Reviews from AWS Marketplace
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
External reviews are not included in the AWS star rating for the product.
Excellent experience
What do you like best about the product?
The platform helps to simplify the compliance process for various industry standards. Their cloud automation integrations help to reduce the amount of time and manual labor involved in the arduous process of continious compliance. It's all backed by an dedicated team of caring professionals.
What do you dislike about the product?
Customized risk register could use some work.
What problems is the product solving and how is that benefiting you?
Drata is helping us maintain our SOC 2 Type 2 certification via their cloud compliance platform and easy of controls management. Their automations help reduce the onus involved in the historic manual efforts.
- Leave a Comment |
- Mark review as helpful
An effective tool to assist with SOC2 compliance
What do you like best about the product?
Drata makes it easy to establish the necessary technology controls for a particular framework, like SOC2. Drata maintains a library of these controls, with the appropriate descriptions and common ways these controls are implemented technically (e.g. MFA implemented on admin accounts or CPU/memory usage is monitored).
It also provides a library of auditor-approved policies, maps these to the appropriate controls and connects with your key business systems to monitor the implementation of the controls. It would have taken a lot of manual effort to do this without a platform like Drata.
Drata has also begun implementing task management, to streamline activities when a control fails, new evidence is required or a policy needs to be reviewed. It provides a number of integrations with task management systems like Trello.
Drata also makes it easy to maintain a Vendor / Supplier register.
I recommend it to anyone looking to meet the requirements of a framework like SOC2 or ISO27001.
It also provides a library of auditor-approved policies, maps these to the appropriate controls and connects with your key business systems to monitor the implementation of the controls. It would have taken a lot of manual effort to do this without a platform like Drata.
Drata has also begun implementing task management, to streamline activities when a control fails, new evidence is required or a policy needs to be reviewed. It provides a number of integrations with task management systems like Trello.
Drata also makes it easy to maintain a Vendor / Supplier register.
I recommend it to anyone looking to meet the requirements of a framework like SOC2 or ISO27001.
What do you dislike about the product?
Drata doesn't connect with every system that you may have, albeit it is continually adding more integrations. In cases where it cannot monitor a particular control, you need to manually link evidence. This process can be a little time consuming. It would be nice to see a function that allows for configuration of a custom integration (e.g. a webhook that an application could call to post data to Drata, or pointing drata an application's APIs and then having a data/field mapping function in Drata to pick out data as evidence (and indicate compliant/non-compliant) for a particular control).
I would also like to see Drata implement an Incident Management tool, to centrally record incidents and map these against potential control failures or the need for new controls. Similarly, it would be nice to see a Risks Register module to record all risks associated with the organisation, and map these risks to mitigating technology controls.
I would also like to see Drata implement an Incident Management tool, to centrally record incidents and map these against potential control failures or the need for new controls. Similarly, it would be nice to see a Risks Register module to record all risks associated with the organisation, and map these risks to mitigating technology controls.
What problems is the product solving and how is that benefiting you?
Drata helps us maintain the appropriate technology and operational controls for us to be SOC2 compliant. We have successfully used Drata with our external auditor in two audits now, and we have received feedback from the auditor that it makes their job easier and there is less back-and-forth to get things in order.
Drata's control monitoring has been especially useful as it alerts us when a configuration change or something else has caused a technical control to fail. This ensures not only that we are fulfiling our SOC2 obligations throughout the entire period, but it also has a direct benefit of uplifting our security and mitigating potential security holes.
Drata has enabled a relatively small business (compared to major financial institutions) to achieve a high standard of compliance. This has enabled us to provide services to these large financial institutions, which demand a high degree of compliance.
Drata's control monitoring has been especially useful as it alerts us when a configuration change or something else has caused a technical control to fail. This ensures not only that we are fulfiling our SOC2 obligations throughout the entire period, but it also has a direct benefit of uplifting our security and mitigating potential security holes.
Drata has enabled a relatively small business (compared to major financial institutions) to achieve a high standard of compliance. This has enabled us to provide services to these large financial institutions, which demand a high degree of compliance.
Good organizational tool for managing IT audits
What do you like best about the product?
I like the built-in tools to help manage the various audit processes we must comply with. It has helped our various team members go to one tool to manage the disparate and various needs of our audit process.
The default integrations matched 90% of the platforms we use today. Enabling Drata to scan our various tools regularly to ensure compliance.
The default integrations matched 90% of the platforms we use today. Enabling Drata to scan our various tools regularly to ensure compliance.
What do you dislike about the product?
The interface can be confusing at times.
What problems is the product solving and how is that benefiting you?
Drata is responsible for our Compliance Management, this has aided us keep our systems secure and transcat with enterprise level customers.
Compliance automation done right
What do you like best about the product?
Comprehensive compliance automation platform. I particularly like the monitoring and automated testing.
What do you dislike about the product?
Support is sometimes slow, requiring me to follow up with them.
What problems is the product solving and how is that benefiting you?
Drata is solving the need to manage a diversity of controls across different areas, with monitoring and automation of things like AD accounts, version control, endpoints etc. Their Drata Agent is fantastic, saves us from either collecting screenshots or deploying more heavyweight monitoring tools
The most automated compliance platform we could find!
What do you like best about the product?
Many automated tests, reminders. Once we familiarized ourselves with the UI, it's really simple to use and it provides everything we need.
What do you dislike about the product?
It took me a while to get familiar with the UI. Also setting up connections was sometimes a bit tricky and we needed to contact Drata support to reset it and try again.
What problems is the product solving and how is that benefiting you?
Drata checks our identity provider, cloud accounts, ticketing system etc. and it all clicks together.
All in one compliance management
What do you like best about the product?
Drata simplifies your compliance journey. It has a predefined set of controls that you can map to automated compliance checks or manually upload evidence. It reminds you about upcoming tasks. For small companies just starting out, Drata provides and easy to use set of pre-written policies you can quickly customize for yourre organization. That was a huge time saver for us.
What do you dislike about the product?
I do not have any real complaints about Drata. Customer support is always quick to respond and has helped us find solutions to our issues.
What problems is the product solving and how is that benefiting you?
Drata checks our end user compliance daily as well as automating a host of other checks against our cloud setup. This reduces the amount of manual work in maintaining continous compliance. And if something does fall out of compliance, I get alerted.
Drata best tool to use for Infosec complaince
What do you like best about the product?
Exceptional Customer Support:In the rare instances where assistance is needed, the Drata team provides exceptional customer support. The support team is responsive, knowledgeable, and dedicated to resolving issues promptly.
Seamless Integration: Drata seamlessly integrates with existing tools and software, minimizing disruptions during the implementation phase. This allows for easy monitoring for complaince
Seamless Integration: Drata seamlessly integrates with existing tools and software, minimizing disruptions during the implementation phase. This allows for easy monitoring for complaince
What do you dislike about the product?
Drata can expand the scope of the tools they integrate with so that users can have a wide variety
Drata can implement recurring tasks option to allow easy tracking of tasks
Drata can implement recurring tasks option to allow easy tracking of tasks
What problems is the product solving and how is that benefiting you?
compliance
Great experience navigating a challenging process
What do you like best about the product?
Clear instructions on navigating complex compliance needs and stellar customer service to guide you through compliance processes.
What do you dislike about the product?
Automated tests sometimes flag non-existent issues.
What problems is the product solving and how is that benefiting you?
Provides clear instructions on navigating SOC2 and HIPAA compliance procedures. Provides tools to maintain compliance year after year.
Great tool for compliance automation and customer assurance for cloud based applications
What do you like best about the product?
Great support / implementation experience. Modern and effective user experience across the portal. Comprehensive coverage for most major compliance and assurance programs. It is an investment to get fully onboarded by mapping existing controls to monitors for your environment, but the investment pays off in time saved each year during audit periods, and the ability to show real time monitoring status on the Trust Portal, which I recommend. Very good list of integrations for us, including our primary cloud provider, training provider, endpoint protection and policy management.
What do you dislike about the product?
The inherent problem with any compliance automation platform is that it must be opinionated, meaning you must have controls that match assumptions. If you are implementing Drata on top of an exisiting security program, and your controls don't match the "default" implementation expected, then you can't take advantage of automation on those controls. Drata is exceptionally powerful if it's implemented at the same time as your security controls, but has done very well being retrofit on an existing one as well.
What problems is the product solving and how is that benefiting you?
Compliance automation to save time and effort during audit cycles, and securely provide artifacts to customers.
Extremely useful
What do you like best about the product?
Very easy to set up and interconnect with other systems.
The automations do half the job an analyst would do.
Great structure to catalogue the documentes, controls.
Great overview for management.
The automations do half the job an analyst would do.
Great structure to catalogue the documentes, controls.
Great overview for management.
What do you dislike about the product?
Lacks a proper reporting feature to get in depth information about user compliance.
What problems is the product solving and how is that benefiting you?
Automate tasks for SOC2 compliance.
showing 171 - 180