Drata Product Release Roundup

After just celebrating our 4 year anniversary, we took some time to look back at how far our product has come. Just four short years ago, we started in stealth mode with a clear priority: achieving SOC 2 compliance using Drata before launching our product.

We did just that, receiving a clean report that gave us the confidence to hit the ground running. Initially, we set a modest goal of acquiring a couple hundred customers in our first year—but we quickly surpassed expectations, scaling to over 1,000 customers within that time. By year two, we had expanded to include 14+ frameworks, Trust Center, and Risk Management and 3,000 customers. 

Now in our fourth year, we serve over 7,000 customers and just announced our acquisition of SafeBase. Combining the leading enterprise trust center network with the fastest growing GRC automation solution creates the world’s most comprehensive Trust Management Platform.

This quarter we moved at a rapid pace to continue to expand our core pillars including Continuous Control Monitoring, Modern GRC, Security Assurance, and Vendor Risk Management. 

Security Assurance 

Trust is built on actions, not promises. Drata provides the flexibility, scalability, and automation needed to manage governance, risk, compliance, and trust in real time across any framework, all while significantly reducing manual effort and complexity. Our recent acquisition of SafeBase allows us to revolutionize how organizations demonstrate their security posture through a robust network of trust centers and AI-powered security questionnaire capabilities.

Drata Acquires SafeBase

Drata acquires SafeBase

SafeBase’s products have played a pivotal role in accelerating revenue growth and building trust in the marketplace with customers like OpenAI, Twilio, Crowdstrike, LinkedIn, SentinelOne, and hundreds more. $15B in transactions have been tied to security teams using SafeBase Trust Centers over just the last 4 years. 

With this acquisition, you can expect enhanced features like:

• Expanded Trust Center with more flexibility and deeper integrations with tools like Hubspot, Docsign, Ironclad, Slack, Teams, and Salesforce.

• Browser extensions and stronger in-app collaboration to help you receive and respond to security questionnaires faster using comments, assignments, and bi-directional integrations (including Slack, Teams, Jira, and more).

• Deeper analytics and stronger communication tools to lighten your daily workload and drive efficiencies across your program.

Vendor Risk Management

Managing internal and external risk is crucial to ensure that you have visibility at all times. Drata is continuing to use responsible AI to make that process even simpler. Check out our latest innovations below. 

Streamline Vendor SOC 2 Reviews with Drata AI

Reviewing SOC 2 reports for high-risk or prospective vendors is a critical but time-consuming task, requiring thorough analysis of security controls, exceptions, and management responses. Drata’s SOC 2 AI Summary streamlines this process by automatically summarizing key report sections, identifying major exceptions, and distilling management responses into clear, actionable insights. With AI-powered efficiency, organizations can quickly assess vendor security postures, reducing the manual burden of review while making more informed risk management decisions.

Modern GRC

Managing risk effectively requires visibility, flexibility, and efficiency. With these latest updates, Drata empowers you to track risk statuses with greater precision, simplify complex risk calculations, and seamlessly map risks to compliance controls. Built in response to customer feedback, these enhancements ensure a more streamlined and insightful risk management experience. 

Here's what's new:

Risk Status Tracking for Greater Insight and Control

Easily manage and monitor risks with three distinct statuses: Active, Closed, and Archived, now available in the risk register. Designed based on user feedback, this update enhances filtering capabilities on the insights dashboard, allowing you to quickly focus on specific risk statuses and make adjustments directly within the table or drawer.

Simplify Use of Complex Formulas with Custom Formula for Risks

Eliminate the need for spreadsheets. With Drata’s Custom Formula for Risks, Risk Management customers can now create nested formulas, enabling everything from basic calculations to advanced FAIR model adaptations, bringing greater flexibility to risk assessments.

DCF Control Mapping for Risk Assessment

Drata’s Risk Library now features DCF-mapped controls, simplifying the process of linking risks to compliance controls. This enhancement streamlines risk assessments, saves time, and provides greater transparency into your organization’s risk and compliance standing.

Updated Frameworks

Drata is making compliance management more efficient with enhanced control mapping for key frameworks. Whether you're preparing for CMMC or aligning with the DORA Framework, our built-in control mappings from Drata’s DCF library reduce manual effort, accelerate readiness, and strengthen risk and compliance oversight.

CMMC Control Mapping

Drata has strengthened CMMC compliance with built-in control mappings from its DCF controls library. By automating control mapping, this feature minimizes manual effort and streamlines the compliance process, helping you achieve CMMC readiness faster and more efficiently.

DORA Frameworks Control Mapping

Drata now supports the DORA Framework, essential for financial entities in the EU and their IT vendors, with built-in control mappings from the DCF library. With capabilities spanning Risk Management, TPRM, Compliance as Code, and automation, Drata helps organizations enhance operational resilience and meet DORA requirements with ease.

Continuous Automation 

Drata continues to expand its automation and integration capabilities, making compliance management more seamless than ever. With new integrations for GitLab, GitHub, and Azure, and enhancements to AWS monitoring and setup, these updates reduce manual effort and improve visibility. Plus, automated monitoring tests and direct Linear ticket creation and multi-write ticketing for ClickUp ensure greater efficiency across your workflows. 

Here's what's new: 

38 New AWS Tests

Drata has added new automated infrastructure tests for AWS, covering over 20 controls and multiple Center for Internet Security (CIS) benchmarks. These tests enhance control monitoring, reducing manual effort while strengthening cloud security.

AWS Setup Wizard Enhancements

The AWS connection setup in Drata has been revamped for a smoother experience. The new design includes clear instructions, upfront permission details, and a landing page outlining supported features and benefits. Plus, common connection errors are now flagged within the stepper wizard, ensuring a hassle-free setup.

Automatic Monitoring Tests After Key Connections

Now, monitoring tests launch automatically as soon as infrastructure, IdP, version control, or ticketing connections are established. This saves time, improves accuracy, and provides instant visibility into test results, tailored to your enabled frameworks—all accessible on the monitoring page.

Write Access for Creating Linear Tickets

Drata now allows you to create and assign Linear tickets directly within the platform, improving cross-team collaboration as you track framework requirements and prepare for audits.

Multi-Write Ticketing Now Available for ClickUp

You can now integrate ClickUp with write access for manual ticket creation. This update supports all ClickUp object types, including Teams, Spaces, Folders, Lists, Ticket Types, Assignees, and Custom Fields—making it easier than ever to manage tasks.

As we reflect on our journey over the past four years, it’s clear that our commitment to innovation and security has propelled Drata forward at an incredible pace. From launching with SOC 2 compliance on day one to expanding our platform with new frameworks, automation capabilities, and now the acquisition of SafeBase, we’ve continuously evolved to meet the needs of modern security and compliance teams. Our rapid growth is a testament to the trust our customers place in us and our relentless pursuit of building the most comprehensive Trust Management Platform available today.