BigFix Reviews

Software distribution and patch management are the most valuable. Patch management is the native first usage of this product. Bulletin and Security Update are ready to use. Software deployment is fast and the product can be tuned for poor bandwidth network.

This product has massively reduced the wasted time for a technician to deploy or upgrade a security patch or a software version. With only one technician, you can deploy a large application in less 24 hours (Office, SAP, AutoCAD) in all your computers worldwide. We have used this product to upgrade Office 2000 to 2010 and now Office 365, for 80,000 users.

The console interface is not friendly, and requires training before using it in production. The levels of permissions are too complex to share the product with other teams. The technician must have all permissions to work easily. There is no web interface.

I have been using BigFix for three years.

We had problems with stability from the first use. There was network bandwidth outage when we deployed a huge application or a lot of security patches. This problem was solved by specific client settings and their management, and some changes to the architecture of the product.

Customer service and technical support people have a high level of knowledge. The forum and knowledge database are very interesting and up to date.

I previously used Symantec Altiris v6.5. We stopped using this product because the maintenance cost of the hardware infrastructure was too high. This solution requires high numbers of servers, as opposed to IBM BigFix.

The initial setup was straightforward. Installation was easy and a basic configuration is enough to start to work locally in the same network. But it is more complex when you need to deploy it worldwide.

Our implementation was done through a vendor partner team. My advice: choose a partner with real experience on this product. The settings and design of this product are not complex but require a great deal of experience to adapt it to your IT ecosystem.

I cannot reply about ROI.

I can estimate the reduced cost of servers maintenance to approximatively $500,000.

During deployment and design of this product you must involve the services that will use the product. You have to change the mindset (concept) of your team if you used another product in the past.

The most valuable features of the solution are Windows patching and the hardware and software inventory. The solution's reporting is very good in a single console.

The solution’s pricing could be improved.

We have been doing a POC for the last three months with BigFix's Evolution version.

I rate the solution a nine out of ten for stability.

Around 500 users are using the solution in our organization.

I rate the solution an eight or nine out of ten for scalability.

Intune only supports Windows and does not support other platforms like Unix and Linux. On the other hand, BigFix supports all platforms.

The solution's initial setup is simple and not complex. I have done the full server installation and configuration thrice, and it's not complex.

On a scale from one to ten, where one is expensive and ten is cheap, I rate the solution's pricing one out of ten.

Patch management is configured in existing endpoint computers. We are pushing the custom policy deployment in weekly patches, which require critical and important patches. Since it's a by-policy, it's pushed automatically. We have enabled the solution's remote endpoint management option, but we are primarily focussing on licensing hardware and software inventory.

BigFix's integration with our IT infrastructure was easy. I would recommend the solution to other users.

Overall, I rate the solution ten out of ten.

We are using BigFix for desktop management, endpoint management, inventory, application control, remote control, building machines, master images, OS deployment, and software distribution.

The most valuable and essential features of BigFix are all of them, they are needed when serving the purpose of the desktop operation framework. We cannot run operations without patching or without having an appropriate mechanism for deploying software, et cetera. The features all serve their purpose for our use case.

The one feature that provided the most value and efficiency would be patch management. It's the most powerful feature in BigFix.

BigFix can improve the way machines report back to the console. In the external relay management environment, it has become more of a hybrid environment with most of the machines not being on-site. The need of having public-facing reporting items interconnected is becoming more and more crucial. In general, the reporting could use some enhancement.

In a future release, it would be a benefit to have a cloud-based solution with external cloud-based relays. Additionally, having a remote control in the cloud feature would be interesting.

I have been using BigFix for approximately four years.

BigFix is stable. However, there have been a few minor issues, such as the relay's not reporting.

The scalability of BigFix is good. How deployment is not that large in size. The exercises that we do are pretty limited.

We have approximately 30 administrators using this solution.

Our company has a good relationship with the reseller that we work with and the support they provide to us is fair.

The initial setup of BigFix was easy because we started from scratch, we didn't have a CCM before. The deployment of BigFix is a powerful feature, it is simple to do.

The price of BigFix could be lower. However, I am always seeking a lower price.

My advice to others is for them to take a holistic approach while designing. Don't look at one functionality, but look at the environment as a framework. View it from all aspects and merge operation with security. Don't let your focus be on the compliance of your environment or on the operation element alone, take other aspects into consideration, such as the security aspect, which is fast remediation, vulnerability management, and end-of-life management.

I rate BigFix an eight out of ten.

We are a global security and cloud integrator, and we are also a reseller with a capability of up to 69 brands, but we're not married to anybody. Our goal is to give customers exactly what they need based on the scenario. We build everything that we sell. So, we have a large distribution partner that enables us to resell a lot of things. We definitely and always see what's hot in the market, and we are constantly reviewing technologies.

Patching and mobile device management are probably two of the biggest use cases of BigFix. 

In terms of the version, some of the clients have the latest version. BigFix is not a subscription as a service. It is not a SaaS model. It is an on-prem model for infrastructure teams to manage folks through the web or through the network, and it is not provided as a service. There is no open-source capability, so it doesn't really have an ecosystem around it. It's basically sold to clients for specific use.

For security these days, patching is obviously mission-critical. If you leave something unpatched, the vulnerability is easily found by the adversary, so that's critical. 

Mobile device management is also critical from the security aspect. BigFix is useful in scenarios where if a device is lost, you can disable it, and you can wipe it. All the company data that is available is completely encrypted, and it is basically illegible or not usable. People even have BigFix Mobile that they put on phones and other peripheral devices. You are basically putting a wrapper around the applications that are company applications in the bring your own device (BYOD) scenario.

It is for multiple use cases. A lot of people are looking at it just for security, and that's really endpoint security. The endpoint management part of it in terms of being able to constantly do patching for Windows, Unix, macOS, Cloud, Raspberry, VMware, and all Linux flavors is important, and they are very good at that. They have support for virtually every OS on the market.

A lot of people also use it for infrastructure value. HCL has changed the focus a little bit because it was originally looked at as a pure security tool on the IBM side for mobile device security, but since HCL took it over, it has become more focused on other different components. They've created REST APIs for the cloud, and there is now a scripting language that's associated with it. So, there are more broad use cases because the industry requires that. They also have their own development tool in BigFix.

HCL is India-based, and they've done a good job with BigFix, and they're also able to deliver the software at a lower price now. The integration is better with other security and vulnerability management tools. To remediate endpoint issues that are out there, they integrate with Tenable, Qualys, and others. So, you can manage all of your patches and fixes through one platform, even for all cloud services, which is a good thing. 

Training is obviously important, and HCL has done a better job than IBM at making that training available. Usually, there are different ways to do that, such as through video or self-service, etc.

I remember doing restarts a few times. So, making sure that it is rock solid from an executable perspective is important.

I have been working with all kinds of security tools, including this one, since 2001 or so. It has been 21 years.

We have interacted with them. They've been good and better probably in BigFix than some of the other tools that they acquired in that IBM divestiture. 

It is pretty easy to implement.

I would rate it an eight out of ten. It does everything reasonably well. There are so many competitors who do just one piece of this, or they're not really head-up competitors because some are into mobile security, and some are more into mobile endpoint management and patching.

Our primary use case is for the automation of patch compliance.

BigFix has drastically reduced the maintenance window period to patch and reboot servers.

It has helped to reduce network traffic when it comes to downloading patches. There's a single download to the primary BigFix server which is then replicated and cached on the Relays for all data center connected servers.

Due to the automation, we've been able to prevent a lot of human errors with BigFix so it's reduced our help desk calls by 50%.

Finally, it has helped us to compress patch cycles by around 75%.

The power is in the Platform!

I would like to see a WebUI SDK so we could take what is provided currently and be able to build our own customized web UI for particular customers that want to sell service.

It's extremely stable. 

It's very scalable. 

Their technical support is excellent. 

We've used BigFix in the past with other companies so we knew BigFix was a superior tool. Ten years prior, the current tool we were using had a lot of overhead, was time-consuming, used a lot of resources, and time spent on it. We knew there were better tools out there. 

It's far superior and there's no comparison to SCCM. It is so easy to navigate in the console. Everything's in a single view within a fixlet or a task. You can tell what actions are taking place versus having to go through separate menus in your console to figure it out. Just that alone and knowing instantly what your environment looks like based off of content makes BigFix superior. 

The initial setup was very straightforward. It's simple infrastructure to set up in comparison to other tools, like BladeLogic or SCCM, very simple infrastructure to set up.

We implemented ourselves. 

I would rate it a ten out of ten. It hasn't changed much since it's inception, so it's a superior product and it's just going to get better with the expansion of the API endpoint security and WebUI.

If you're considering BigFix, you should look deeper than just what's on the retail box of patch and compliance and software distribution. Look at the platform, what it can do on the back, and the relevance language, and the reporting capabilities. There's a lot more to this that you can use in your DevOps org to accomplish automation tasks.

We help our customers and ourselves do vulnerability and compliance implementations, licensing compliance, and patch management solutions.

I've worked with the product a very long time, almost eight and a half years now, and for my own company, we're able to make sure that our endpoints are secure, regardless of the location on or off network. Also, for a lot of our customers, a big benefit is being able to give with accuracy, the reporting of compliancies based on NIST or STIGs, compliance reporting tools and being able to know that what they're doing.

It has also helped to reduce network traffic when it comes to downloading patches. By only having to download the patch once to the central location and then utilizing the relay structure to then download the patch to a specific site and then everything gathering at local, it greatly reduces the bandwidth of multiple endpoints.

We use it to compare current and old patches. I don't necessarily want to deploy a roll-up patch, but we have to because that's how the vendors are producing them. By being able to evaluate whether the new patching is as successful as the old way, we're able to compare the different content of the patches and not just that the patch has been delivered, but that the vulnerability that the patch is supposed to fix no longer exists.

Before we started using this solution, patching was done per endpoint. What we're able to do now is, we can test the patches, deploy them, with certainty that they're not breaking anything else, and then large scale deploy the amount. I've seen customers reduce their patch cycle times from a 60-day turnaround window to a 15-day turnaround window.

Finally, it has helped reduce software spend. By having to look at the licensed tools and what's being utilized and not utilized, we're able to make informed decisions about software license levels. This product falls a little short as far as the licensing compliance capabilities. I would like to see some development surrounding that so that I could input ELA agreements, regardless of vendor, and be able to pull those compliance-based reports.

The ease of use is the most valuable feature. Underlying that is the truth that the information that's being derived from the endpoints is accurate. There's no gray matter, and we don't have to interpret the results.

I would like to see file consistency and sizing, and I would like to see more robust reporting in the power management features. Energy use and consumption has become a cry within IT development. It's an underserved piece of the product that has implications that could allow security and green IT and sustainability to be married better.

The stability is paramount. It has definitely reduced the need for multiple products down at the endpoint, it's reduced the number of agents needed at the endpoint, and overall because the product was created so many years ago when networks were not nearly as robust as they are now, the improvement of the product over time along with the improvement of the stability of large networks, has coincided. It is as stable today as when you could only transfer 15 bits across the line.

We're a partner, so we deliver technical support to customers. When we need to talk to the product support, traditionally, with the product over the last five years, I would not say support has been supportive. I hope that changes.

Our initial setup was very complex because we not only have it set up for our internal use, but we also have a managed service platform in which we service multiple clients. We have a cloud-based solution with it as well. We're called in for a lot of the crazy deployments that are out there in the customer world where they have massive amounts of endpoints and really complex network systems.

If you utilize the tool to the maximum capacity available to you, your ROI is significantly five to seven-fold over cost.

SCCM was a product that was originally designed to deploy Microsoft Office and to patch some of the underlying structures of the Microsoft operating system. It was never designed to be a large-scale security compliance or endpoint management tool. So when you look at it from those foundations, it doesn't compare. SCCM is a free product that's offered as part of an ELA agreement that can do those functions and features, but it's not designed to do it.

I would rate BigFix a nine out of ten. It is a world leader in the patch management, vulnerability management, and security compliance space. Not a ten because the product still has room for growth and maturity to be a full-scale platform for agnostic management.

I would advise someone considering this solution to start with the simplest thing that you need to be fixed, whether that's patch management or that's software-inventory, and learn how the product works. If you can conceptually understand that it's an agnostic platform, then what I would do for patching is the same thing that I would do for inventory, which is the same thing that I would do for compliance management. Then converting over those features until into a holistic environment is easy. If you're trying to eat the elephant all at once, it gets very overwhelming very quickly.

Primarily my clients use it for being able to not only patch but also to be able to detect and remediate vulnerabilities in their environment. In addition, to be able to provide an accurate inventory of both the hardware and software of what they currently have deployed.

Some of my clients have gone from it taking months to be able to get through a patch cycle or to discover what's out there, down to days. A lot of it's been over a 90% improvement.

BigFix is incredibly fast and accurate in patching, reporting, and remediation.

• More integration with external data
• Extending the reporting capabilities
• Integration with some of the service ticket providers

The solution is extremely stable and it communicates very well.

Their support is very good. 

We had one of our clients with over 30,000 endpoints, and within two days all of those 30,000 endpoints were installed and reporting back, and they were ready to patch. Installation is fairly simple.

We always were able to get our client the best cost from the vendor, so pricing was not really an issue.

We also evaluated Microsoft. BigFix was more accurate in the reporting, the patching, and overall functionality.

I would rate it ten out of ten for reliability, dependability, and being able to get the job done the first time around. 

Try it in a test run, you'll be really satisfied with the results.

We are using BigFix 10. We have been using this solution for app management and even for BP management. We use it for continuous improvement in terms of security and enhancements. We use it for AWS, Azure, Google, and other applications. 

It supports most of the applications, software, and OS. We don't need to go around and look for many tools. Most of the applications are completely supported, and it is much better than Qualys and Tenable. It also works pretty fast.

It is pretty secure, and it gives extensive vulnerability features as compared to other applications. It supports multiple languages, and the security checks are pretty high as compared to other tools in the market. 

It is a one-stop tool that allows you to do everything. It supports reporting, vulnerability management, patch management, and configuration. All things can be done in one tool.

It is a very user-friendly solution with a very good interface.

The reporting structure could be a little more simplistic. Currently, it throws too many vulnerabilities. Some of them are not needed because they are only informational and limitations, and they are not of much help. It doesn't need to show us these things.

Its pricing should be improved. It is too costly.

Its stability is very good. It is a standard tool, and it is also one of the leading tools in the market.

It supports most of the applications. It is pretty good in terms of scalability.

In our organization, we don't have more than 10 users. We use this tool on client-specific applications, and it is purchased by the client, and that's why we don't have many users in our organization.

We have plans to increase its usage, but it depends on the budget. If most of the application owners agree to the budget, we can probably use it extensively.

We get pretty good support on this. We can call them, and we also can connect with them through chat centers.

It was straightforward, but it took some time for us to settle down and get started. There were a lot of things to learn online. The deployment took about two to three months.

It is too costly. It is one of the best tools, but because of pricing, not all clients support it. 

Its licensing is on a yearly basis.

It was directly purchased by the client, and that's why we didn't look for or evaluate a different product. It was also better than most of the tools.

I would highly recommend this solution and advise everybody to use it in their organization.

I would rate BigFix a nine out of 10. I am super happy with it. It works well and surpasses what you expect.