External reviews
1,085 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Pretty unintrusive agent
What do you like best about the product?
My computer performs the same with the Drata agent as it does without it. That's not something you get from many endpoint software. Granted Drata itself mostly checks for configuration things and doesn't, for example, do virus scanning on its own, but still.
And it's cross platform and supports all the different kinds of computers we have in our organizatino.
And it's cross platform and supports all the different kinds of computers we have in our organizatino.
What do you dislike about the product?
Haven't found anything deal-breaking so far. But the endpoint software isn't open source, which makes it harder to reason about how safe it is to install. Or to verify that it only does what it says it does. They have a GitHub "repo" that hosts the releases https://github.com/drata/agent-releases but not the source. That just seems kind of an oblique use of GitHub. Eh.
What problems is the product solving and how is that benefiting you?
We're using it to verify that certain computer configurations are in place, e.g. disk encryption is enabled. These vary from computer to computer because different people at our organization use different operating systems.
Easy to use, great security compliance platform with good support
What do you like best about the product?
You can always ask questions to your account manager and even online expert chat. They will get back to you quickly. The system is designed for self-service, and it does make the SOC2 compliance process a lot easier.
What do you dislike about the product?
Would love to see the platform has more compliance products it can support besides SOC2, ISO, and PCI.
What problems is the product solving and how is that benefiting you?
SOC2 compliance is long. complex, and time-consuming process. Drata, it makes the whole process a lot easier. There are policy templates you can easily adjust, and the control dashboard for easy monitoring of the process.
A good buying experience
What do you like best about the product?
They set very realistic expectations about how long it takes to implement & achieve SOC2 during the sales process.
What do you dislike about the product?
Their auditor view wasn't great when we bought. Since then they've improved it but it still added time to our audit.
What problems is the product solving and how is that benefiting you?
Wanted an automated solution for SOC2 monitoring. They definitely made it easier, there are still a lot of manual steps though and that's unavoidable despite the tools you use.
Excellent integrations
What do you like best about the product?
Integrations have been easy to implement and drastically reduce workload.
What do you dislike about the product?
Unmonitored controls still require a lot of cycles to provide evidence for - more in-app forms or walkthroughs for producing evidence would improve the experience.
What problems is the product solving and how is that benefiting you?
Time overhead for maintaining compliance is reduced, and we have a very clear picture of what we need to do to speed up future compliance assessments. Auto-generated reports to provide to potential partners have the potential to speed up sales cycles.
Streamlined process to achieve SOC2
What do you like best about the product?
Integrations with various cloud providers
What do you dislike about the product?
We can probably improve notifications/alerts a little bit more.
What problems is the product solving and how is that benefiting you?
We are trying to get a SOC2 compliant. Less hassle to provide the proof for each control.
Drata review
What do you like best about the product?
I like the UI, it's very clean, nice looking, and understandable. I really like how we can use it as a unification tool for compliance, keeping all of our policies in the same location that we sign off on them is very convenient. I'm looking forward to having audits go smoother.
What do you dislike about the product?
I don't love that the connection to background checks requires a lot of manual interaction. We do background checks with Checkr before hiring a candidate so its always completed before they are in the Drata system, this makes it so we have to individually status each person instead of it being detected automatically. I realize that this is probably completely a limitation of Checkr.
What problems is the product solving and how is that benefiting you?
Easy compliance auditing
Drata Review
What do you like best about the product?
Ease of use and implementation, very straight forward and user friendly.
What do you dislike about the product?
Appears to be the odd sync issue across some of the employees and compliance, but it seems to be intermittent and self-correcting over time.
What problems is the product solving and how is that benefiting you?
Preparing for your SOC 2 Type 2 certification.
Easy tool, valuable support
What do you like best about the product?
The team is always available to help with support and answering questions anytime
What do you dislike about the product?
Impossible to update personnel data uploading a csv
Some minor bugs with the system
Some minor bugs with the system
What problems is the product solving and how is that benefiting you?
Guide to get soc 2 compliance, automation
Amazing Support; Maturing Functionality
What do you like best about the product?
Our client success manager has really made our experience with Drata worth it. He is quick to reply with training and information, and when he doesn't have the answer, he finds it out. On a couple of items where Drata is unable to meet our needs, he hasn't ghosted us or left us in the dark--he has been honest and straightforward, which is an undervalued virtue when bearing bad news (more info on that in the next question).
What do you dislike about the product?
The AWS integration currently does not support access to our GovCloud region within the VPC. They are currently studying the regulations around this type of architecture, and I am assured that it will be supported in the future. They simply must do their due diligence--that's a good thing.
Additionally, their policy center is geared more for companies with less mature policy documentation. As we have a decade+ / 600+ pages of policy/proof, we didn't want to have to fit our "square peg" infosec policies into their "round hole" policy test interface, so I had to disable nearly half of the automatic tests. They inform me that they are working on a redesign to facilitate companies like ours with mature policy documents.
Additionally, their policy center is geared more for companies with less mature policy documentation. As we have a decade+ / 600+ pages of policy/proof, we didn't want to have to fit our "square peg" infosec policies into their "round hole" policy test interface, so I had to disable nearly half of the automatic tests. They inform me that they are working on a redesign to facilitate companies like ours with mature policy documents.
What problems is the product solving and how is that benefiting you?
So much is automated, and this is our first SOC 2 Type II audit, so I can't really say what life would be like with versus without Drata, but our CPA firm did provide a discount price on the audit when we told them we are using Drata as our readiness platform. The integrations are helpful, and either help us know where we can improve or affirm that our security controls are properly configured.
When a test fails, their documentation and instructions on how to get a test to pass is invaluable.
The Drata Agent (a lightweight app installed on each workstation) does some heavy lifting to ensure that each employee and their equipment are SOC 2-ready. Fantastic tool.
When a test fails, their documentation and instructions on how to get a test to pass is invaluable.
The Drata Agent (a lightweight app installed on each workstation) does some heavy lifting to ensure that each employee and their equipment are SOC 2-ready. Fantastic tool.
Recommendations to others considering the product:
Referring back to my two issues, Drata is not yet mature enough to easily handle:
1. Software system architecture within the AWS GovCloud region--Drata's API does not work with the API, and if you connect it to the VPC, tests will fail since all of your security controls will be configured in the GovCloud.
2. You will have to provide evidence of your policies manually if you choose not to use their policy template system. It is a lot of work.
1. Software system architecture within the AWS GovCloud region--Drata's API does not work with the API, and if you connect it to the VPC, tests will fail since all of your security controls will be configured in the GovCloud.
2. You will have to provide evidence of your policies manually if you choose not to use their policy template system. It is a lot of work.
Nice fit for startups and small companies
What do you like best about the product?
Policy Templates, solid monitoring and automation
What do you dislike about the product?
Custom control capabilities are light. HIPAA compliance mapping is not yet available.
What problems is the product solving and how is that benefiting you?
SOC 2 compliance
showing 291 - 300