External reviews
1,147 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Accelerator for our re-certification of ISO 27001:2022
What do you like best about the product?
- Built-in frameworks, controls and monitors
- Excellent risk management
- Great support
- Excellent risk management
- Great support
What do you dislike about the product?
- Connectors should be more configurable
What problems is the product solving and how is that benefiting you?
Continuous Compliance in a modern and automated way
Excellent support
What do you like best about the product?
We are still in our starting journey with Drata, so don't have much in terms of the platform however the support are alway there to help and sort issues in a timely manner
What do you dislike about the product?
so far the controls and connections are not obvious what they do or what they are for
What problems is the product solving and how is that benefiting you?
Automating evidance gathering hopefully saving users time
Drata is the way to go!
What do you like best about the product?
The Drata platform is very user friendly and provides great support and help articles for users to navigate and understand the compliance requirements. The Drata team is also extremely helpful, responsive, and approachable any time they are needed.
What do you dislike about the product?
I would like to see a feature that requires manual user updates (i.e. marking items ready for audit) as opposed to automatically checking off as green since this could lead to confusion.
What problems is the product solving and how is that benefiting you?
Drata improves the efficiency (time and effort) in maintaining security compliance. The frequent reminders of overdue, quarterly/annual tasks, and overall status dashboard provide great value to users who do not have the time or headcount to manually keep track of these. On the auditor side, it helps with being able to quickly identify which big ticket items are missing and provide some guidance to the user on how to best address those items.
Had an issue accessing a framework
What do you like best about the product?
Drata's customer service chat services (featuring Rachel) was able to solve my issue immediately.
What do you dislike about the product?
The Help & Feedback pops up behind the chatbox window, making it hard to interact with during chat.
What problems is the product solving and how is that benefiting you?
Drata listed out clearly all the necessary objectives needed to satisfy compliance certifications.
Help is always there!
What do you like best about the product?
I love that I have access to already built automation, controls and policies that I can tweek for my business!
What do you dislike about the product?
I wish someone could do it for me instead, like a managed service.
What problems is the product solving and how is that benefiting you?
Our customers require SOC 2 reporting on our system. Although we are secure, and adhere to security standards, having the SOC 2 stamp is the only requirement.
Best Compliance tool out there
What do you like best about the product?
It is very easy to use, Implementation was a breeze, and also has top-notch customer support. We use the product on a daily basis and since it was easy to integrate with our other platforms, compliance is easier to perform.
What do you dislike about the product?
Some granularity in controls still needs an uplift, one such place is ticketing management, It currently only supports Jira which creates some difficulties when performing tasks.
What problems is the product solving and how is that benefiting you?
Keeping up with compliance frameworks, monitoring controls and systems, maintaining policies and procedures, managing vendors
Simplifies Auditing with Minimal Effort
What do you like best about the product?
I like the graphical interface of Drata. It's fairly easy to use, and after using it for a while, it becomes very easy. You can quickly look at various areas, from monitoring to pass and fail metrics, and risk assessment and assets. It's just easy to move around and understand where you're at and what you're doing. It breaks everything down simply in front of me, so I can see what's been done and what needs to be done without getting overwhelmed. The initial setup was fairly easy, with the majority of everything going smoothly, and I needed minimal assistance to get set up and running. I'm very happy and impressed with the product overall.
What do you dislike about the product?
Sometimes scrolling is a bit of an issue for me if I have a smaller monitor. There can be up to three slide bars on the right-hand side, and I have to move the page to go through a longer list.
What problems is the product solving and how is that benefiting you?
Drata helps our small company with SOC 2 Type 2 attestation, clarifying steps for auditing and certifications, and tracking progress efficiently.
Amazing customer support by Pablo.
What do you like best about the product?
Best Connectivity capabiltiies they have on their tool.
What do you dislike about the product?
It would be great if you could provide mor information from an audit perspective.
What problems is the product solving and how is that benefiting you?
Security Compliance
Great compliance automation tool, great UX, easy to navigate.
What do you like best about the product?
Drata has been great to map from the ISO 27001 framework requirements to actual controls. Whilst it doesn't replace compliance activities, it has sped up our alignment of our existing process to the ISO 27001 framework controls. The in-built policies have been great to use a base for review and sometimes wholly draft new policies. The risk assessment area is also very good for keeping and scoring risks.
Finally the automation of controls is very good and suited to our environment (circa 150 employees + AWS infratructure). The tool makes it easy to disable tests (where not appropriate) or exclude particular items from the test (and justify this). The raw evidence is often very helpful for troubleshootin why our infrastructure may fail a particular test.
Their customer success folk are absolutely excellent and work with you the whole way, and the interface is very intuitive and so it's as 'self-service' as you can imagine. The onboarding of the various integrations/connections was seamless with little need for help.
During the "getting compliant", Drata has been used pretty mcuh every day by the security team in order to keep track of progress.
Finally the automation of controls is very good and suited to our environment (circa 150 employees + AWS infratructure). The tool makes it easy to disable tests (where not appropriate) or exclude particular items from the test (and justify this). The raw evidence is often very helpful for troubleshootin why our infrastructure may fail a particular test.
Their customer success folk are absolutely excellent and work with you the whole way, and the interface is very intuitive and so it's as 'self-service' as you can imagine. The onboarding of the various integrations/connections was seamless with little need for help.
During the "getting compliant", Drata has been used pretty mcuh every day by the security team in order to keep track of progress.
What do you dislike about the product?
Dislike is a strong word. Given the relative youngness of the company, there are a few rough edges spread around none of which stop getting the value from the tool. It sometimes feel like the tool is geared more towards "keeping compliant" than "getting compliant" - which of course will be the vast majority of the platform's use.
Occasionally, the platform is a little limited (integrating with Enterprise Intune policies needs to be done in a very particular way) - though this we managed to overcome with the help our Customer Success manager. In other areas, we disagreed with some of the automated monitoring tests and their implementation (for example around production access to Gitlab). but that was overcome by using their API to upload evidence automatically from a small CI/CD job and disabling that single test. On the whole, we use almost every test provided by Drata out of the box.
Occasionally, the platform is a little limited (integrating with Enterprise Intune policies needs to be done in a very particular way) - though this we managed to overcome with the help our Customer Success manager. In other areas, we disagreed with some of the automated monitoring tests and their implementation (for example around production access to Gitlab). but that was overcome by using their API to upload evidence automatically from a small CI/CD job and disabling that single test. On the whole, we use almost every test provided by Drata out of the box.
What problems is the product solving and how is that benefiting you?
It's helping ensuring that as we rework our policies, ways of working, etc, that we are algining to ISO 27001 and helping us formalise and identify activities we were already doing. Ultimately, it will help us with the ongoing compliance by prompting for regular activities to be performed, highlighting where we've departed from standards/policies immediately within 24 hours, etc.
Great tool with a great team behind
What do you like best about the product?
Very easy-to-use tool with a lot of functionality provided out of the box. On top of this, the team is super supportive and responsive.
What do you dislike about the product?
When following a particular framework, ISO 27001:2022 in our case, it makes it difficult to get a clear overview of controls required within the framework, statement of applicability. So we had to develop a different overview we used for audit purposes to show the controls, whether they are applicable to us or now and how they are implemented (where we linked all relevant Drata controls). So was a bit of a work around.
What problems is the product solving and how is that benefiting you?
Automated monitoring, risk management, controls management, evidence library.
showing 121 - 130