BigFix Reviews

We are using BigFix for desktop management, endpoint management, inventory, application control, remote control, building machines, master images, OS deployment, and software distribution.

The most valuable and essential features of BigFix are all of them, they are needed when serving the purpose of the desktop operation framework. We cannot run operations without patching or without having an appropriate mechanism for deploying software, et cetera. The features all serve their purpose for our use case.

The one feature that provided the most value and efficiency would be patch management. It's the most powerful feature in BigFix.

BigFix can improve the way machines report back to the console. In the external relay management environment, it has become more of a hybrid environment with most of the machines not being on-site. The need of having public-facing reporting items interconnected is becoming more and more crucial. In general, the reporting could use some enhancement.

In a future release, it would be a benefit to have a cloud-based solution with external cloud-based relays. Additionally, having a remote control in the cloud feature would be interesting.

I have been using BigFix for approximately four years.

BigFix is stable. However, there have been a few minor issues, such as the relay's not reporting.

The scalability of BigFix is good. How deployment is not that large in size. The exercises that we do are pretty limited.

We have approximately 30 administrators using this solution.

Our company has a good relationship with the reseller that we work with and the support they provide to us is fair.

The initial setup of BigFix was easy because we started from scratch, we didn't have a CCM before. The deployment of BigFix is a powerful feature, it is simple to do.

The price of BigFix could be lower. However, I am always seeking a lower price.

My advice to others is for them to take a holistic approach while designing. Don't look at one functionality, but look at the environment as a framework. View it from all aspects and merge operation with security. Don't let your focus be on the compliance of your environment or on the operation element alone, take other aspects into consideration, such as the security aspect, which is fast remediation, vulnerability management, and end-of-life management.

I rate BigFix an eight out of ten.

Our primary use case is for the automation of patch compliance.

BigFix has drastically reduced the maintenance window period to patch and reboot servers.

It has helped to reduce network traffic when it comes to downloading patches. There's a single download to the primary BigFix server which is then replicated and cached on the Relays for all data center connected servers.

Due to the automation, we've been able to prevent a lot of human errors with BigFix so it's reduced our help desk calls by 50%.

Finally, it has helped us to compress patch cycles by around 75%.

The power is in the Platform!

I would like to see a WebUI SDK so we could take what is provided currently and be able to build our own customized web UI for particular customers that want to sell service.

It's extremely stable. 

It's very scalable. 

Their technical support is excellent. 

We've used BigFix in the past with other companies so we knew BigFix was a superior tool. Ten years prior, the current tool we were using had a lot of overhead, was time-consuming, used a lot of resources, and time spent on it. We knew there were better tools out there. 

It's far superior and there's no comparison to SCCM. It is so easy to navigate in the console. Everything's in a single view within a fixlet or a task. You can tell what actions are taking place versus having to go through separate menus in your console to figure it out. Just that alone and knowing instantly what your environment looks like based off of content makes BigFix superior. 

The initial setup was very straightforward. It's simple infrastructure to set up in comparison to other tools, like BladeLogic or SCCM, very simple infrastructure to set up.

We implemented ourselves. 

I would rate it a ten out of ten. It hasn't changed much since it's inception, so it's a superior product and it's just going to get better with the expansion of the API endpoint security and WebUI.

If you're considering BigFix, you should look deeper than just what's on the retail box of patch and compliance and software distribution. Look at the platform, what it can do on the back, and the relevance language, and the reporting capabilities. There's a lot more to this that you can use in your DevOps org to accomplish automation tasks.

We help our customers and ourselves do vulnerability and compliance implementations, licensing compliance, and patch management solutions.

I've worked with the product a very long time, almost eight and a half years now, and for my own company, we're able to make sure that our endpoints are secure, regardless of the location on or off network. Also, for a lot of our customers, a big benefit is being able to give with accuracy, the reporting of compliancies based on NIST or STIGs, compliance reporting tools and being able to know that what they're doing.

It has also helped to reduce network traffic when it comes to downloading patches. By only having to download the patch once to the central location and then utilizing the relay structure to then download the patch to a specific site and then everything gathering at local, it greatly reduces the bandwidth of multiple endpoints.

We use it to compare current and old patches. I don't necessarily want to deploy a roll-up patch, but we have to because that's how the vendors are producing them. By being able to evaluate whether the new patching is as successful as the old way, we're able to compare the different content of the patches and not just that the patch has been delivered, but that the vulnerability that the patch is supposed to fix no longer exists.

Before we started using this solution, patching was done per endpoint. What we're able to do now is, we can test the patches, deploy them, with certainty that they're not breaking anything else, and then large scale deploy the amount. I've seen customers reduce their patch cycle times from a 60-day turnaround window to a 15-day turnaround window.

Finally, it has helped reduce software spend. By having to look at the licensed tools and what's being utilized and not utilized, we're able to make informed decisions about software license levels. This product falls a little short as far as the licensing compliance capabilities. I would like to see some development surrounding that so that I could input ELA agreements, regardless of vendor, and be able to pull those compliance-based reports.

The ease of use is the most valuable feature. Underlying that is the truth that the information that's being derived from the endpoints is accurate. There's no gray matter, and we don't have to interpret the results.

I would like to see file consistency and sizing, and I would like to see more robust reporting in the power management features. Energy use and consumption has become a cry within IT development. It's an underserved piece of the product that has implications that could allow security and green IT and sustainability to be married better.

The stability is paramount. It has definitely reduced the need for multiple products down at the endpoint, it's reduced the number of agents needed at the endpoint, and overall because the product was created so many years ago when networks were not nearly as robust as they are now, the improvement of the product over time along with the improvement of the stability of large networks, has coincided. It is as stable today as when you could only transfer 15 bits across the line.

We're a partner, so we deliver technical support to customers. When we need to talk to the product support, traditionally, with the product over the last five years, I would not say support has been supportive. I hope that changes.

Our initial setup was very complex because we not only have it set up for our internal use, but we also have a managed service platform in which we service multiple clients. We have a cloud-based solution with it as well. We're called in for a lot of the crazy deployments that are out there in the customer world where they have massive amounts of endpoints and really complex network systems.

If you utilize the tool to the maximum capacity available to you, your ROI is significantly five to seven-fold over cost.

SCCM was a product that was originally designed to deploy Microsoft Office and to patch some of the underlying structures of the Microsoft operating system. It was never designed to be a large-scale security compliance or endpoint management tool. So when you look at it from those foundations, it doesn't compare. SCCM is a free product that's offered as part of an ELA agreement that can do those functions and features, but it's not designed to do it.

I would rate BigFix a nine out of ten. It is a world leader in the patch management, vulnerability management, and security compliance space. Not a ten because the product still has room for growth and maturity to be a full-scale platform for agnostic management.

I would advise someone considering this solution to start with the simplest thing that you need to be fixed, whether that's patch management or that's software-inventory, and learn how the product works. If you can conceptually understand that it's an agnostic platform, then what I would do for patching is the same thing that I would do for inventory, which is the same thing that I would do for compliance management. Then converting over those features until into a holistic environment is easy. If you're trying to eat the elephant all at once, it gets very overwhelming very quickly.

Primarily my clients use it for being able to not only patch but also to be able to detect and remediate vulnerabilities in their environment. In addition, to be able to provide an accurate inventory of both the hardware and software of what they currently have deployed.

Some of my clients have gone from it taking months to be able to get through a patch cycle or to discover what's out there, down to days. A lot of it's been over a 90% improvement.

BigFix is incredibly fast and accurate in patching, reporting, and remediation.

• More integration with external data
• Extending the reporting capabilities
• Integration with some of the service ticket providers

The solution is extremely stable and it communicates very well.

Their support is very good. 

We had one of our clients with over 30,000 endpoints, and within two days all of those 30,000 endpoints were installed and reporting back, and they were ready to patch. Installation is fairly simple.

We always were able to get our client the best cost from the vendor, so pricing was not really an issue.

We also evaluated Microsoft. BigFix was more accurate in the reporting, the patching, and overall functionality.

I would rate it ten out of ten for reliability, dependability, and being able to get the job done the first time around. 

Try it in a test run, you'll be really satisfied with the results.

We are using BigFix 10. We have been using this solution for app management and even for BP management. We use it for continuous improvement in terms of security and enhancements. We use it for AWS, Azure, Google, and other applications. 

It supports most of the applications, software, and OS. We don't need to go around and look for many tools. Most of the applications are completely supported, and it is much better than Qualys and Tenable. It also works pretty fast.

It is pretty secure, and it gives extensive vulnerability features as compared to other applications. It supports multiple languages, and the security checks are pretty high as compared to other tools in the market. 

It is a one-stop tool that allows you to do everything. It supports reporting, vulnerability management, patch management, and configuration. All things can be done in one tool.

It is a very user-friendly solution with a very good interface.

The reporting structure could be a little more simplistic. Currently, it throws too many vulnerabilities. Some of them are not needed because they are only informational and limitations, and they are not of much help. It doesn't need to show us these things.

Its pricing should be improved. It is too costly.

Its stability is very good. It is a standard tool, and it is also one of the leading tools in the market.

It supports most of the applications. It is pretty good in terms of scalability.

In our organization, we don't have more than 10 users. We use this tool on client-specific applications, and it is purchased by the client, and that's why we don't have many users in our organization.

We have plans to increase its usage, but it depends on the budget. If most of the application owners agree to the budget, we can probably use it extensively.

We get pretty good support on this. We can call them, and we also can connect with them through chat centers.

It was straightforward, but it took some time for us to settle down and get started. There were a lot of things to learn online. The deployment took about two to three months.

It is too costly. It is one of the best tools, but because of pricing, not all clients support it. 

Its licensing is on a yearly basis.

It was directly purchased by the client, and that's why we didn't look for or evaluate a different product. It was also better than most of the tools.

I would highly recommend this solution and advise everybody to use it in their organization.

I would rate BigFix a nine out of 10. I am super happy with it. It works well and surpasses what you expect.

I support multiple customers who use BixFix for many uses including for security compliance, server automation, remote control, software distribution, patching, etc. 

One of the biggest benefits BigFix has had for our organization is the ease and efficiency to perform many different tasks, across pillars and platforms, all from one pane of glass.

It has immensely reduced network traffic when it comes to downloading patches. Across the board, I've had a number of customers who've had platform tools that I'm able to combine into one tool.

We've set up and started using BigFix to patch and have had much higher patch saturation rates than in the past. We do historical tracking with BigFix, and we can see that the success rate's gone way up.

It has also helped to reduce help desk calls because of the success rate that we have with the patching. As the success rate goes up, we get fewer calls. 

The power is all in the platform. It's great to be able to patch. It's great to have a bunch of stuff for security compliance, etc but the power truly is in the platform or the tool.

I would like to see SDK for Web UI included in the next release. 

Overall it's a very stable solution.

I've worked with customers that have a couple thousand endpoints to a couple hundred thousand endpoints. I've also looked at other competing technologies out there, and it is definitely one of the leading tools on the marketplace in terms of the scalability performance.

The initial setup is very straight forward. Depending on the customer, it can be complex as far as doing the necessary planning. Some customers can miss the point of doing a lot of that planning up front. If done right, it's not complex at all. You get really fast ROI from the tool.

My customers definitely do see ROI from using BigFix but it varies from customer to customer. 

BigFix has faster ROI than SCCM. It's more scalable, requires a lot less hardware, has faster reporting, quicker data to get out of it; it's better.

I would rate it a nine out of ten. Not a ten because there's always room for improvement. I've been working with tools like BigFix for quite a while and it's one of the best tools on the market.

Our primary use for BigFix is in the industrial environment, we put BigFix into industrial facilities.

It allows for visibility into the OT, the industrial environments, that didn't exist before which is a big piece and has benefited my organization. Second, the speed at which people can patch is night and day versus SCCM or another similar solution.

When it comes to downloading patches it has helped our network tracking. Our networks are very low bandwidth and very sensitive. For instance, we're running a power plant and that power plant has to be up 99.99% of the time. That network that it's running on was built 35 or 40 years ago, without all the modern technologies, so we can't do it without BigFix.

Many of our clients have compliance requirements that they have to patch within a certain window and so we have to be able to give them data of when the cycle happened and if they complete the patches.

It has also helped to compress our client's patch cycles. For our clients, what was normally a full 30 days of work is now down to a couple of days to get the data in and actually get out and patch the thing. We tuned the BigFix console to enable that a little bit easier so it's a 75 to 80% reduction.

The ability for the agent to be customized, to both, run the fix list and the relevant language, but also to be able to be designed so that it only allows for outbound ports rather than inbound is the most valuable feature. We work in a lot of environments where there are segmented networks and we have to have an agent and a communication where we don't have any inbound ports into that environment. Having that agent be really small, and the ability to not have to have any open inbound ports into that environment is wonderful.

I would like to see different types of reporting and the ability to integrate closer with the cloud. 

It's very stable.

Their technical support is very good. The BigFix community is the best part. The support is nice, but the fact that we've got all those other practitioners out there, that's the best part.

Our clients have definitely seen ROI from using BigFix. 

I would rate it a nine out of ten. Not a ten because the reporting side of things could be improved and I'd like to see how they're going to fit it in with the cloud. 

I would advise someone considering BigFix to look at it and try it. It's really easy to say SCCM is free so you'll just use it but you don't know what you're missing until you actually give BigFix a shot and try it. It's dramatically easier. It significantly reduces the time and effort that it takes to do things and it's more certain. You know what you've got rather than getting in there and guessing each time.

Our primary use case of this solution is to develop custom content to deliver to restaurants.

It has improved reliability upon delivery of software and has also helped reduce software expenses. The extensibility of BigFix helps to create custom solutions where we may have considered purchasing something instead. 

We use it for PCI compliance and checking to see if endpoints are in a state where they need to be patched or not up to a certain level so it has helped us avoid compliance fees. 

Being able to report directly on aspects of the system is the most valuable feature for us. Meaning, instead of reporting on just an error code or something, you can inspect actual files, properties, registry keys, etc.

I would like to see much better web reporting because as it is now, it's convoluted, basic, it's not modern, and there are limitations to it.

The stability is excellent. I haven't had issues with BigFix crashing unexpectedly or anything like that.

The scalability seems solid. We're a smaller customer. We have about 16,000 endpoints, whereas other companies have hundreds of thousands.

Technical support is excellent, as far as the forum support. As far as new product needs, it's mixed. Sometimes if you are asked to submit an official request they go into a black hole.

We implemented in-house. 

I would rate it a seven out of ten. You can see all of the code of the custom content that is created for you. That's huge. With a lot of proprietary solutions, it's a black box where you can't see what they're doing and when it messes up you're on your own. With BigFix that was huge because if something goes wrong then you can create your own copy and start troubleshooting it.

I would advise someone considering this solution to have a developer on staff to fully leverage the features of it.