we would be overwhelmed with noise and false positives without this.
- They nailed SOC 2 framework and automated testing and evidence gathering significantly. It also looks quite good for ISO 27001.
- Their expert team is always ready to help you with your compliance-related concerns and bring some light to unclear controls and requirements.
- Drata recommends a list of auditors familiar with the tool and providing a significant discount for the audit.
- Drata supports a solid list of compliance frameworks.
- New Trust Center is a killer feature.
- They nailed SOC 2 framework and automated testing and evidence gathering significantly. It also looks quite good for ISO 27001.
- Their expert team is always ready to help you with your compliance-related concerns and bring some light to unclear controls and requirements.
- Drata recommends a list of auditors familiar with the tool and providing a significant discount for the audit.
- Drata supports a solid list of compliance frameworks.
- New Trust Center is a killer feature.
What do you dislike about the product?
- 25MB file size limit for any piece of evidence you are uploading into Drata. Anytime you need to upload something bigger you have to ask the Drata support team.
- The support of some frameworks (e.g., NIST CSF, NIST 800 53, GDPR) is pretty basic and has very little or no automation. For these secondary frameworks the cost doesn't seem justified for what they charge for SOC 2 or ISO 27001 - those that they fully support and automated.
- While Drata has a huge list of available integrations, they don't support Atlassian tools hosted on-prem/in your own cloud accounts - only Atlassian SaaS.
- It would be nice to be able to subscribe to an SNS topic with failing test notifications from Drata to stay up-to-date on the recent issues.
- While Trust Center is a great feature, I believe it should be provided for no additional cost as a part of any framework you have with your Drata subscription. It does not seem fair to charge for this additionally.
- The support of some frameworks (e.g., NIST CSF, NIST 800 53, GDPR) is pretty basic and has very little or no automation. For these secondary frameworks the cost doesn't seem justified for what they charge for SOC 2 or ISO 27001 - those that they fully support and automated.
- While Drata has a huge list of available integrations, they don't support Atlassian tools hosted on-prem/in your own cloud accounts - only Atlassian SaaS.
- It would be nice to be able to subscribe to an SNS topic with failing test notifications from Drata to stay up-to-date on the recent issues.
- While Trust Center is a great feature, I believe it should be provided for no additional cost as a part of any framework you have with your Drata subscription. It does not seem fair to charge for this additionally.
What problems is the product solving and how is that benefiting you?
Using modern solutions like Drata helped us significantly save the time (at least a few months of effort per year) and money (tens of thousand dollars) required to achieve SOC 2 compliance. Of course, Drata will not automatically make your product secure and reliable, but it will help you assess the gaps, eliminate them, and continuously monitor the required controls.
showing 281 - 290