Drata Reviews

Users have expressed high regard for several features of Drata with compliance automation being at the forefront. This functionality dramatically simplifies the complex and often cumbersome process of maintaining continuous compliance across various standards. Automation not only reduces manual oversight but also enhances accuracy. Another highly appreciated feature is the integration capabilities of Drata. 

Users find that Drata seamlessly integrates with existing tech stacks, facilitating a more unified approach to security and compliance management. The audit trail features are noted for their efficiency, making audits less stressful and more manageable by providing clear, detailed logs and histories of compliance activities. Clients commend the real-time monitoring systems that immediately alert them to any compliance discrepancies or potential issues, enabling swift corrective action. 

• "Drata offers APIs for every clause so that it can integrate into various platforms."
• "Drata keeps adding new features, allowing us to build our entire InfoSec program within it. Adding new components and evidence for different audits is easy. Drata also integrates with various software, like ticketing systems, source code control, and cloud platforms, continuously pulling evidence from these integrations. Without a GRC tool with these integrations, we used to gather evidence from different software during audits manually.Drata has a significant impact on our security posture management. Previously, Drata had features for security posture management, primarily through integration with AWS. For example, it would scan AWS for specific security requirements, like ensuring all S3 buckets are private. It will be reported on the Drata platform if it finds a public bucket.Recently, Drata introduced a new feature that uses an infrastructure-as-code approach. This feature detects issues and provides AI-generated suggestions for fixing them. If an organization uses infrastructure-as-code solutions like Terraform, Drata will suggest changes to the Terraform code to address the issues. You can then review and apply these changes to fix the problems. This is particularly useful when dealing with many topics, as it helps automate and speed up the process of implementing fixes. However, this AI-generated code feature is part of Drata’s upsell options. The basic version of Drata offers limited capabilities compared to the advanced features available with a paid upgrade.Even without this new feature, Drata's security posture management is valuable, as it scans cloud environments for deviations from defined security baselines. Many tools offer similar capabilities, but Drata’s new feature that translates issues into actionable fixes is a notable advancement. This benefits teams with the capability and resources to use this tool effectively."
• "The product is 100 percent friendly to use."

Drata could benefit from enhancing its user interface to make it more intuitive and user-friendly, as some users find navigation somewhat confusing. There are suggestions for broader integration capabilities with a wider range of third-party tools to streamline processes. Another area for advancement is in customer support; users have expressed a need for quicker response times and more detailed guidance through complex issues. Improving the customization options to allow users more flexibility in tailoring the platform to specific organizational needs could significantly boost user satisfaction.

• "The existing features of Drata are already extensive and costly to integrate."
• "There is room for improvement in Drata. The core features are solid, but some new features are in a very MVP (Minimum Viable Product) stage. They work, but the user experience isn't always smooth. While the core features are well-developed compared to the market, the new features need more polish. They could benefit from more user feedback and iterations to make them more useful. Some of these new features look promising buthave flaws, so we can’t fully adopt them or justify paying extra for them now. The user interface is clean and intuitive. However, you'll need some specific knowledge if you're a security policy manager or need to set updifferent integrations."
• "The product can improve in its API documentation area."