BigFix Reviews

I support multiple customers who use BixFix for many uses including for security compliance, server automation, remote control, software distribution, patching, etc. 

One of the biggest benefits BigFix has had for our organization is the ease and efficiency to perform many different tasks, across pillars and platforms, all from one pane of glass.

It has immensely reduced network traffic when it comes to downloading patches. Across the board, I've had a number of customers who've had platform tools that I'm able to combine into one tool.

We've set up and started using BigFix to patch and have had much higher patch saturation rates than in the past. We do historical tracking with BigFix, and we can see that the success rate's gone way up.

It has also helped to reduce help desk calls because of the success rate that we have with the patching. As the success rate goes up, we get fewer calls. 

The power is all in the platform. It's great to be able to patch. It's great to have a bunch of stuff for security compliance, etc but the power truly is in the platform or the tool.

I would like to see SDK for Web UI included in the next release. 

Overall it's a very stable solution.

I've worked with customers that have a couple thousand endpoints to a couple hundred thousand endpoints. I've also looked at other competing technologies out there, and it is definitely one of the leading tools on the marketplace in terms of the scalability performance.

The initial setup is very straight forward. Depending on the customer, it can be complex as far as doing the necessary planning. Some customers can miss the point of doing a lot of that planning up front. If done right, it's not complex at all. You get really fast ROI from the tool.

My customers definitely do see ROI from using BigFix but it varies from customer to customer. 

BigFix has faster ROI than SCCM. It's more scalable, requires a lot less hardware, has faster reporting, quicker data to get out of it; it's better.

I would rate it a nine out of ten. Not a ten because there's always room for improvement. I've been working with tools like BigFix for quite a while and it's one of the best tools on the market.

Our primary use for BigFix is in the industrial environment, we put BigFix into industrial facilities.

It allows for visibility into the OT, the industrial environments, that didn't exist before which is a big piece and has benefited my organization. Second, the speed at which people can patch is night and day versus SCCM or another similar solution.

When it comes to downloading patches it has helped our network tracking. Our networks are very low bandwidth and very sensitive. For instance, we're running a power plant and that power plant has to be up 99.99% of the time. That network that it's running on was built 35 or 40 years ago, without all the modern technologies, so we can't do it without BigFix.

Many of our clients have compliance requirements that they have to patch within a certain window and so we have to be able to give them data of when the cycle happened and if they complete the patches.

It has also helped to compress our client's patch cycles. For our clients, what was normally a full 30 days of work is now down to a couple of days to get the data in and actually get out and patch the thing. We tuned the BigFix console to enable that a little bit easier so it's a 75 to 80% reduction.

The ability for the agent to be customized, to both, run the fix list and the relevant language, but also to be able to be designed so that it only allows for outbound ports rather than inbound is the most valuable feature. We work in a lot of environments where there are segmented networks and we have to have an agent and a communication where we don't have any inbound ports into that environment. Having that agent be really small, and the ability to not have to have any open inbound ports into that environment is wonderful.

I would like to see different types of reporting and the ability to integrate closer with the cloud. 

It's very stable.

Their technical support is very good. The BigFix community is the best part. The support is nice, but the fact that we've got all those other practitioners out there, that's the best part.

Our clients have definitely seen ROI from using BigFix. 

I would rate it a nine out of ten. Not a ten because the reporting side of things could be improved and I'd like to see how they're going to fit it in with the cloud. 

I would advise someone considering BigFix to look at it and try it. It's really easy to say SCCM is free so you'll just use it but you don't know what you're missing until you actually give BigFix a shot and try it. It's dramatically easier. It significantly reduces the time and effort that it takes to do things and it's more certain. You know what you've got rather than getting in there and guessing each time.

Our primary use case of this solution is to develop custom content to deliver to restaurants.

It has improved reliability upon delivery of software and has also helped reduce software expenses. The extensibility of BigFix helps to create custom solutions where we may have considered purchasing something instead. 

We use it for PCI compliance and checking to see if endpoints are in a state where they need to be patched or not up to a certain level so it has helped us avoid compliance fees. 

Being able to report directly on aspects of the system is the most valuable feature for us. Meaning, instead of reporting on just an error code or something, you can inspect actual files, properties, registry keys, etc.

I would like to see much better web reporting because as it is now, it's convoluted, basic, it's not modern, and there are limitations to it.

The stability is excellent. I haven't had issues with BigFix crashing unexpectedly or anything like that.

The scalability seems solid. We're a smaller customer. We have about 16,000 endpoints, whereas other companies have hundreds of thousands.

Technical support is excellent, as far as the forum support. As far as new product needs, it's mixed. Sometimes if you are asked to submit an official request they go into a black hole.

We implemented in-house. 

I would rate it a seven out of ten. You can see all of the code of the custom content that is created for you. That's huge. With a lot of proprietary solutions, it's a black box where you can't see what they're doing and when it messes up you're on your own. With BigFix that was huge because if something goes wrong then you can create your own copy and start troubleshooting it.

I would advise someone considering this solution to have a developer on staff to fully leverage the features of it.

The most valuable feature for me is BigFix's multi platform. It's customizable and we're able to do API integration throughout our entire network.

We're able to to implement automation and reduce touch labor for level one technicalities so we're able to free up more manpower to take on more difficult tasks.

• I would like to see it go to the cloud. I want to see it as a management service.
• For us, we basically generate our own API documentation. So I think more API integration would also help.

We've had no problems, it's a very stable solution. It's very well supported and has a big forum of users. So you always have a resource to reach out to.

We've actually fixed the patching by improving our patch application by almost 60%. We went from applying 6,000 patches manually to 34,000 on average a month.

It's very scalable. Extremely scalable. Customization is always a big issue for us so we're always able to grow with it.

We've used technical support many times. They have great support. We've had international support. We've been on calls with Poland, Ireland, Germany and all our technical experts in the USA.

I wasn't involved in the installation process.

When choosing a vendor we think that knowledge of our market place is key. The Walt Disney Company is unique in the environment so we need someone who understands that we work in different ways than a lot of other companies. This also applies with regard to product scalability. We need growth, I don't need to be working with one product in a silo.

I would really encourage them to look into it and take a look at its abilities and think of it as a platform and not just a patching mechanism. Some people think BigFix is just patching. It's a lot more than that so I would ask them to look at the bigger modules.

My primary use case of this solution is for information security-related functions, like patching and threat detection.

BigFix has enabled us to have a highly successful endpoint patching program for the past decade. It's been enormously successful there. It's also become a core part of many of our business processes, from compliance monitoring of endpoints, encryption management, key escrow, and local administrator password escrow. It's built into our inventory. It's very much everywhere.

We do use BigFix as a system of investigation in the instance of lost and stolen devices to get an idea of what sort of data was possibly on it. It is an integral part of our compliance management system. Using BigFix to report on our encryption stance has been extraordinarily impactful in terms of avoiding fines for HIPAA violations and in terms of lost and stolen devices. We're definitely talking millions of dollars per year. We've got two hospitals, and probably lose a laptop a day. The scale is such that it's a huge number of machines wandering off. Now that we have good encryption coverage and good reporting on that coverage, in a lot of instances, we can acknowledge and verify that the device was lost but that it was verifiably encrypted, there were no records released, and we can then close an investigation. That's huge.

The custom content flexibility is the most important feature. Its ubiquity is also valuable. We've got very good adoption and it helps that it's one of the few tools that we have everywhere.

Network traffic is one of our current pain points. BigFix's high performance and high availability in our environment easily overwhelms our high-performance firewalls. Every time we push out patches to our entire population, it makes the firewalls very unhappy for about an hour and slows down some of our core enterprise apps. We're working to identify ways to fix that. We think that BigFix provides mechanisms for spreading out that load over time. We're going to be deploying that soon which will hopefully take care of the problem. Bandwidth is never a problem for us, we have enormous bandwidth. The number of sessions gets overwhelming when you have tens of thousands of machines all getting patched simultaneously. We're just going to spread that out over time and BigFix does offer that capability.

Around the scalability concern, I would like to see the ability to run teamed, clustered, or hierarchical root servers in order to provide a more robust, high availability system. The single monolithic root server model does somewhat bother me.

Until our most recent information security system that we stood up, which is unrelated to BigFix, BigFix was our most solid system, in terms of how much engineering effort it requires to keep up and running, relative to the number of servers involved. It's a pretty solid system. We do run into bugs and interesting functional quirks, usually around how the endpoint agent reports into the relays. It mostly just takes care of itself, for the most part. We do have to do a little care and feeding, but it's mostly self-sufficient.

We manage about 75,000 systems, most of them in a single instance and we have not run into serious performance issues at that scale. I have some concerns around the root server and the number of relays checking into it. We may be running into some performance issues there, but they're not impacting the functionality at this time.

Technical support has gone through its ups and downs, especially under IBM. The IBM support mechanism is clunky and somewhat challenging. They have made improvements recently. One thing that I really value about this organization is that we have a dedicated customer advocate, who is on the development team, and who is able to escalate serious issues as necessary, when the standard channels aren't working well. They've maintained that personal touch that has really improved our confidence in the support.

SCCM is not particularly effective as a cross-platform solution, so that alone makes it less of a contender. Also, BigFix is a lot more flexible, in terms of the types of content you can deploy, the types of reporting you can do, and the types of customizations you can do. We used to do a lot with the integration of the data from BigFix into many other systems, and so the customization is critical and SCCM doesn't offer anything like that.

I would rate it a solid eight out of ten. It's definitely not better than that, because it has a lot of Legacy code, a lot of early design decisions that it's still limping along with. On the other hand, I haven't found anything better out there. There are other competing products in this space, but nothing has convinced me that there is any compelling reason to switch. A lot of the value that we've gotten comes from the people that we're involved with, and the relationships that we've built with the community and vendor over time. I haven't found something that has a better security design. I'm a security guy, and a lot of the decisions that were made very early on in the BigFix product translate to enforcing good security practice, which I have not seen in other vendor solutions.

I would advise organizations looking at BigFix to not try to do everything all at once, but to get one process in place really solidly, and then move on to the next, all the while working on increasing coverage, and getting it on all of the systems. Both of those things take a long time. Don't try to build everything all simultaneously, because you will fail and it will probably take several iterations to get it right so make sure to take a very measured approach.

We use this solution for vulnerability management and patch management. We use BigFix to get information about the vulnerabilities that exist in the environment. We complete prioritization of those vulnerabilities and provide recommendations to the remediation teams. We assist the teams in case of any issues with remediation.

If our customer has a high number of critical vulnerabilities inside their environment, we use BigFix to do the patching. We are able to decrease the number of high and critical vulnerabilities by at least 30% in six months. This is a huge improvement and makes the environment more secure. 

The patch management and the BigFix Inventory have been the most valuable features.

The BigFix Inventory could have an increased scope regarding the tools that can be detected. It does not cover all the possible software installed in Asset. We used the BigFix module in a ILMT module to have the proper coverage. If we had the two of them combined, this would really assist with the inventory of software. 

Sometimes we may have a few issues with the fixlet Relevance where the Windows patches sometimes identifies as a false positive. We have opened tickets with the support team. They fixed that as soon as possible.

This is a stable solution. The only issues that we have had in the past with BigFix is with the sizing. If you don't perform the right sizing of the BigFix server, you may have performance issues. We have had no major issues with the performance itself.

This is a scalable solution. They are releasing a lot of improvements in the latest versions of BigFix. That will help us monitor how the tool is performing and if it would require change or increase of the hardware or the environment to make it run in a smoother way. The scalability has improved a lot.

The initial setup is straightforward. It involves sizing and designing the architecture to put BigFix in place and set up the proper relays. We experienced no issues doing this.

To begin the setup, we tried to identify the baseline of the customer to see how many endpoints the customer has. We also looked at the locations to know if we do need to put a low-level or top-level relay in place in each one of the data centers. In our case, as it's a huge environment, we set up two top-level relays and then a low-level relay in a different data center to not put a high load into network bandwidth when we try to transfer patches over the network.

We implemented this solution in-house.

The extent to which we use the different features of BigFix depends on the needs of our customers. We often propose new features when the need arises. 

BigFix is one of my favorite tools. I would rate it an eight out of ten. 

We used BigFix internally at my previous org. My current company is a BigFix reseller. A lot of people are looking at endpoint security now, but we primarily used BigFix for true endpoint management.

Endpoint security has become the main thing, but we used BigFix for patching and a lot of the other use cases in the past, and I think it worked pretty well. Obviously, the market has gotten much more crowded. 

The UEM component evolved into reunified endpoint management. Many of our customers used it for deployment and patching. HCL has a new endpoint security approach now, but it was really for managing that. 

BigFix can manage lost devices, so you can wipe them remotely to ensure the IP doesn't get out in public. Unified endpoint security is a new perspective. I know that HCL is also collaborating with IBM, but I'm not sure if there is any cooperation between them and MaaS360 or other endpoint components.

The main shortcoming of BigFix was integration with vulnerability management. If you had a vulnerability in your software and BigFix on the endpoint, you needed integration with Qualys, Tenable, or another vulnerability management solution to fix that. It was like, "Okay, we can identify issues, and get that information back from the endpoint, but what are we doing about it?" 

The stability has been solid when I've used BigFix with customers in the past. In that space, I don't think everybody is doing as much innovation as in other areas in the endpoint management or security market. 

I delineate between those two because endpoint management is a different use case. I think it's probably become a lot more important since the pandemic started.

We never had any challenges with scalability. Some of our customers had tens of thousands of endpoints. 

I used a few competitors a while back, but I don't know what LANDESK is up to these days. They were a big player in the market, but I don't know what other contenders are out there now.

The patching tool is $250 per client device per year. The inventory and discovery tool is $15 per client per year. They have a lifecycle management tool that is the central component for managing endpoints, which costs around $43 per year. BigFix Compliance is the other part, and that's also around $43.

I rate BigFix nine out of 10. I wouldn't recommend it to everyone. It depends on your infrastructure. If you have a pure Microsoft shop, you can probably get by deploying and managing endpoints their way. 

However, if you have a mixed environment of any kind, BigFix is good at what it does. Patch management is vital for security posture, so I wouldn't be surprised if BigFix is becoming increasingly popular.

It's primarily used for endpoint license monitoring. It's for the usage of applications, monitoring usage of CPUs, and stuff like this. When you have an audit, you can prove very fast what product you are using and what kind of CPU resources they are using.

There are other use cases. For example, I can find details for every use case where I need to know something about the software installed. Once, we had a Log4j bug. When the Log4j bug was live, we could use BigFix to analyze which of all the servers and clients this bug is used.

It's very usable for a technician, for an administrator. It's very straightforward. The usability is very close to everyday technical tools that you use as a systems administrator. So it's quite user-friendly. That said, it's not user-friendly for someone who is not working a lot with stuff like this. 

It's quite user-friendly if you are technical and if you just know what you want to do and to do the tasks. It's not user-friendly for someone who is a new user or something like this. It's specialized and user-friendly.

Maybe the online help could be improved. 

It'd be nice if you would have a lot more phrases and keywords that you could search for and find answers with the help.

It would be nice if there could be an extra interface. Not really to script something. However, if you want to make a drag-and-drop script, something like this, that would be quite useful for us.

I've been using the solution for one year now.

It is pretty stable and reliable. That's not a problem at all. 

The end users are all the teams. We have a Windows team, Linux team, application team, et cetera. All the teams work with the outputs of this tool. There might be 40 to 50 people or something working with this product.

You can have relays, and then you can scale it. It's a scalable system.

I work with it regularly, every week.

Their online help mechanisms and documentation need to be improved. It's hard to find documented answers to your questions as the search functionality isn't ideal. 

That said, their direct support is excellent. 

Positive

I have not worked with any other similar product.

I did not set up the system. It was set up when I got the task to take care of this product. It was already installed.

The product itself doesn't require a lot of maintenance. Of course, the server and client updates would be good as the tool has clients. The clients install them on all machines. However, the topic itself needs a lot of maintenance. If you want the data in BigFix to be up to date in case of an audit, you have to take care of the insights of BigFix. BigFix itself is running. However, the list of the servers needs to be correct, et cetera.

It was set up within the company. There was no outside assistance.

I don't handle the licensing aspect of the solution. I can't speak to the price. 

I am working with the latest update. I'm an end-user of the product.

I'm totally satisfied. For the use of the product that we have, it's totally working. It's fine.

I would recommend the solution if you are using a lot of IBM software in your company. If you are using BigFix and you have the client installed on every machine, you are nearly always audit-safe from out of the box. I would recommend it to everybody who has to take care of a lot of IBM product licensing. For everybody who has a lot of IBM products to be licensed, I would recommend using BigFix.

I'd rate it eight out of ten.