Reviews from AWS Marketplace
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
External reviews are not included in the AWS star rating for the product.
Integration with IT systems for automated checks
What do you like best about the product?
Drata made it pretty easy to integrate with our major systems for IdP (Google) and MDM (Hexnode), even without installing any extra agent. We would then be notified if anything went out of compliance automatically. We could also exclude service accounts for any negative notification. Pretty neat!
What do you dislike about the product?
The Policy Center is a bit confusing to use, especially the options to "see current version" or edit the policy. Other than that, pretty clean platform!
What problems is the product solving and how is that benefiting you?
We used Drata heavily for our SOC 2 Type 2 auditing, it was a vital piece of the whole process and we successfully passed it!
- Leave a Comment |
- Mark review as helpful
Has helped our team stay compliant
What do you like best about the product?
Drata helps us maintain all our security compliance activities in one place. The application for the most part is easy to use. And has a short learning curve.
We also like their support team. They have been helpful when we needed help.
Additionally, Drata continues to add new features to the platform. We are able to manage more of our compliance activities in Drata rather than outside Drata.
We also like their support team. They have been helpful when we needed help.
Additionally, Drata continues to add new features to the platform. We are able to manage more of our compliance activities in Drata rather than outside Drata.
What do you dislike about the product?
There is nothing to dislike. There were some obvious feature gaps when we started using it but they have filling those gaps at a rapid pace.
What problems is the product solving and how is that benefiting you?
Helps us achieve SOC 2 compliance and stay compliant.
a friendly UI to work on compliance, with acceptable automation
What do you like best about the product?
I think its interface is friendly, easy to understand and intuitive.
What do you dislike about the product?
Feature requests are not always taken into account (although I know they are compared against other clients) and the result of the review of an FR is not communicated in the best way, so that we can know the status.
However, some CSs have improved this process, but in the end, everything remains in a backlog.
However, some CSs have improved this process, but in the end, everything remains in a backlog.
What problems is the product solving and how is that benefiting you?
Maintain an optimal Security posture, which allows for streamlining business processes with new clients.
However, I must say that more work is required to minimize the efforts required in manual interventions as much as possible.
An example of this is that when I seek support to fix an issue, I am given a CSV template, which requires manually popularizing it. This doesn't make sense when you talk about automation.
However, I must say that more work is required to minimize the efforts required in manual interventions as much as possible.
An example of this is that when I seek support to fix an issue, I am given a CSV template, which requires manually popularizing it. This doesn't make sense when you talk about automation.
Intuitive Platform
What do you like best about the product?
Drata makes management of compliance as easy as possible. The hard part, once you go down this path is up keep.
What do you dislike about the product?
The amount of work required to get to compliance, in this case SOC2.
What problems is the product solving and how is that benefiting you?
SOC2 compliance helps us win more business.
Fantastic Compliance and Security Platform
What do you like best about the product?
Drata centralizes and helps to automate your compliance needs under one solution; audits, vendor mgt, risk mgt, policy mgt, assets, reporting, and a trust portal.
What do you dislike about the product?
I honestly cannot think of one thing. Drata continues to bring feature after feature to improve the product.
What problems is the product solving and how is that benefiting you?
Allows a small team to work more effciently by automating various tasks that typically would take weeks to complete.
Seamless Communication and Solid Work Ethics but Room for Improvement in User Education
What do you like best about the product?
Efficient Communication: Despite the time zone difference, the communication with Drata's compliance team has been exceptionally smooth. I can easily reach out during my working hours and receive a prompt reply by the next morning.
Flexible Tools: Not only do they offer a built-in chat tool, but they're also flexible enough to let me use third-party tools like Google Docs for commenting.
Outstanding Work Ethics: Being the sole point of contact for compliance in my small company, I've worked with the Drata team more closely than with some of my colleagues. Their professionalism, punctuality, and respectful manner exceeded my expectations.
Flexible Tools: Not only do they offer a built-in chat tool, but they're also flexible enough to let me use third-party tools like Google Docs for commenting.
Outstanding Work Ethics: Being the sole point of contact for compliance in my small company, I've worked with the Drata team more closely than with some of my colleagues. Their professionalism, punctuality, and respectful manner exceeded my expectations.
What do you dislike about the product?
Lack of Deep Understanding: While Drata's tool excels at guiding users through compliance tasks and significantly aiding in increasing the readiness percentage, there's room for improvement when it comes to instilling a deep understanding of the 'why' behind the compliance requirements. Although the compliance team is very helpful in answering many of these 'why' questions, it would be advantageous if such knowledge were incorporated directly into the tool. This would eliminate the need for users to remember all the intricate details and could serve as an ongoing resource for understanding compliance deeply.
Gap in Audit Preparedness: The tool is designed to make you compliant but not necessarily audit-ready. Users are left to themselves to make the connections between policy requirements, company statements, and actual practices.
Gap in Audit Preparedness: The tool is designed to make you compliant but not necessarily audit-ready. Users are left to themselves to make the connections between policy requirements, company statements, and actual practices.
What problems is the product solving and how is that benefiting you?
Gaining trust in our security practice internationally, beyond local market.
Best SOC 2 compliance management tool we found
What do you like best about the product?
Fast moving team that develops features quickly; by far the best UI compared to Tugboat and Vanta; agentless evidence checking (unlike Vanta) which is a much more secure architecture.
What do you dislike about the product?
Still a young and maturing product. Overly prescriptive in how to implement and evidence certain controls. For example, we handle network access management through security groups, but their automated evidence collection checked for NACL rules instead. There's not always enough flexibility to handle different controls, let along custom controls. So, you'll still end up uploading a fair share of manually collected evidence.
What problems is the product solving and how is that benefiting you?
All of our compliance readiness is handled well in one place. They are also very good at automating all the tasks needed to maintain readiness: it would be like herding cats to do that by hand.
Great platform and incredible support!
What do you like best about the product?
The platform is very easy to use, easy to set up, and the support is one of the best I've seen of any platform I've used.
What do you dislike about the product?
If you are new to SOC2 this platform probably will be your best bet, however, the connection with the auditor is a bit of a difficult concept to grok. Drata's platform does a pretty good job of holding your hand as to what you need to do to pass your audit but the challenge is that your auditing firm outside of Drata also has their own view of how it should be done and it can differ slightly from Drata. So you tend to find yourself in this gray area of not quite being certain you are ready or not. My advice is to not look to have Drata drive your SOC2 but rather your auditor with Drata as the tool. Full disclosure: I'm still in the middle of my SOC2 so can't say yet how I've done with "passing".
What problems is the product solving and how is that benefiting you?
Helping me achieve SOC2 Type 1 for my customers to be more confident in signing with me.
Useful Tool That is Underutilized by Auditing Companies
What do you like best about the product?
I really have enjoyed that all the evidence is aggregated in one spot and presented in a way that auditors have understood it. The integrations are also useful, data that syncs up with any changes is especially useful in a fast paced business environment.
What do you dislike about the product?
The real downside of using drata was the fact that Auditors were reluctant to use it. All the evidence was there in the platform and visible for them to use, but they still wanted us to walk them through all of our controls over video chats. This defeated the purpose of Drata and did not save us time.
What problems is the product solving and how is that benefiting you?
The tedious process of data and evidence collection.
A useful solution
What do you like best about the product?
Nice UI, nice cloud vendor tooling tie ins to AWS & GCP.
Easily see your IT assets and allocated users.
Useful top down view of compliance checklists all in one place.
Handy lightweight MDM solution with agents for all OSes and a web dashboard / onboarding flow for users.
Out of the box SSO/SAML IdP integrations like Google auth.
Easily see your IT assets and allocated users.
Useful top down view of compliance checklists all in one place.
Handy lightweight MDM solution with agents for all OSes and a web dashboard / onboarding flow for users.
Out of the box SSO/SAML IdP integrations like Google auth.
What do you dislike about the product?
Very limited custimization options. Because there is no way to customize user IT asset compliance rules, if you don't do things 100% the Drata way, 100% of yours users will show as non-compliant all the time, becaus there is no way to customize the ruleset Drata uses. This makes the compliance dashboard of limited value.
This is an overall theme in Drata. It's highly opinionated, so if you do things 100% their way, it works well, but if not you'll never see a complete compliance picture due to continuous false positives. This can also be seen in the cloud asset compliance checks and VCS checks. If you have no existing SOC2 apparatus, and want to use the Drata way hook line and sinker, this can work well, but if you have an existing compliance process, you'll possibly feel constrained in your ability to tailor Drata to fit.
Finally custom API integrations are rudimentary. The fact that you must open a support engineer directly to get an API key speaks to this currently being a rudimentary feature, rather than a rich API layer. We had to reverse engineer APIs and use UI tokens/sessions to automate processes, rather than the official Drata APIs to get things automated.
This is an overall theme in Drata. It's highly opinionated, so if you do things 100% their way, it works well, but if not you'll never see a complete compliance picture due to continuous false positives. This can also be seen in the cloud asset compliance checks and VCS checks. If you have no existing SOC2 apparatus, and want to use the Drata way hook line and sinker, this can work well, but if you have an existing compliance process, you'll possibly feel constrained in your ability to tailor Drata to fit.
Finally custom API integrations are rudimentary. The fact that you must open a support engineer directly to get an API key speaks to this currently being a rudimentary feature, rather than a rich API layer. We had to reverse engineer APIs and use UI tokens/sessions to automate processes, rather than the official Drata APIs to get things automated.
What problems is the product solving and how is that benefiting you?
Top down single source of compliance state and information.
showing 271 - 280