Drata vs Wiz comparison

Drata and Wiz are both solutions in the Compliance Management category. Drata is ranked #5 with an average rating of 8.5, while Wiz is ranked #1 with an average rating of 9.0. Drata holds a 8.0% mindshare in CM, compared to Wiz’s 29.2% mindshare. Additionally, 100% of Drata users are willing to recommend the solution, compared to 100% of Wiz users who would recommend it.

Drata

Read 8 Drata reviews

2,394 Views
2,100 Comparison Views

100% willing to recommend

Wiz

Read 20 Wiz reviews

4,747 Views
3,486 Comparison Views

100% willing to recommend

Drata

Wiz

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Jan 2, 2025

Wiz and Drata compete in the cybersecurity and compliance automation industry. Drata often holds the upper hand due to its advanced feature set and integration capabilities, appealing to users prioritizing comprehensive functionality, while Wiz attracts cost-conscious buyers with its affordability and strong support structure.

Features: Wiz focuses on security monitoring, vulnerability management, and robust threat detection, offering valuable visibility across cloud environments. Drata emphasizes automating compliance across various frameworks, usability, and seamless integration, making it ideal for compliance-centric setups.

Room for Improvement: Wiz could enhance its on-demand scan performance and clarify scanner functionalities. Additionally, more integration options could strengthen its offering. Drata could improve its initial configuration process and make its advanced features more accessible without extensive upsell packages. Simplifying the setup of its new AI-generated code suggestions would be beneficial.

Ease of Deployment and Customer Service: Wiz offers straightforward deployment with minimal disruption and responsive support. Drata also provides efficient installation and solid customer service but may require more initial configuration effort. Wiz's advantage lies in its rapid and uncomplicated integration, while Drata focuses on establishing a thorough compliance infrastructure.

Pricing and ROI: Wiz stands out for its affordability, providing a high ROI through low initial costs and effective security management. Drata, while higher-priced, offers potential long-term savings via comprehensive automation of compliance tasks. Wiz appeals to those seeking immediate cost savings, whereas Drata's robust feature set justifies its higher cost for users prioritizing functionality.

To learn more, read our detailed Drata vs. Wiz Report (Updated: March 2025).

Buyer's Guide

Drata vs. Wiz

March 2025

Download the complete report

Helped 842,672 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Drata

Ranking in Compliance Management

5th

Average Rating

8.6

Reviews Sentiment

7.6

Number of Reviews

Ranking in other categories

No ranking in other categories

Wiz

Ranking in Compliance Management

1st

Average Rating

9.0

Reviews Sentiment

7.6

Number of Reviews

Ranking in other categories

Vulnerability Management (1st), Container Security (1st), Cloud Workload Protection Platforms (CWPP) (2nd), Cloud Security Posture Management (CSPM) (1st), Cloud-Native Application Protection Platforms (CNAPP) (1st), Data Security Posture Management (DSPM) (2nd), Cloud Detection and Response (CDR) (1st)

Mindshare comparison

As of March 2025, in the Compliance Management category, the mindshare of Drata is 8.0%, down from 18.7% compared to the previous year. The mindshare of Wiz is 29.2%, up from 19.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Compliance Management

Featured Reviews

Johnny Chen

SecOps Engineer III at FINIX PAYMENTS, INC

Collects and stores compliance evidence and documentation for you using native integrations with your tech stack.

There is room for improvement in Drata. The core features are solid, but some new features are in a very MVP (Minimum Viable Product) stage. They work, but the user experience isn't always smooth. While the core features are well-developed compared to the market, the new features need more polish. They could benefit from more user feedback and iterations to make them more useful. Some of these new features look promising buthave flaws, so we can’t fully adopt them or justify paying extra for them now. The user interface is clean and intuitive. However, you'll need some specific knowledge if you're a security policy manager or need to set updifferent integrations.

Read full review

Pietro Villivà

Business Line Manager at S2E

Useful for security assessment and maintaining correct security posture

The tool keeps improving on a weekly basis. Wiz enters into a lot of partnerships with other technologies. I don't have any idea about the improvements needed in the tool at the moment. For me, Wiz is a very complete product, but it is not the perfect one. Other technologies are better for our customers' specific use cases. A possible way to grow the tool is by introducing new functionality or features. In the future, the tool can introduce an on-prem infrastructure or platform. Not having an on-prem version can be an obstacle for customers who have a large workload in an on-prem environment. The onboarding can be done in five minutes or five to ten minutes. Then, there is the configuration, and it depends on the type of the use case of the customer. There is a customer that has simple use cases for whom the onboarding can be done in four to eight hours a day. If there are some customers with a lot of use cases and a lot of different cloud providers, more time is needed. In general, we don't need more than five days to deploy the tool, even in the case of a very complex architecture and hybrid cloud environment. To deploy the tool, we need to have access to the account of the customer, and Wiz is a stuff that we need to make with the customer. We do the onboarding together. The customer creates the correct authorization in the cloud platform and gives us the key to connect to the platform, and then the platform connector starts and begins to collect information.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"Drata offers APIs for every clause so that it can integrate into various platforms."

"Drata keeps adding new features, allowing us to build our entire InfoSec program within it. Adding new components and evidence for different audits is easy. Drata also integrates with various software, like ticketing systems, source code control, and cloud platforms, continuously pulling evidence from these integrations. Without a GRC tool with these integrations, we used to gather evidence from different software during audits manually. Drata has a significant impact on our security posture management. Previously, Drata had features for security posture management, primarily through integration with AWS. For example, it would scan AWS for specific security requirements, like ensuring all S3 buckets are private. It will be reported on the Drata platform if it finds a public bucket. Recently, Drata introduced a new feature that uses an infrastructure-as-code approach. This feature detects issues and provides AI-generated suggestions for fixing them. If an organization uses infrastructure-as-code solutions like Terraform, Drata will suggest changes to the Terraform code to address the issues. You can then review and apply these changes to fix the problems. This is particularly useful when dealing with many topics, as it helps automate and speed up the process of implementing fixes. However, this AI-generated code feature is part of Drata’s upsell options. The basic version of Drata offers limited capabilities compared to the advanced features available with a paid upgrade. Even without this new feature, Drata's security posture management is valuable, as it scans cloud environments for deviations from defined security baselines. Many tools offer similar capabilities, but Drata’s new feature that translates issues into actionable fixes is a notable advancement. This benefits teams with the capability and resources to use this tool effectively."

"Drata helped us publish our ISO and SOC reports, which was essential for the acquisition. The challenge now is whether Drata can scale up to meet the needs of a larger company, which already has tools like Intune to enforce laptop encryption. Drata is excellent for startups and small—to medium-sized companies but may face challenges in larger organizations with multiple environments."

"The product is 100 percent friendly to use."

"Drata helps eliminate evidence gathering and makes assigning different activities to different team members easier, simplifying compliance and audit processes. In Pennsylvania, we're putting in thousands of hours. Drata improves our security posture by reducing extra work, allowing us to focus on other security directives. I like the control editing and task management features the most. It's easy to use, but it's also easy for people to think they don't need security experts if they have it."

"The way the tool's controls are linked to the framework, specifically with SAST and HIPAA frameworks or any other frameworks, is really good."

"The vulnerability management modules and the discovery and inventory are the most valuable features. Before using Wiz, it was a very manual process for both. After implementing it, we're able to get all of the analytics into a single platform that gives us visibility across all the systems in our cloud. We're able to correspond and understand what the vulnerability landscape looks like a lot faster."

"The tool's most valuable feature is its attack path analysis."

"The product's most valuable feature combines different contexts and attributes to produce highly confident alerts."

"The CSPM module has been the most effective. It was easy to deploy and covered all our accounts through APIs, requiring no agents. Wiz provides instant visibility into high-level risks that we need to address."

"The granularity of visibility that the platform provides is the most valuable aspect."

"The automation roles are essential because we ultimately want to do less work and automate more. The dashboards are easy to read and visually pleasing. You can understand things quickly, which makes it easy for our other teams. The network and infrastructure teams don't know as much about security as we do, so it helps to have a tool that's accessible and nice to look at."

"The product supports out-of-the-box reporting with context about the asset and allows us to perform complex custom queries on UI."

"I like Wiz's reporting, and it's easy to do queries. For example, it's pretty simple to find out how many servers we have and the applications installed on each. I like Wiz's security graph because you can use it to see the whole organization even if you have multiple accounts."

More Wiz pros

Cons

"The product can improve in its API documentation area."

"The existing features of Drata are already extensive and costly to integrate."

"One of the challenges with Drata is that if you're paying for a subscription to ISO 27001, you must undergo a risk assessment. You should have access to all necessary modules on the platform to achieve your compliance posture and certification."

"The solution is quite costly."

"The thing with Drata is you cannot open multiple tabs on the same interface or the same desktop,"

"In terms of improvements, I'd suggest better marketing since the industry tends to market these tools as security experts, which isn't true."

"There is room for improvement in Drata. The core features are solid, but some new features are in a very MVP (Minimum Viable Product) stage. They work, but the user experience isn't always smooth. While the core features are well-developed compared to the market, the new features need more polish. They could benefit from more user feedback and iterations to make them more useful. Some of these new features look promising buthave flaws, so we can’t fully adopt them or justify paying extra for them now. The user interface is clean and intuitive. However, you'll need some specific knowledge if you're a security policy manager or need to set updifferent integrations."

"The remediation workflow within the Wiz could be improved."

"We're looking at some of the data compliance stuff that they've got Jon offer. I know they're looking at container security, which we gonna be looking at next."

"We are still analyzing its behavior as we are in the midst of the implementation."

"One significant issue is that the searches are case-sensitive, so finding a misconfigured resource can become very challenging."

"The solution's container security could be improved."

"As the tool is a good fit for small and medium-sized businesses, the solution should focus on making the product suitable for large-scale businesses."

"We would like to see improvements to executive-level reporting and data reporting in general, which we understand is being rolled out to the platform."

"The reporting isn't that great. They have executive summaries, but it's only a compliance report that maps all current issues to specific controls. Whether you look at one subscription or project, regardless of the size, you will get a multipage report on how the issues in that account map to that control. Our CSO isn't going to read through that. He won't filter that out or show that to his leadership and say, "Here's what we're doing." It isn't a helpful report. They're working on it, but it's a poor executive summary."

More Wiz cons

Pricing and Cost Advice

"I remember that my company used to pay 25,000 USD to use the product...The product's cost is really high, but it is a powerful tool."

"Drata's pricing is quite reasonable. Compared to other tools in the market, including its biggest competitor, Vanta, Drata is much cheaper. Even compared to other tools like AuditBoard, which aren’t as good, Drata’s price remains competitive."

"It's one of the more expensive options, but I think it's worth the money if you can afford it."

"Regarding pricing, it’s more than $100k because we have a very big infrastructure. Our environment supports around three thousand people, and we offer business-to-client financial services to around one million clients, so we rely heavily on Wiz."

"I wish the pricing was more transparent."

"If one is cheap and ten is expensive, I rate the tool's price as a five out of ten."

"The pricing seems pretty simple. We don't have to do a lot of calculations to figure out what the components are. They do it by enabling specific features, either basics or advanced, which makes it easy to select."

"Based on the features and capabilities, the product pricing seems reasonable."

"The cost of the other solutions is comparable to Wiz."

"The pricing is fair and comparable to their competitors. The cost seems to be going up, which is a concern. There are potential savings from consolidating tools, but we're uncertain how Wiz's pricing will change over time."

"The pricing is fair. Some of the more advanced features and functionalities and how the tiers are split can be somewhat confusing."

More Wiz pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Compliance Management solutions are best for your needs.

See recommendations

842,672 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

22%

Financial Services Firm

University

Manufacturing Company

Financial Services Firm

15%

Computer Software Company

15%

Manufacturing Company

10%

Government

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

What needs improvement with Drata?

The existing features of Drata are already extensive and costly to integrate. It requires a certain level of development understanding from companies. Improvements could be in the area of reducing ...

See all answers

What is your primary use case for Drata?

I have been deploying all the services to Australia and USA. These are for customer compliance on HIPAA, ISO 27001, SOC 2, and similar standards.

See all answers

What advice do you have for others considering Drata?

I'd rate the solution eight out of ten.

See all answers

What do you like most about Wiz?

With Wiz, we get timely alerts for leaked data or any vulnerabilities already existing in our environment.

See all answers

What is your experience regarding pricing and costs for Wiz?

This feedback is not based on much experience yet, as we have only conducted POV or POC.

See all answers

What needs improvement with Wiz?

I have not measured certain abilities on a scale yet. The ultimate value depends on the requirements of your organization.

See all answers

Comparisons

Vanta vs Drata

Compared 61% of the time

Sprinto vs Drata

Compared 14% of the time

Thoropass vs Drata

Compared 8% of the time

Secureframe Comply vs Drata

Compared 5% of the time

Hyperproof vs Drata

Compared 4% of the time

More Drata Competitors

Prisma Cloud by Palo Alto Networks vs Wiz

Compared 14% of the time

Microsoft Defender for Cloud vs Wiz

Compared 8% of the time

Orca Security vs Wiz

Compared 8% of the time

Snyk vs Wiz

Compared 5% of the time

CrowdStrike Falcon Cloud Security vs Wiz

Compared 4% of the time

More Wiz Competitors

Product Reports

Buyer's Guide

Drata

March 2025

Download Drata product report

Buyer's Guide

Wiz

March 2025

Download Wiz product report

Overview

Drata is a powerful tool for automating compliance processes, effectively reducing audit preparation time and continuously monitoring security controls. It is highly valued for its ability to integrate seamlessly with existing tech stacks and manage security for remote teams, ensuring adherence to standards like SOC 2 and HIPAA. Drata enhances organizational efficiency, improves workflows, and supports real-time compliance monitoring, making compliance management less stressful and more accurate.

Drata

Wiz is a highly efficient solution for data security posture management (DSPM), with a 100% API-based approach that provides quick connectivity and comprehensive scans of platform configurations and workloads. The solution allows companies to automatically correlate sensitive data with relevant cloud context, such as public exposure, user identities, entitlements, and vulnerabilities.This integration enables them to understand data accessibility, configuration, usage, and movement within their internal environments.

Wiz's Security Graph delivers automated alerts whenever risks emerge, allowing teams to prioritize and address the most critical issues before they escalate into breaches. Furthermore, Wiz ensures rapid and agentless visibility into critical data across various repositories, enabling organizations to easily determine the location of their data assets.

Wiz Features

Wiz provides various features in the following categories:

Agentless Scanning: The solution can scan every layer of a cloud environment without requiring agents, managing the entire process and providing comprehensive visibility.
Workflow Integration: Users can create customized workflows within Wiz to identify and assign actions based on urgency, integrating them with ticketing systems for quick and efficient remediation.
Vulnerability Management: Wiz's vulnerability management modules provide detailed analytics and visibility across cloud systems, streamlining the manual process of vulnerability discovery. The automated attack path analysis helps identify risks and trace potential points of exposure, allowing users to understand and mitigate them effectively and proactively.
CSPM (Cloud Security Posture Management): Wiz's CSPM module offers instant visibility into high-level risks to an enterprise’s cloud environment, covering all accounts without the need for agents.
Out-of-the-Box Reporting and Custom Queries: The service supports comprehensive reporting with asset context, allowing users to perform complex custom queries on the solution’s user-friendly interface.
Automation Roles and Dashboards: The solution facilitates automation by providing essential roles and dedicated dashboards that enable teams to understand security information quickly, even those with limited expertise.
Contextual Risk Evaluation: The service contextualizes the various components contributing to an issue, providing a risk evaluation framework that helps prioritize remediation efforts.
Security Graph and Visibility: Wiz's security graph offers visibility across the entire organization, even with multiple accounts, enabling users to understand their environment and assets effectively.

The Benefits of Wiz

Wiz offers the following benefits:

Comprehensive agentless scanning
Effective identification and mitigation of vulnerabilities
Streamlined vulnerability management
Robust reporting capabilities and customizable queries
Enhanced automation and role-based access control
Prioritized risk evaluation for efficient remediation
Security posture across multiple accounts

Reviews from Real Users

Kamran Siddique, VP Information Security at boxed.com, remarks his company has seen a ROI while using Wiz, as it simplifies the process by integrating multiple useful tools into one solution.

According to a Senior Security Architect at Deliveroo, Wiz has given their company a fresh approach to vulnerability management, as Wiz's native integrations are extremely useful and paramount to the operational success of their platform.

Get a demo | Wiz

Wiz

Sample Customers

Information Not Available

Wiz is the fastest growing software company ever - $100M ARR in 18 months: Wiz becomes the fastest-growing software company ever | Wiz Blog Discover why companies, including Salesforce, Morgan Stanley, Fox, and Bridgewater choose Wiz as their cloud security partner. Read their success stories here: Customers | Wiz

Buyer's Guide

Drata vs. Wiz

March 2025

Free Report: Drata vs. Wiz

Find out what your peers are saying about Drata vs. Wiz and other solutions. Updated: March 2025.

DOWNLOAD NOW

842,672 professionals have used our research since 2012.

See our Drata vs. Wiz report.

See our list of best Compliance Management vendors.

We monitor all Compliance Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.