Drata vs USM Anywhere comparison

"The way the tool's controls are linked to the framework, specifically with SAST and HIPAA frameworks or any other frameworks, is really good."

"My experience with customer support was good; they were responsive, but they didn't ever get us to a solution that worked."

"Drata helps eliminate evidence gathering and makes assigning different activities to different team members easier, simplifying compliance and audit processes. In Pennsylvania, we're putting in thousands of hours. Drata improves our security posture by reducing extra work, allowing us to focus on other security directives. I like the control editing and task management features the most. It's easy to use, but it's also easy for people to think they don't need security experts if they have it."

"The product is 100 percent friendly to use."

"Drata offers APIs for every clause so that it can integrate into various platforms."

"Drata helped us publish our ISO and SOC reports, which was essential for the acquisition. The challenge now is whether Drata can scale up to meet the needs of a larger company, which already has tools like Intune to enforce laptop encryption. Drata is excellent for startups and small—to medium-sized companies but may face challenges in larger organizations with multiple environments."

"Drata keeps adding new features, allowing us to build our entire InfoSec program within it. Adding new components and evidence for different audits is easy. Drata also integrates with various software, like ticketing systems, source code control, and cloud platforms, continuously pulling evidence from these integrations. Without a GRC tool with these integrations, we used to gather evidence from different software during audits manually. Drata has a significant impact on our security posture management. Previously, Drata had features for security posture management, primarily through integration with AWS. For example, it would scan AWS for specific security requirements, like ensuring all S3 buckets are private. It will be reported on the Drata platform if it finds a public bucket. Recently, Drata introduced a new feature that uses an infrastructure-as-code approach. This feature detects issues and provides AI-generated suggestions for fixing them. If an organization uses infrastructure-as-code solutions like Terraform, Drata will suggest changes to the Terraform code to address the issues. You can then review and apply these changes to fix the problems. This is particularly useful when dealing with many topics, as it helps automate and speed up the process of implementing fixes. However, this AI-generated code feature is part of Drata’s upsell options. The basic version of Drata offers limited capabilities compared to the advanced features available with a paid upgrade. Even without this new feature, Drata's security posture management is valuable, as it scans cloud environments for deviations from defined security baselines. Many tools offer similar capabilities, but Drata’s new feature that translates issues into actionable fixes is a notable advancement. This benefits teams with the capability and resources to use this tool effectively."

"It allows for a lot of out-of-the-box features: vuln scanning, HIDS/HIPS, and IDS."

"As we have to service several servers, we can manage them in a economical way, which is beneficial to our team and business."

"Our main focus was intrusion detection, alerts, and correlation. It's easy to use AlienVault and integrate it with other alert tools because it includes lots of connectors. Either the tool is already there, or AlienVault will write an API for us if they don't have a connector for the solution that is providing the logs."

"AlientVault has helped us in improving our visualization and incident response during cybersecurity situations."

"Log-monitoring and alerting enable us to know when things happen that we need to know about."

"AT&T AlienVault USM is good for ELK Stack, the user experience is great because of its architecture. The ELK has a great performance and it has very good speed in the search and Kibana. Additionally, the visuals and dashboards and very nice and customizable."

"The best feature of this product is the ease of use. It is extremely easy to set up and get going. This is a very useful tool for a small organization."

"Asset discovery seems to be good."

"There is room for improvement in Drata. The core features are solid, but some new features are in a very MVP (Minimum Viable Product) stage. They work, but the user experience isn't always smooth. While the core features are well-developed compared to the market, the new features need more polish. They could benefit from more user feedback and iterations to make them more useful. Some of these new features look promising buthave flaws, so we can’t fully adopt them or justify paying extra for them now. The user interface is clean and intuitive. However, you'll need some specific knowledge if you're a security policy manager or need to set updifferent integrations."

"The solution is quite costly."

"In terms of improvements, I'd suggest better marketing since the industry tends to market these tools as security experts, which isn't true."

"The product can improve in its API documentation area."

"The thing with Drata is you cannot open multiple tabs on the same interface or the same desktop,"

"The existing features of Drata are already extensive and costly to integrate."

"One of the challenges with Drata is that if you're paying for a subscription to ISO 27001, you must undergo a risk assessment. You should have access to all necessary modules on the platform to achieve your compliance posture and certification."

"Drata has impacted our organization negatively, as it made the whole compliance process more complicated and cost me significant time."

"The one thing I continue to dislike about the USM is the limitation on reports."

"We've had some stability problems, not a lot, but a few. Updates seem to be the worst. That seems to be when the stability problems come up."

"Maybe logs are the problem, as the database query is too slow. If you want to search something, you need time to find it."

"The GUI needs to improve because it's not user-friendly."

"Support can be slow at times, but the quality is high. Posted knowledge base articles could use improvement."

"I've been told that AlienVault doesn't have a full version of NES running in there, but I'm not sure if that's accurate or if my engineer made it that way. I'm not sure he was completely honest either because we had NES in the environment before. Those tools could be improved because AlienVault is a SIEM, and it added all these other features."

"AlienVault must improve their correlation feature. Some of the events do not match with the correlation rules and some of the correlation events are false-positive."

"Its reporting tools need improvements. It would be good if they can provide integration with other ticketing systems. Currently, we only have integration with Slack and Jira. It is also a bit slow, and its replication engine can be improved."

"It's one of the more expensive options, but I think it's worth the money if you can afford it."

"Drata's pricing is quite reasonable. Compared to other tools in the market, including its biggest competitor, Vanta, Drata is much cheaper. Even compared to other tools like AuditBoard, which aren’t as good, Drata’s price remains competitive."

"I remember that my company used to pay 25,000 USD to use the product...The product's cost is really high, but it is a powerful tool."

"Use an MSSP instead. It is much cheaper."

"The ROI is quite good."

"Use the AlienVault team. They are helpful and the documentation that they provide is second to none."

"So far, it has been a good solution for a tight budget."

"So far, I feel the product's pricing is a good value. The technology is decent. You get what you pay for. I think it's fair."

"I rate the price of AT&T AlienVault USM a four out of five."

"Negotiate the best package for your environment."

"We checked out several competitors. For what it can do and the cost, it was the best option!"