BigFix Reviews

We are using BigFix for sending patches to our servers and desktops, such as security and regular updates.

BigFix has enhanced our organization by demonstrating its efficacy in delivering software updates to endpoints. For example, Microsoft releases patches and we are able to easily make them available for our end-user computing platforms. Additionally, by utilizing the network inventory feature in BigFix, we have been able to substantially improve error percentages and completion statuses, and generate reports on patching percentages within a day and subsequent weeks.

The most valuable aspect of BigFix is its ability to patch desktops. While we have complete control over servers and can easily push patches to them, desktops pose a greater risk for leaks and vulnerabilities if patches are not installed in a timely manner. By using BigFix, we have significantly improved our ability to patch desktops, whether they are laptops, desktops, or other mobile devices used by end-users.

In order to derive maximum benefit from BigFix, it is essential that we configure all of its features and implement them effectively. If the automation could be improved we would be able to mitigate the risks associated with zero-day threats.

I have used BigFix within the last 12 months.

The solution is stable. The primary role of the solution is to patch the systems to the latest released security updates. We have not had any issues once we had deployed the solution correctly.

During our exploration of available solutions, we found that very few in the market offer comprehensive security features. In our evaluation of BigFix, we were particularly impressed with its VMware functionality, which far exceeded that of other solutions we considered. Rather than having to configure multiple solutions, BigFix provided us with basic security information and VMware management detection and response all in one. While the effectiveness of BigFix is certainly a key consideration, its ability to consolidate security features was a major factor in our decision to choose it.

I rate the stability of BigFix an eight out of ten.

I rate the scalability of BigFix an eight out of ten.

I rate the support of BigFix an eight out of ten.

Positive

We were using Microsoft SCCM prior to BigFix. We switched toBigFix because we wanted to have a complete solution. Microsoft SCCM was lacking features, such as managing the network endpoints, the discovery of the endpoints, VMware functionality, and Linux patching.

The deployment of BigFix is complicated. There are a lot of firewall ports that need to be configured and with a company with 50,000 employees, this can be a challenge. The configuration could improve by being more streamlined in the future.

We were assigned a project manager from the BigFix team who provided us with a comprehensive list of requirements for establishing effective communication. However, implementing these requirements across multiple countries and coordinating with various network teams posed a challenge, particularly in terms of opening the necessary communication channels through firewalls. This was a daunting task, especially if the application utilizes codes that are commonly blocked by firewalls.

The full deployment of the solution took three months.

The price of the solution is high. There are not any additional fees from the standard license.

I rate the price of BigFix a seven out of ten.

For those considering the use of BigFix, my advice is to pay close attention to the deployment phase. This involves identifying the necessary firewall ports and ensuring that the servers are configured to communicate with the internet to download patches. Proper deployment is critical for ensuring smooth operation in the future, as troubleshooting can be difficult once the solution is fully deployed.

I rate BigFix an eight out of ten.

It matches with the ILMT tool. We're trying to validate the licensing for IBM software. 

We're using the permanent discovery tool for septic for hardware and software too. For IBM, we have to use that due to the reporting of sub-capacity licenses.

It's mostly easy to use.

The sub-capacity licensing is the most valuable aspect of the product right now for us. 

It's good for reporting hardware and software. 

The solution is stable.

Technical support is helpful.

It scales well.

It's got some complexity when we're trying to figure out the IBM setup for software.

The sub-capacity licensing was a challenge for some of it. We had trouble getting it to calculate right.

It's better for hardware discovery. We get to increase its capabilities for hardware discovery. They need to enhance their sub-capacity capabilities, so we can use it easier for sub-capacity so that it is less of an art form and more of a science.

We'd like agents to be able to collect usage.

I've used the solution on and off for about eight years or so. I've used it for quite a while now. 

It is stable and reliable. There are no bugs or glitches. It doesn't crash or freeze.

The solution has scaled well for what we are doing. 

Technical support has been very good. Sometimes they can't do things if it is not a function of the system; however, if the function of the system is possible, they help us and make it work. We are satisfied with the level of support we get. 

The initial setup was not overly complex. The complexity was the handling of configurations. 

The pricing was good. We had government pricing going into the project and it was pretty fair. 

I am using the latest version of the solution. I am not sure of the exact version number. I help different companies. Some are on the latest, and some aren't.

I'd advise people to understand what data they need and that the solution can actually pull that data in the right format for them.

I'd rate the solution eight out of ten. 

We are using BigFix for desktop management, endpoint management, inventory, application control, remote control, building machines, master images, OS deployment, and software distribution.

The most valuable and essential features of BigFix are all of them, they are needed when serving the purpose of the desktop operation framework. We cannot run operations without patching or without having an appropriate mechanism for deploying software, et cetera. The features all serve their purpose for our use case.

The one feature that provided the most value and efficiency would be patch management. It's the most powerful feature in BigFix.

BigFix can improve the way machines report back to the console. In the external relay management environment, it has become more of a hybrid environment with most of the machines not being on-site. The need of having public-facing reporting items interconnected is becoming more and more crucial. In general, the reporting could use some enhancement.

In a future release, it would be a benefit to have a cloud-based solution with external cloud-based relays. Additionally, having a remote control in the cloud feature would be interesting.

I have been using BigFix for approximately four years.

BigFix is stable. However, there have been a few minor issues, such as the relay's not reporting.

The scalability of BigFix is good. How deployment is not that large in size. The exercises that we do are pretty limited.

We have approximately 30 administrators using this solution.

Our company has a good relationship with the reseller that we work with and the support they provide to us is fair.

The initial setup of BigFix was easy because we started from scratch, we didn't have a CCM before. The deployment of BigFix is a powerful feature, it is simple to do.

The price of BigFix could be lower. However, I am always seeking a lower price.

My advice to others is for them to take a holistic approach while designing. Don't look at one functionality, but look at the environment as a framework. View it from all aspects and merge operation with security. Don't let your focus be on the compliance of your environment or on the operation element alone, take other aspects into consideration, such as the security aspect, which is fast remediation, vulnerability management, and end-of-life management.

I rate BigFix an eight out of ten.

We are a global security and cloud integrator, and we are also a reseller with a capability of up to 69 brands, but we're not married to anybody. Our goal is to give customers exactly what they need based on the scenario. We build everything that we sell. So, we have a large distribution partner that enables us to resell a lot of things. We definitely and always see what's hot in the market, and we are constantly reviewing technologies.

Patching and mobile device management are probably two of the biggest use cases of BigFix. 

In terms of the version, some of the clients have the latest version. BigFix is not a subscription as a service. It is not a SaaS model. It is an on-prem model for infrastructure teams to manage folks through the web or through the network, and it is not provided as a service. There is no open-source capability, so it doesn't really have an ecosystem around it. It's basically sold to clients for specific use.

For security these days, patching is obviously mission-critical. If you leave something unpatched, the vulnerability is easily found by the adversary, so that's critical. 

Mobile device management is also critical from the security aspect. BigFix is useful in scenarios where if a device is lost, you can disable it, and you can wipe it. All the company data that is available is completely encrypted, and it is basically illegible or not usable. People even have BigFix Mobile that they put on phones and other peripheral devices. You are basically putting a wrapper around the applications that are company applications in the bring your own device (BYOD) scenario.

It is for multiple use cases. A lot of people are looking at it just for security, and that's really endpoint security. The endpoint management part of it in terms of being able to constantly do patching for Windows, Unix, macOS, Cloud, Raspberry, VMware, and all Linux flavors is important, and they are very good at that. They have support for virtually every OS on the market.

A lot of people also use it for infrastructure value. HCL has changed the focus a little bit because it was originally looked at as a pure security tool on the IBM side for mobile device security, but since HCL took it over, it has become more focused on other different components. They've created REST APIs for the cloud, and there is now a scripting language that's associated with it. So, there are more broad use cases because the industry requires that. They also have their own development tool in BigFix.

HCL is India-based, and they've done a good job with BigFix, and they're also able to deliver the software at a lower price now. The integration is better with other security and vulnerability management tools. To remediate endpoint issues that are out there, they integrate with Tenable, Qualys, and others. So, you can manage all of your patches and fixes through one platform, even for all cloud services, which is a good thing. 

Training is obviously important, and HCL has done a better job than IBM at making that training available. Usually, there are different ways to do that, such as through video or self-service, etc.

I remember doing restarts a few times. So, making sure that it is rock solid from an executable perspective is important.

I have been working with all kinds of security tools, including this one, since 2001 or so. It has been 21 years.

We have interacted with them. They've been good and better probably in BigFix than some of the other tools that they acquired in that IBM divestiture. 

It is pretty easy to implement.

I would rate it an eight out of ten. It does everything reasonably well. There are so many competitors who do just one piece of this, or they're not really head-up competitors because some are into mobile security, and some are more into mobile endpoint management and patching.

Our primary use case is for the automation of patch compliance.

BigFix has drastically reduced the maintenance window period to patch and reboot servers.

It has helped to reduce network traffic when it comes to downloading patches. There's a single download to the primary BigFix server which is then replicated and cached on the Relays for all data center connected servers.

Due to the automation, we've been able to prevent a lot of human errors with BigFix so it's reduced our help desk calls by 50%.

Finally, it has helped us to compress patch cycles by around 75%.

The power is in the Platform!

I would like to see a WebUI SDK so we could take what is provided currently and be able to build our own customized web UI for particular customers that want to sell service.

It's extremely stable. 

It's very scalable. 

Their technical support is excellent. 

We've used BigFix in the past with other companies so we knew BigFix was a superior tool. Ten years prior, the current tool we were using had a lot of overhead, was time-consuming, used a lot of resources, and time spent on it. We knew there were better tools out there. 

It's far superior and there's no comparison to SCCM. It is so easy to navigate in the console. Everything's in a single view within a fixlet or a task. You can tell what actions are taking place versus having to go through separate menus in your console to figure it out. Just that alone and knowing instantly what your environment looks like based off of content makes BigFix superior. 

The initial setup was very straightforward. It's simple infrastructure to set up in comparison to other tools, like BladeLogic or SCCM, very simple infrastructure to set up.

We implemented ourselves. 

I would rate it a ten out of ten. It hasn't changed much since it's inception, so it's a superior product and it's just going to get better with the expansion of the API endpoint security and WebUI.

If you're considering BigFix, you should look deeper than just what's on the retail box of patch and compliance and software distribution. Look at the platform, what it can do on the back, and the relevance language, and the reporting capabilities. There's a lot more to this that you can use in your DevOps org to accomplish automation tasks.

We help our customers and ourselves do vulnerability and compliance implementations, licensing compliance, and patch management solutions.

I've worked with the product a very long time, almost eight and a half years now, and for my own company, we're able to make sure that our endpoints are secure, regardless of the location on or off network. Also, for a lot of our customers, a big benefit is being able to give with accuracy, the reporting of compliancies based on NIST or STIGs, compliance reporting tools and being able to know that what they're doing.

It has also helped to reduce network traffic when it comes to downloading patches. By only having to download the patch once to the central location and then utilizing the relay structure to then download the patch to a specific site and then everything gathering at local, it greatly reduces the bandwidth of multiple endpoints.

We use it to compare current and old patches. I don't necessarily want to deploy a roll-up patch, but we have to because that's how the vendors are producing them. By being able to evaluate whether the new patching is as successful as the old way, we're able to compare the different content of the patches and not just that the patch has been delivered, but that the vulnerability that the patch is supposed to fix no longer exists.

Before we started using this solution, patching was done per endpoint. What we're able to do now is, we can test the patches, deploy them, with certainty that they're not breaking anything else, and then large scale deploy the amount. I've seen customers reduce their patch cycle times from a 60-day turnaround window to a 15-day turnaround window.

Finally, it has helped reduce software spend. By having to look at the licensed tools and what's being utilized and not utilized, we're able to make informed decisions about software license levels. This product falls a little short as far as the licensing compliance capabilities. I would like to see some development surrounding that so that I could input ELA agreements, regardless of vendor, and be able to pull those compliance-based reports.

The ease of use is the most valuable feature. Underlying that is the truth that the information that's being derived from the endpoints is accurate. There's no gray matter, and we don't have to interpret the results.

I would like to see file consistency and sizing, and I would like to see more robust reporting in the power management features. Energy use and consumption has become a cry within IT development. It's an underserved piece of the product that has implications that could allow security and green IT and sustainability to be married better.

The stability is paramount. It has definitely reduced the need for multiple products down at the endpoint, it's reduced the number of agents needed at the endpoint, and overall because the product was created so many years ago when networks were not nearly as robust as they are now, the improvement of the product over time along with the improvement of the stability of large networks, has coincided. It is as stable today as when you could only transfer 15 bits across the line.

We're a partner, so we deliver technical support to customers. When we need to talk to the product support, traditionally, with the product over the last five years, I would not say support has been supportive. I hope that changes.

Our initial setup was very complex because we not only have it set up for our internal use, but we also have a managed service platform in which we service multiple clients. We have a cloud-based solution with it as well. We're called in for a lot of the crazy deployments that are out there in the customer world where they have massive amounts of endpoints and really complex network systems.

If you utilize the tool to the maximum capacity available to you, your ROI is significantly five to seven-fold over cost.

SCCM was a product that was originally designed to deploy Microsoft Office and to patch some of the underlying structures of the Microsoft operating system. It was never designed to be a large-scale security compliance or endpoint management tool. So when you look at it from those foundations, it doesn't compare. SCCM is a free product that's offered as part of an ELA agreement that can do those functions and features, but it's not designed to do it.

I would rate BigFix a nine out of ten. It is a world leader in the patch management, vulnerability management, and security compliance space. Not a ten because the product still has room for growth and maturity to be a full-scale platform for agnostic management.

I would advise someone considering this solution to start with the simplest thing that you need to be fixed, whether that's patch management or that's software-inventory, and learn how the product works. If you can conceptually understand that it's an agnostic platform, then what I would do for patching is the same thing that I would do for inventory, which is the same thing that I would do for compliance management. Then converting over those features until into a holistic environment is easy. If you're trying to eat the elephant all at once, it gets very overwhelming very quickly.

Primarily my clients use it for being able to not only patch but also to be able to detect and remediate vulnerabilities in their environment. In addition, to be able to provide an accurate inventory of both the hardware and software of what they currently have deployed.

Some of my clients have gone from it taking months to be able to get through a patch cycle or to discover what's out there, down to days. A lot of it's been over a 90% improvement.

BigFix is incredibly fast and accurate in patching, reporting, and remediation.

• More integration with external data
• Extending the reporting capabilities
• Integration with some of the service ticket providers

The solution is extremely stable and it communicates very well.

Their support is very good. 

We had one of our clients with over 30,000 endpoints, and within two days all of those 30,000 endpoints were installed and reporting back, and they were ready to patch. Installation is fairly simple.

We always were able to get our client the best cost from the vendor, so pricing was not really an issue.

We also evaluated Microsoft. BigFix was more accurate in the reporting, the patching, and overall functionality.

I would rate it ten out of ten for reliability, dependability, and being able to get the job done the first time around. 

Try it in a test run, you'll be really satisfied with the results.

We are using BigFix 10. We have been using this solution for app management and even for BP management. We use it for continuous improvement in terms of security and enhancements. We use it for AWS, Azure, Google, and other applications. 

It supports most of the applications, software, and OS. We don't need to go around and look for many tools. Most of the applications are completely supported, and it is much better than Qualys and Tenable. It also works pretty fast.

It is pretty secure, and it gives extensive vulnerability features as compared to other applications. It supports multiple languages, and the security checks are pretty high as compared to other tools in the market. 

It is a one-stop tool that allows you to do everything. It supports reporting, vulnerability management, patch management, and configuration. All things can be done in one tool.

It is a very user-friendly solution with a very good interface.

The reporting structure could be a little more simplistic. Currently, it throws too many vulnerabilities. Some of them are not needed because they are only informational and limitations, and they are not of much help. It doesn't need to show us these things.

Its pricing should be improved. It is too costly.

Its stability is very good. It is a standard tool, and it is also one of the leading tools in the market.

It supports most of the applications. It is pretty good in terms of scalability.

In our organization, we don't have more than 10 users. We use this tool on client-specific applications, and it is purchased by the client, and that's why we don't have many users in our organization.

We have plans to increase its usage, but it depends on the budget. If most of the application owners agree to the budget, we can probably use it extensively.

We get pretty good support on this. We can call them, and we also can connect with them through chat centers.

It was straightforward, but it took some time for us to settle down and get started. There were a lot of things to learn online. The deployment took about two to three months.

It is too costly. It is one of the best tools, but because of pricing, not all clients support it. 

Its licensing is on a yearly basis.

It was directly purchased by the client, and that's why we didn't look for or evaluate a different product. It was also better than most of the tools.

I would highly recommend this solution and advise everybody to use it in their organization.

I would rate BigFix a nine out of 10. I am super happy with it. It works well and surpasses what you expect.