Drata vs USM Anywhere comparison

"Drata keeps adding new features, allowing us to build our entire InfoSec program within it. Adding new components and evidence for different audits is easy. Drata also integrates with various software, like ticketing systems, source code control, and cloud platforms, continuously pulling evidence from these integrations. Without a GRC tool with these integrations, we used to gather evidence from different software during audits manually. Drata has a significant impact on our security posture management. Previously, Drata had features for security posture management, primarily through integration with AWS. For example, it would scan AWS for specific security requirements, like ensuring all S3 buckets are private. It will be reported on the Drata platform if it finds a public bucket. Recently, Drata introduced a new feature that uses an infrastructure-as-code approach. This feature detects issues and provides AI-generated suggestions for fixing them. If an organization uses infrastructure-as-code solutions like Terraform, Drata will suggest changes to the Terraform code to address the issues. You can then review and apply these changes to fix the problems. This is particularly useful when dealing with many topics, as it helps automate and speed up the process of implementing fixes. However, this AI-generated code feature is part of Drata’s upsell options. The basic version of Drata offers limited capabilities compared to the advanced features available with a paid upgrade. Even without this new feature, Drata's security posture management is valuable, as it scans cloud environments for deviations from defined security baselines. Many tools offer similar capabilities, but Drata’s new feature that translates issues into actionable fixes is a notable advancement. This benefits teams with the capability and resources to use this tool effectively."

"Overall, Drata as a tool has brought a lot of improvements within the GRC team, and having to centralize everything in one system, mapping the controls within one system, performing audits within one system, monitoring policies within one system, and doing risk management within one system is something that in GRC, speaking from a GRC perspective in cybersecurity, has been very impactful and effective within the team."

"The product is 100 percent friendly to use."

"Drata helps eliminate evidence gathering and makes assigning different activities to different team members easier, simplifying compliance and audit processes. In Pennsylvania, we're putting in thousands of hours. Drata improves our security posture by reducing extra work, allowing us to focus on other security directives. I like the control editing and task management features the most. It's easy to use, but it's also easy for people to think they don't need security experts if they have it."

"Drata offers APIs for every clause so that it can integrate into various platforms."

"Drata helped us publish our ISO and SOC reports, which was essential for the acquisition. The challenge now is whether Drata can scale up to meet the needs of a larger company, which already has tools like Intune to enforce laptop encryption. Drata is excellent for startups and small—to medium-sized companies but may face challenges in larger organizations with multiple environments."

"The way the tool's controls are linked to the framework, specifically with SAST and HIPAA frameworks or any other frameworks, is really good."

"My experience with customer support was good; they were responsive, but they didn't ever get us to a solution that worked."

"ATT AlienVault USM support is very good, they respond quickly to our needs."

"On any given day I could give you a different answer regarding the most valuable features of the product. The feature that is most important is the fact that it has a lot of features, that it's not just a log collection and correlation system, that it has a lot of other components built in. The bundle of features is really the killer feature."

"The best thing about AlienVault USM is it being a Jack-of-All Trades solution, providing SIEM, HIDS/NIDS, FIM, NetFlow, Asset Management, Vulnerability Management, and more under one USM platform, which none of the commercial SIEM vendors like ArcSight or McAfee can boast of with such a diverse feature set."

"Customer Service: The customer service is excellent, we have quick and knowledgeable help on all our calls."

"Using the communication within the security device, it is easier to create plugins."

"Having everything in a central place has been helpful."

"I'm glad we purchased it, wished we would have gone with outside monitoring instead of inhouse and there is a lot to learn; great product though."

"We used, tested, and tried several solutions prior to this solution; this solution answered too many questions under one reasonable cost, as opposed to piecemealing everything together for more money."

"The product can improve in its API documentation area."

"The existing features of Drata are already extensive and costly to integrate."

"The thing with Drata is you cannot open multiple tabs on the same interface or the same desktop,"

"Drata has impacted our organization negatively, as it made the whole compliance process more complicated and cost me significant time."

"In terms of improvements, I'd suggest better marketing since the industry tends to market these tools as security experts, which isn't true."

"There was one instance where our auditors could not access the Audit Hub in Drata, and it was not really something that was wrong from our company side."

"There is room for improvement in Drata. The core features are solid, but some new features are in a very MVP (Minimum Viable Product) stage. They work, but the user experience isn't always smooth. While the core features are well-developed compared to the market, the new features need more polish. They could benefit from more user feedback and iterations to make them more useful. Some of these new features look promising buthave flaws, so we can’t fully adopt them or justify paying extra for them now. The user interface is clean and intuitive. However, you'll need some specific knowledge if you're a security policy manager or need to set updifferent integrations."

"The solution is quite costly."

"This solution could be easier to use."

"I think expanding their vendor-specific plugins would beneficial."

"The reporting tools are a bit lacking for building reports to give directly to customers, but support has been helpful in giving our requests for new features to the development team and following up with us."

"The vulnerability management solution is worse than buying a Nessus Professional license."

"Backup, restore, and upgrade - some menu options are a bit convoluted."

"Sometimes the log is unclear, and the report is a bit ambiguous."

"The Log Management and configuration of email notifications should be user-friendly."

"They should improve the reporting capabilities. Different functions to customize reports should be added."

"I remember that my company used to pay 25,000 USD to use the product...The product's cost is really high, but it is a powerful tool."

"Drata's pricing is quite reasonable. Compared to other tools in the market, including its biggest competitor, Vanta, Drata is much cheaper. Even compared to other tools like AuditBoard, which aren’t as good, Drata’s price remains competitive."

"It's one of the more expensive options, but I think it's worth the money if you can afford it."

"We ran a few PoCs. The price and feature set were the best with AlienVault."

"The price of this solution is reasonable, which is one of the reasons why we selected it over other solutions."

"We pay around $12,000 a year including storage."

"Its price is in the medium to upper range."

"AT&T AlienVault USM is an expensive solution and we pay for the license and the support separately. We paid for the license and support for three years."

"It has good pricing."

"Use the AlienVault team. They are helpful and the documentation that they provide is second to none."

"QRadar, ArcSight and Splunk are some of the most expensive SIEM products out there in the market and not everyone has the budget to buy them. In such cases, AV USM is a very cost effective alternative."