External reviews
1,104 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Drata Go Live at Carrot
What do you like best about the product?
Framework coverage and test automation..
What do you dislike about the product?
currently haven't experienced any dislikes
What problems is the product solving and how is that benefiting you?
Our security team is harnessing the power of 10. Drata is enabling a migration from push pull report email confirm to "its in there"
Drata - App is Solid, Support is wonderful. SOC2 ASAP
What do you like best about the product?
Customer Service is great. Onboarding painless.
What do you dislike about the product?
Sometimes has strange error states that refresh as different points. Support is great supporting us but not always intuitive to self-help.
What problems is the product solving and how is that benefiting you?
SOC2 Compliance. Data Hygiene.
Solid compliance software, excellent compliance guidance
What do you like best about the product?
The best thing about Drata is their people. Our account manager has been fantastic, and the sales process was comfortable and much easier to deal with than Vanta's. The "compliance experts" in the Drata dashboard are also very easy to work with and fast at solving problems or answering questions. Drata also referred us to a competent and affordable SOC 2 auditor.
In addition, the Drata dashboard is very well laid out, and makes it clear what needs to be done to achieve your desired compliance certification. Drata also offers much more comprehensive support of compliance frameworks than other players in the space. We chose Drata over other automated SOC 2 monitoring solutions because they also offer FEDRAMP and HIPAA monitoring as well.
In addition, the Drata dashboard is very well laid out, and makes it clear what needs to be done to achieve your desired compliance certification. Drata also offers much more comprehensive support of compliance frameworks than other players in the space. We chose Drata over other automated SOC 2 monitoring solutions because they also offer FEDRAMP and HIPAA monitoring as well.
What do you dislike about the product?
Drata sells their automation quite heavily. While much of the solution is automated, the Drata console does not monitor as many of the SOC 2 controls as I had hoped, and we have ended up having to upload a significant amount of manually-collected evidence. As one example, Drata does not automatically monitor for the existence of a log collection system (like Datadog or New Relic) so we have to supply screenshots of the solution to prove we are using it. I am hopeful that, as Drata evolves, these other controls will be monitored better, but for now be aware that a lot of the process is still manual.
What problems is the product solving and how is that benefiting you?
For us, Drata is solving our SOC 2 certification headache. SOC 2 is a heavy lift, and we failed at our first attempt after going in blind. Drata is sort of like night vision for compliance.
A great compliance solution!
What do you like best about the product?
Easy channels to ask questions and receive quick responses, preconfigured frameworks that allow us to easily identify gaps in our processes.
What do you dislike about the product?
Duplicative evidence uploads for systems that we use that are not currently integrated with Drata. Having to upload evidence in Drata that is additional work for my team.
What problems is the product solving and how is that benefiting you?
Giving us a website that allows us to easily share our security documents. This allowed us to move off of another platform which saves my team time and money.
Simplified infosec GRC management that lives up to its promise.
What do you like best about the product?
Ease of connectivity; simplicity in getting things implemented; fantastic customer success team.
What do you dislike about the product?
Connections with external systems sometimes create false positives.
What problems is the product solving and how is that benefiting you?
Simplifying the implementation of ISMS makes it easy for a consultant to help their client. Saves me time and effort and also keeps the customer engaged.
Drata is a powerful tool that support us on achieve our objectives
What do you like best about the product?
Powerful tool in constant improvement, with great customer support.
What do you dislike about the product?
To make the most of Drata it takes a while and some technical restrictions don't allow it to be fully integrated (although Drata working on it).
What problems is the product solving and how is that benefiting you?
The live monitoring of our key controls allows us to proactively identify control issues.
Recommendations to others considering the product:
I'd recommend Drata to the community
Applying Drata to SaMD context
What do you like best about the product?
The onboarding process was smooth, the sales process was informative but not pushy.
Since signing up we have had excellent support from our CSM Ashley who has made herself available at all times if we need assistance.
The tool itself is easy to navigate and after only a week of use has already helped us get more than 50% of the way to being compliant with our first target framework, HIPAA.
There is a lot to work for customers (and only the customer could do it) in regards to policies and company processes but the Drata tool does help a lot by centralizing these documents and storing sign-off. Daily monitoring of control checks which can be automated is a wonderful timesaver, anything getting out of alignment will be alerted for remediation immediately.
Since signing up we have had excellent support from our CSM Ashley who has made herself available at all times if we need assistance.
The tool itself is easy to navigate and after only a week of use has already helped us get more than 50% of the way to being compliant with our first target framework, HIPAA.
There is a lot to work for customers (and only the customer could do it) in regards to policies and company processes but the Drata tool does help a lot by centralizing these documents and storing sign-off. Daily monitoring of control checks which can be automated is a wonderful timesaver, anything getting out of alignment will be alerted for remediation immediately.
What do you dislike about the product?
We've stumbled over a few minor things that don't quite fit our needs:
- Having the ability to have one of several leaders sign off on policies instead of just a single person
- Being able to store multiple security-related documents against a single vendor (e.g. SOC 2 documentation and HIPAA documentation)
- How to manage skills matrix
Our CSM has been responsive in taking these needs onboard an hopefully we'll see them in a future release!
- Having the ability to have one of several leaders sign off on policies instead of just a single person
- Being able to store multiple security-related documents against a single vendor (e.g. SOC 2 documentation and HIPAA documentation)
- How to manage skills matrix
Our CSM has been responsive in taking these needs onboard an hopefully we'll see them in a future release!
What problems is the product solving and how is that benefiting you?
We're primarily looking to assure our customers of our dedication to security posture. Combining the extensive policy suite along with automated monitoring gives us the ability to provide evidence of our commitment directly to customers without delay.
SOC 2 in a box
What do you like best about the product?
- Drata is open-minded, flexible, and agile to meet any of your feature requests or additional requirements. It was the only vendor on the market that was ready to support an immutable cloud-native AWS infrastructure as code at the time we evaluated the available options (end of 2021). Having multiple production releases per day and spinning a brand new version of the infrastructure for every feature branch, we would be overwhelmed with noise and false positives without this.
- They nailed SOC 2 framework and automated testing and evidence gathering significantly. It also looks quite good for ISO 27001.
- Their expert team is always ready to help you with your compliance-related concerns and bring some light to unclear controls and requirements.
- Drata recommends a list of auditors familiar with the tool and providing a significant discount for the audit.
- Drata supports a solid list of compliance frameworks.
- New Trust Center is a killer feature.
- They nailed SOC 2 framework and automated testing and evidence gathering significantly. It also looks quite good for ISO 27001.
- Their expert team is always ready to help you with your compliance-related concerns and bring some light to unclear controls and requirements.
- Drata recommends a list of auditors familiar with the tool and providing a significant discount for the audit.
- Drata supports a solid list of compliance frameworks.
- New Trust Center is a killer feature.
What do you dislike about the product?
- 25MB file size limit for any piece of evidence you are uploading into Drata. Anytime you need to upload something bigger you have to ask the Drata support team.
- The support of some frameworks (e.g., NIST CSF, NIST 800 53, GDPR) is pretty basic and has very little or no automation. For these secondary frameworks the cost doesn't seem justified for what they charge for SOC 2 or ISO 27001 - those that they fully support and automated.
- While Drata has a huge list of available integrations, they don't support Atlassian tools hosted on-prem/in your own cloud accounts - only Atlassian SaaS.
- It would be nice to be able to subscribe to an SNS topic with failing test notifications from Drata to stay up-to-date on the recent issues.
- While Trust Center is a great feature, I believe it should be provided for no additional cost as a part of any framework you have with your Drata subscription. It does not seem fair to charge for this additionally.
- The support of some frameworks (e.g., NIST CSF, NIST 800 53, GDPR) is pretty basic and has very little or no automation. For these secondary frameworks the cost doesn't seem justified for what they charge for SOC 2 or ISO 27001 - those that they fully support and automated.
- While Drata has a huge list of available integrations, they don't support Atlassian tools hosted on-prem/in your own cloud accounts - only Atlassian SaaS.
- It would be nice to be able to subscribe to an SNS topic with failing test notifications from Drata to stay up-to-date on the recent issues.
- While Trust Center is a great feature, I believe it should be provided for no additional cost as a part of any framework you have with your Drata subscription. It does not seem fair to charge for this additionally.
What problems is the product solving and how is that benefiting you?
Using modern solutions like Drata helped us significantly save the time (at least a few months of effort per year) and money (tens of thousand dollars) required to achieve SOC 2 compliance. Of course, Drata will not automatically make your product secure and reliable, but it will help you assess the gaps, eliminate them, and continuously monitor the required controls.
My Drata Review
What do you like best about the product?
I like the automation Drata uses to bring the latest info up front for review.
What do you dislike about the product?
The limited frameworks at this time plus adding more increases our cost to use Drata every year.
What problems is the product solving and how is that benefiting you?
We needed to get started with our compliance efforts and have a centralized place to store evidence and manage our records in preparation for future audits.
Strong Compliance Platform
What do you like best about the product?
Easy to use, simplifies an otherwise complex process, and the support team is great.
What do you dislike about the product?
Integrations are a little lacking (ex. Slack notifications if a test fails for faster responsiveness), but this is on their roadmap.
What problems is the product solving and how is that benefiting you?
We are working through SOC 2, Type 1 & 2. The software provides an overview of the requirements of SOC 2 and allows us to easily monitor progress. This has helped us move faster and more efficiently.
Recommendations to others considering the product:
Make sure to not discount the value of Drata's support team. They make life a lot easier, and you will need them once you start on your compliance journey (regardless of the framework).
showing 271 - 280