Drata Security & Compliance Automation Platform (D)

What do you like best about the product?

I love that Drata makes the compliance process so much easier for our ISO27001, SOC2, and HIPAA certifications by doing all the heavy lifting for us. I also appreciate the ease of use; it was so easy to get started, and the UI just makes sense. The way it breaks things down into sections like compliance and risk is really helpful. Setting up Drata was incredibly easy, I was set up in a day.

What do you dislike about the product?

Buying a new framework is incredibly expensive! One additional framework I've been quoted 1/3 of my subscription price!

What problems is the product solving and how is that benefiting you?

Drata simplifies compliance governance for ISO27001, SOC2, and HIPAA. It eases the process by automating heavy lifting and eliminating manual spreadsheet management.

What do you like best about the product?

The tickets include detailed and clear instructions, which makes most of them quick to fix, re-test, and resolve. It feels like steady progress rather than one large chunk of work and pressure.

I also really like the historical results bar chart, as it provides clarity on when an issue was reintroduced.

The web platform and the AWS account integration are consistently accessible, fast, and technical-user friendly.

What do you dislike about the product?

Well, I dislike 2 things:
1. There are no filters on AWS account id or Git project, which would be really nice to have and apply. We have multiple connections to 1 Drata account, so figuring out what account affected via findings is time consuming. Or maybe custom filters sit somewhere, but I haven't found them yet.
2. There was one case of Drata tightening rules on Infra ticket, that caused a lot of confusion. On Jan 28th 2026 NACL rules with ALLOW TCP 0–65535 from 0.0.0.0/0 and ALLOW UDP 0–65535 from 0.0.0.0/0 satisfied Drata test case 227, but on Jan 29th the test 227 started failing. I couldn't find any details on the test rules change, at least it was my understanding that something had been changed in the test settings. Maybe adding "last updated at" + short info would have given some clarity.

What problems is the product solving and how is that benefiting you?

The biggest benefit is from Infra/Compliance monitoring. I'm a software/cloud engineer who is looking at failed tickets and resolving them.

What do you like best about the product?

It's complete: when well configured, it covers efficiently all the controls necessary to reach SOC-2 compliance (and presumably other standards, that I haven't checked yet). It even goes further with list of vendors, risk assessments, and a partnership with SafeBase to host your Trust Center. Great!
The product was pretty responsive and easy to navigate, administrate and use (I haven't worked much with the new UI/UX, tho), and integration with our tech stack (IDP, code-base, etc.) is simple.
Their AI-chatbot is most of the time helpful for basic support, although the corresponding doc is not always up-to-date (so the chatbot may be out-of-date too; but there's always a human to take over).

What do you dislike about the product?

Integration with Linear was supported, but the main point is to submit Linear ticket as evidence… which is not possible (and frustrating).
The "Tasks" module of Drata could be a powerful tool to manage/plan/track/remind all the tasks to do, recurring or punctual, but it is not as complete and smooth as a good old Google or Outlook Calendar (to invite several people, to link to a document, etc.), so we have quickly stopped using it.
Also, like all other GRC tools, it's always hard to justify the price to our management when everything goes well and no threat was directly addressed via Drata.

What problems is the product solving and how is that benefiting you?

We wanted a tool that our auditors could access to answer most of their questions for a SOC-2 audit. Apart from the on-boarding and some permissions issues, Drata did all the work I would have had to do to satisfay the auditors.

What do you like best about the product?

The platform is relatively easy to use and has everything included within it

What do you dislike about the product?

Sometimes it is unclear how the process works fully, especially with the involvement of 3rd party companies

What problems is the product solving and how is that benefiting you?

SOC 2 Type 2 Certification, it would help us in our sales endeavors

What do you like best about the product?

I like Drata's interface and the ease of usage. It's great that it updates automatically when something needs fixing, so I don't have to worry about manual interventions. Compared to other tools, it gives me a sense of knowing exactly what to expect and how things will work. Also, the integrations are pretty good, even though there's room for more apps to be added. Great policy templats.

What do you dislike about the product?

Lack of integrations and maybe a little bit of lack of comprehensive rules regarding for example systems that should not be included / scanned. It doesnt use most secure way of connecting applications via OIDC / workload identity systems. There was a lack of ability to import evidence from other vendors, so we had to do a lot of stuff manually.

What problems is the product solving and how is that benefiting you?

I use Drata to set up ISO 27001 and SOC 2. The interface is easy to use and updates automatically when something needs fixing, so I always know what to expect.

What do you like best about the product?

I like the simplicity of SafeBase. I also appreciate the design and the support by David. The initial setup was very smooth. Everything works well.

What do you dislike about the product?

I like everything

What problems is the product solving and how is that benefiting you?

It helps make us legit in front of customers.

What do you like best about the product?

I love the ease of use of Drata. The centralization is what helps us the most, it saves a lot of time with our small team. It prevents us from having confusion about what is up-to-date or not. I also appreciate the sharing with our auditors for certifications.

What do you dislike about the product?

For now, nothing. Except maybe the price, which is high for a startup.

What problems is the product solving and how is that benefiting you?

Drata helps us manage our compliance with a small team, especially for SOC 2 and soon GDPR. The centralization, notifications, and task tracking help us stay compliant. Saves a lot of time by avoiding confusion over up-to-date documents.

What do you like best about the product?

The connection to the auditors. I would not have connected with Sensible if it weren't for them, and our auditing team is incredibly helpful and informative.

The My Personnel section makes it easy to monitor the progress of my teams MyDrata section. I can send them a nudge in the page to remind them to complete their tasks.

It is overall, well-organized, intuitive UX/UI.

I like the integrations feature, this has made completing many of our controls much more simple.

What do you dislike about the product?

I was extremely confused around the mandatory controls for the SOC2, and this was not explained to me clearly when we were onboarded. There was 208 controls, and once speaking with the auditor, it became clear that we would only need to complete 25% of that.

Also receiving explanation on the risk management and vendor management page. I was very confused with what to do with these, and how they related to the final audit.

What problems is the product solving and how is that benefiting you?

We are not SOC2 compliant, and Drata is helping us obtain that certification through frameworks and structure. it is benefiting me because the learning curve of figuring out how to be soc2 compliant and the necessary structures to build would take much time, and I imagine would be incredibly confusing.

What do you like best about the product?

The interface is clean, intuitive, and visually appealing. The platform communicates issues effectively, maintains a professional design, and provides a smooth, user-friendly experience overall today.

What do you dislike about the product?

Drata experienced performance issues today, with repeated “Too many concurrent requests” errors disrupting access and workflow.

What problems is the product solving and how is that benefiting you?

Drata helps automate compliance and security management by centralizing evidence collection, monitoring security controls, and simplifying audit preparation. This reduces manual effort, saves time during compliance reviews, improves visibility into security posture, and helps maintain certifications such as SOC 2 and ISO 27001 more efficiently. However, today's performance issues limited these benefits by causing delays and reducing productivity.

What do you like best about the product?

There are a lot of native integrations available for you to connect to ensure compliance for workstations, identity, and policy acknolwedgements

Very easy to connect Entra ID to pull in all your users and from there you can connect your MDM (Intune or JAMF/Kandji), RMM tools, and security training (KnowBe4) platforms to match up with the respective end user.

Its really easy to manage users and their associated devices and check for device and policy compliance.

What do you dislike about the product?

Particularly for MDM platforms such as Intune or JAMF, a workstation might have all the appropiate policies in place for compliance but Drata sometimes doesn't pull in that data correctly for some users/devices. In Intune, a device could show that all compliance policies have been sucessfully deployed however Drata might still list it as "non compliant"

What problems is the product solving and how is that benefiting you?

It's a single platform for managing our end user and device compliance for audits and ceritifications.