Try our new research platform with insights from 80,000+ expert users
Pankaj Das - PeerSpot reviewer
Head Infrastructure,Network and Services at North East small finance bank
Real User
Top 10
Competitively priced with lightweight architecture and a supportive implementation partner
Pros and Cons
  • "We found the implementation partner to be very supportive in terms of explaining and training the in-house resources and deploying the solution."
  • "The reporting and dashboard parts have room for improvement."

What is our primary use case?

We use the latest version.

What is most valuable?

Upon our evaluation of other products we found that most solutions provide the same technological functions and features. But, BigFix has two advantages over these. The first is that its price is competitive. The second is that we found the implementation partner to be very supportive in terms of explaining and training the in-house resources and deploying the solution. 

The architecture is also lightweight.

What needs improvement?

The reporting and dashboard parts have room for improvement. When it comes to the dashboard it should include certain customized reports. The requirements may vary from one automation to another and it would be nice to see the reports in their own style. As such, there should be more reports included and a greater ability to customize them. 

I cannot say I am aware of all the functions of BigFix. I believe it has antivirus capabilities and others of which I am not knowledgeable. For the moment, we use the antivirus capabilities of Trend Micro although, going forward, I would like to evaluate those of BigFix. Should these turn out to be lightweight and more effective than those of Trend Micro then I would definitely consider replacing them so that I may have all the functions contained within a single console. 

For how long have I used the solution?

We have been using BigFix for the past two years.

Buyer's Guide
BigFix
December 2024
Learn what your peers think about BigFix. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,053 professionals have used our research since 2012.

What do I think about the stability of the solution?

The solution is stable. 

What do I think about the scalability of the solution?

Scalability is another factor which must be taken into account at the design stage, keeping in mind the endpoints and how one wishes for them to grow. The endpoints will govern how one provisions the infrastructure. Since the license is only subscription-based, if a person provisions his infrastructure correctly, he may scale up easily. 

How was the initial setup?

The initial setup was easy. 

Yet, there are many other criteria which must be taken into account because there is a need for the distributed network. As such, it is important to understand the bandwidth that it will consume when it comes to pushing the latest updates. This means that the solution must be designed in such a way that the implementation would not choke the bandwidth or consume much of it or other activities, as the appliances it contains would also be consuming the same bandwidth. 

We are not talking about putting a separate network or network connectivity for pushing the patches. We usually use the same connectivity. We see that the designing stage is of critical importance and, if done correctly, the implementation will follow more easily. 

What about the implementation team?

We utilized an implementation partner who we found to be supportive and explanatory when it came to training the in-house resources and to deploying the solution. 

What's my experience with pricing, setup cost, and licensing?

The license is subscription-based. 

What other advice do I have?

I would recommend the solution to others. This said, it is important to understand one's architecture and to have a knowledge of how one's endpoints are scattered and what the deployment and network architecture will look like. Once this is clarified, the solution would provide a good option. The same can be said for any product. The design of the implementation of the solution is of especial importance. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Lead Cyber Security engineer at a manufacturing company with 10,001+ employees
Real User
A one-stop tool that works fast, supports most of the applications, and has good security and stability
Pros and Cons
  • "It is pretty secure, and it gives extensive vulnerability features as compared to other applications. It supports multiple languages, and the security checks are pretty high as compared to other tools in the market."
  • "It is a one-stop tool that allows you to do everything. It supports reporting, vulnerability management, patch management, and configuration. All things can be done in one tool."
  • "The reporting structure could be a little more simplistic. Currently, it throws too many vulnerabilities. Some of them are not needed because they are only informational and limitations, and they are not of much help. It doesn't need to show us these things."
  • "Its pricing should be improved. It is too costly."

What is our primary use case?

We are using BigFix 10. We have been using this solution for app management and even for BP management. We use it for continuous improvement in terms of security and enhancements. We use it for AWS, Azure, Google, and other applications. 

What is most valuable?

It supports most of the applications, software, and OS. We don't need to go around and look for many tools. Most of the applications are completely supported, and it is much better than Qualys and Tenable. It also works pretty fast.

It is pretty secure, and it gives extensive vulnerability features as compared to other applications. It supports multiple languages, and the security checks are pretty high as compared to other tools in the market. 

It is a one-stop tool that allows you to do everything. It supports reporting, vulnerability management, patch management, and configuration. All things can be done in one tool.

It is a very user-friendly solution with a very good interface.

What needs improvement?

The reporting structure could be a little more simplistic. Currently, it throws too many vulnerabilities. Some of them are not needed because they are only informational and limitations, and they are not of much help. It doesn't need to show us these things.

Its pricing should be improved. It is too costly.

What do I think about the stability of the solution?

Its stability is very good. It is a standard tool, and it is also one of the leading tools in the market.

What do I think about the scalability of the solution?

It supports most of the applications. It is pretty good in terms of scalability.

In our organization, we don't have more than 10 users. We use this tool on client-specific applications, and it is purchased by the client, and that's why we don't have many users in our organization.

We have plans to increase its usage, but it depends on the budget. If most of the application owners agree to the budget, we can probably use it extensively.

How are customer service and technical support?

We get pretty good support on this. We can call them, and we also can connect with them through chat centers.

How was the initial setup?

It was straightforward, but it took some time for us to settle down and get started. There were a lot of things to learn online. The deployment took about two to three months.

What's my experience with pricing, setup cost, and licensing?

It is too costly. It is one of the best tools, but because of pricing, not all clients support it. 

Its licensing is on a yearly basis.

Which other solutions did I evaluate?

It was directly purchased by the client, and that's why we didn't look for or evaluate a different product. It was also better than most of the tools.

What other advice do I have?

I would highly recommend this solution and advise everybody to use it in their organization.

I would rate BigFix a nine out of 10. I am super happy with it. It works well and surpasses what you expect.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
BigFix
December 2024
Learn what your peers think about BigFix. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,053 professionals have used our research since 2012.
Informat76c6 - PeerSpot reviewer
Information Security Systems Specialist at a university with 10,001+ employees
Real User
Enabled us to have a highly successful endpoint patching program for the past decade
Pros and Cons
  • "It's enabled us to have a highly successful endpoint patching program for the past decade. It's been enormously successful there. It's also become a core part of many of our business processes, from compliance monitoring of endpoints, encryption management, key escrow, and local administrator password escrow. It's built into our inventory. It's very much everywhere."
  • "Around the scalability concern, I would like to see the ability to run teamed, clustered, or hierarchical root servers, in order to provide a more robust, high availability system. The single monolithic root server model does somewhat bother me."

What is our primary use case?

My primary use case of this solution is for information security-related functions, like patching and threat detection.

How has it helped my organization?

BigFix has enabled us to have a highly successful endpoint patching program for the past decade. It's been enormously successful there. It's also become a core part of many of our business processes, from compliance monitoring of endpoints, encryption management, key escrow, and local administrator password escrow. It's built into our inventory. It's very much everywhere.

We do use BigFix as a system of investigation in the instance of lost and stolen devices to get an idea of what sort of data was possibly on it. It is an integral part of our compliance management system. Using BigFix to report on our encryption stance has been extraordinarily impactful in terms of avoiding fines for HIPAA violations and in terms of lost and stolen devices. We're definitely talking millions of dollars per year. We've got two hospitals, and probably lose a laptop a day. The scale is such that it's a huge number of machines wandering off. Now that we have good encryption coverage and good reporting on that coverage, in a lot of instances, we can acknowledge and verify that the device was lost but that it was verifiably encrypted, there were no records released, and we can then close an investigation. That's huge.

What is most valuable?

The custom content flexibility is the most important feature. Its ubiquity is also valuable. We've got very good adoption and it helps that it's one of the few tools that we have everywhere.

What needs improvement?

Network traffic is one of our current pain points. BigFix's high performance and high availability in our environment easily overwhelms our high-performance firewalls. Every time we push out patches to our entire population, it makes the firewalls very unhappy for about an hour and slows down some of our core enterprise apps. We're working to identify ways to fix that. We think that BigFix provides mechanisms for spreading out that load over time. We're going to be deploying that soon which will hopefully take care of the problem. Bandwidth is never a problem for us, we have enormous bandwidth. The number of sessions gets overwhelming when you have tens of thousands of machines all getting patched simultaneously. We're just going to spread that out over time and BigFix does offer that capability.

Around the scalability concern, I would like to see the ability to run teamed, clustered, or hierarchical root servers in order to provide a more robust, high availability system. The single monolithic root server model does somewhat bother me.

What do I think about the stability of the solution?

Until our most recent information security system that we stood up, which is unrelated to BigFix, BigFix was our most solid system, in terms of how much engineering effort it requires to keep up and running, relative to the number of servers involved. It's a pretty solid system. We do run into bugs and interesting functional quirks, usually around how the endpoint agent reports into the relays. It mostly just takes care of itself, for the most part. We do have to do a little care and feeding, but it's mostly self-sufficient.

What do I think about the scalability of the solution?

We manage about 75,000 systems, most of them in a single instance and we have not run into serious performance issues at that scale. I have some concerns around the root server and the number of relays checking into it. We may be running into some performance issues there, but they're not impacting the functionality at this time.

How are customer service and technical support?

Technical support has gone through its ups and downs, especially under IBM. The IBM support mechanism is clunky and somewhat challenging. They have made improvements recently. One thing that I really value about this organization is that we have a dedicated customer advocate, who is on the development team, and who is able to escalate serious issues as necessary, when the standard channels aren't working well. They've maintained that personal touch that has really improved our confidence in the support.

Which other solutions did I evaluate?

SCCM is not particularly effective as a cross-platform solution, so that alone makes it less of a contender. Also, BigFix is a lot more flexible, in terms of the types of content you can deploy, the types of reporting you can do, and the types of customizations you can do. We used to do a lot with the integration of the data from BigFix into many other systems, and so the customization is critical and SCCM doesn't offer anything like that.

What other advice do I have?

I would rate it a solid eight out of ten. It's definitely not better than that, because it has a lot of Legacy code, a lot of early design decisions that it's still limping along with. On the other hand, I haven't found anything better out there. There are other competing products in this space, but nothing has convinced me that there is any compelling reason to switch. A lot of the value that we've gotten comes from the people that we're involved with, and the relationships that we've built with the community and vendor over time. I haven't found something that has a better security design. I'm a security guy, and a lot of the decisions that were made very early on in the BigFix product translate to enforcing good security practice, which I have not seen in other vendor solutions.

I would advise organizations looking at BigFix to not try to do everything all at once, but to get one process in place really solidly, and then move on to the next, all the while working on increasing coverage, and getting it on all of the systems. Both of those things take a long time. Don't try to build everything all simultaneously, because you will fail and it will probably take several iterations to get it right so make sure to take a very measured approach.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
CEO/ Chief Strategist at GreenWave Tech Corp
Real User
We're able to make sure that our endpoints are secure, regardless of the location on or off network
Pros and Cons
  • "DOWNLOADING-PATCHES; It has also helped to reduce network traffic when it comes to downloading patches. By only having to download the patch once to the central location and then utilizing the relay structure to then download the patch to a specific site and then everything gathering at local, it greatly reduces the bandwidth of multiple endpoints."
  • "We're a partner, so we deliver technical support to customers. When we need to talk to the product support, traditionally, with the product over the last five years, I would not say support has been supportive. I hope that changes."

What is our primary use case?

We help our customers and ourselves do vulnerability and compliance implementations, licensing compliance, and patch management solutions.

How has it helped my organization?

I've worked with the product a very long time, almost eight and a half years now, and for my own company, we're able to make sure that our endpoints are secure, regardless of the location on or off network. Also, for a lot of our customers, a big benefit is being able to give with accuracy, the reporting of compliancies based on NIST or STIGs, compliance reporting tools and being able to know that what they're doing.

It has also helped to reduce network traffic when it comes to downloading patches. By only having to download the patch once to the central location and then utilizing the relay structure to then download the patch to a specific site and then everything gathering at local, it greatly reduces the bandwidth of multiple endpoints.

We use it to compare current and old patches. I don't necessarily want to deploy a roll-up patch, but we have to because that's how the vendors are producing them. By being able to evaluate whether the new patching is as successful as the old way, we're able to compare the different content of the patches and not just that the patch has been delivered, but that the vulnerability that the patch is supposed to fix no longer exists.

Before we started using this solution, patching was done per endpoint. What we're able to do now is, we can test the patches, deploy them, with certainty that they're not breaking anything else, and then large scale deploy the amount. I've seen customers reduce their patch cycle times from a 60-day turnaround window to a 15-day turnaround window.

Finally, it has helped reduce software spend. By having to look at the licensed tools and what's being utilized and not utilized, we're able to make informed decisions about software license levels. This product falls a little short as far as the licensing compliance capabilities. I would like to see some development surrounding that so that I could input ELA agreements, regardless of vendor, and be able to pull those compliance-based reports.

What is most valuable?

The ease of use is the most valuable feature. Underlying that is the truth that the information that's being derived from the endpoints is accurate. There's no gray matter, and we don't have to interpret the results.

What needs improvement?

I would like to see file consistency and sizing, and I would like to see more robust reporting in the power management features. Energy use and consumption has become a cry within IT development. It's an underserved piece of the product that has implications that could allow security and green IT and sustainability to be married better.

What do I think about the stability of the solution?

The stability is paramount. It has definitely reduced the need for multiple products down at the endpoint, it's reduced the number of agents needed at the endpoint, and overall because the product was created so many years ago when networks were not nearly as robust as they are now, the improvement of the product over time along with the improvement of the stability of large networks, has coincided. It is as stable today as when you could only transfer 15 bits across the line.

How are customer service and technical support?

We're a partner, so we deliver technical support to customers. When we need to talk to the product support, traditionally, with the product over the last five years, I would not say support has been supportive. I hope that changes.

How was the initial setup?

Our initial setup was very complex because we not only have it set up for our internal use, but we also have a managed service platform in which we service multiple clients. We have a cloud-based solution with it as well. We're called in for a lot of the crazy deployments that are out there in the customer world where they have massive amounts of endpoints and really complex network systems.

What was our ROI?

If you utilize the tool to the maximum capacity available to you, your ROI is significantly five to seven-fold over cost.

What other advice do I have?

SCCM was a product that was originally designed to deploy Microsoft Office and to patch some of the underlying structures of the Microsoft operating system. It was never designed to be a large-scale security compliance or endpoint management tool. So when you look at it from those foundations, it doesn't compare. SCCM is a free product that's offered as part of an ELA agreement that can do those functions and features, but it's not designed to do it.

I would rate BigFix a nine out of ten. It is a world leader in the patch management, vulnerability management, and security compliance space. Not a ten because the product still has room for growth and maturity to be a full-scale platform for agnostic management.

I would advise someone considering this solution to start with the simplest thing that you need to be fixed, whether that's patch management or that's software-inventory, and learn how the product works. If you can conceptually understand that it's an agnostic platform, then what I would do for patching is the same thing that I would do for inventory, which is the same thing that I would do for compliance management. Then converting over those features until into a holistic environment is easy. If you're trying to eat the elephant all at once, it gets very overwhelming very quickly.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
PeerSpot user
Endpoint84a2 - PeerSpot reviewer
Endpoint Management Engineer at a retailer with 1,001-5,000 employees
Real User
The ability to customize the content to do what we need it to do is very powerful
Pros and Cons
  • "Having higher visibility on patching level, on patching successful, and non-successful has been a way that BigFix has improved my organization. Also, the ability to customize the content to do what we need it to do is very powerful and very flexible for us. Finally, in the area of custom interfaces like REST API really gives us the ability to provide for our external customers."
  • "License management isn't quite as easy as it should be to deal with the licensing. You need to take the server down to import the new licenses which I find to be annoying."

What is our primary use case?

We use this solution to import management across all of our stores, desktops and server infrastructures.

How has it helped my organization?

Having higher visibility on patching level, on patching successful, and non-successful has been a way that BigFix has improved my organization. Also, the ability to customize the content to do what we need it to do is very powerful and very flexible for us. Finally, in the area of custom interfaces, like REST API, really gives us the ability to provide for our external customers.

It has immensely helped to reduce network traffic when it comes to downloading patches. Downloading once and distributing to all endpoints applicable greatly reduces bandwidth.

What is most valuable?

The most valuable feature is the ability to make the platform do almost anything you want it to do. Out-of-the-box features are very powerful, but with creativity you can make the platform do almost anything you want it to do.

What needs improvement?

I would like to see more flexibility on how queries are run through the API. We've got some of our desktop customers that use the API to query a lot, and that actually impacts our server automation plan sometimes. On a day when they might be heavily querying and it hits a web report server, that messes with our server automation plans and the reporting for it. The server automation should be hitting the actual BigFix database versus the web reports.

I would also like to see improvement on configuring where the logs go. It's been annoying for both of our desktop teams. Even on the Linux side, we should be able to set the property to have the logs go to a different location. It's annoying because sometimes if you need to clear out the best data you end up losing all the logs. You can try to save it off but it's an extra step. If you try to move those logs ahead of time with the client property it shouldn't be an issue, install the BigFix agent into a nonstandard location. It's important for some of our UNIX endpoints who don't give enough space. It should be supported from the install, out of the box.

What do I think about the scalability of the solution?

It'll scale almost as big as you need it. You just throw hardware at it.

How are customer service and technical support?

In regards to technical support, level 2 is very helpful, but when things need to get more visibility you can get their core developers to help which is really helpful.

How was the initial setup?

The initial setup was complex. There are a lot of steps to set it up, at least on the Linux side.

What's my experience with pricing, setup cost, and licensing?

License management isn't quite as easy as it should be to deal with the licensing. You need to take the server down to import the new licenses which I find to be annoying. 

What other advice do I have?

I would rate it a nine out of ten. It's incredibly flexible. I've managed and worked with several endpoint management solutions like ITMS, or ZENworks. I haven't worked with SCCM, but it's like if SCCM was a Ferrari, BixFix is an incredibly tweak-able, tunable, indie car. It can do a lot of cool stuff but you have to tweak it, and you have to know how to use it. 

I would advise someone considering this solution to throw out all of your expectation on how you think things need to work. Throw out how you did things before. Don't try to shoehorn what you did before into a product you might move to because it's probably going to do things better than you did before. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
CTO at ESM TECHNOLOGY, INC
Real User
Incredibly fast and accurate in patching, reporting, and remediation
Pros and Cons
  • "BigFix is incredibly fast and accurate in patching, reporting, and remediation."
  • "I would like to see more integration with external data."

What is our primary use case?

Primarily my clients use it for being able to not only patch but also to be able to detect and remediate vulnerabilities in their environment. In addition, to be able to provide an accurate inventory of both the hardware and software of what they currently have deployed.

How has it helped my organization?

Some of my clients have gone from it taking months to be able to get through a patch cycle or to discover what's out there, down to days. A lot of it's been over a 90% improvement.

What is most valuable?

BigFix is incredibly fast and accurate in patching, reporting, and remediation.

What needs improvement?

  • More integration with external data
  • Extending the reporting capabilities
  • Integration with some of the service ticket providers

What do I think about the stability of the solution?

The solution is extremely stable and it communicates very well.

How are customer service and technical support?

Their support is very good. 

How was the initial setup?

We had one of our clients with over 30,000 endpoints, and within two days all of those 30,000 endpoints were installed and reporting back, and they were ready to patch. Installation is fairly simple.

What's my experience with pricing, setup cost, and licensing?

We always were able to get our client the best cost from the vendor, so pricing was not really an issue.

Which other solutions did I evaluate?

We also evaluated Microsoft. BigFix was more accurate in the reporting, the patching, and overall functionality.

What other advice do I have?

I would rate it ten out of ten for reliability, dependability, and being able to get the job done the first time around. 

Try it in a test run, you'll be really satisfied with the results.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
PeerSpot user
DataSecu4c81 - PeerSpot reviewer
Data Security Officer at a healthcare company with 10,001+ employees
Real User
It helps maintain our environment, so all of our systems are patched and up to date.

What is most valuable?

I believe that the agent on the endpoint is very powerful. It can do a lot. It can patch, it can get information on the asset, and it's just a very powerful tool.

How has it helped my organization?

It helps maintain our environment, so all of our systems are patched and up to date. It also helps provide security settings to the endpoints as well. We can also push out applications and different settings.

What needs improvement?

They're actually adding some of the features that I wanted, such as detecting, which allows us to fix things remotely. If there's a security issue, we could actually stop the security issue in its tracks. I think they need to polish up a little bit, and it seems like IBM is now finally starting to invest money into the solution. I think that's going to help its brand name.

What do I think about the scalability of the solution?

The product is very scalable, but it can also be very complex. If you don't set things up right then you could have problems. You just need to know what you're doing.

How are customer service and technical support?

Technical support has sometimes been very good, and sometimes it's been not so good. It just depends. I would say that in tier one sometimes they know, sometimes they don't, but then once you go up to tier two or tier three they're definitely experts in their field.

Which solution did I use previously and why did I switch?

Previously we were using the Microsoft solution, Windows Software Update Services. That's a very all or none solution which is not as granular. Regarding BigFix, I like that I can push out updates to systems within their patch window and make sure that they're complete and done within that patch window.

How was the initial setup?

The setup could be simple or it could be complex. It depends on your environment.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
LeadsSys47c3 - PeerSpot reviewer
Leads Systems Analyst at a transportation company with 10,001+ employees
Real User
Its extensibility is valuable

How has it helped my organization?

Patch management: We've gone from hideous to amazing.

What is most valuable?

The most valuable feature is the extensibility of the tool. We're able to implement solutions through available APIs and custom solutions. We're able to provide services quickly. We're able to provide services completely.

What needs improvement?

A lot of my suggestions have already been submitted through RFEs; some of them involve inspector enhancements in the end point. We've got enhancement requests on the BigFix Inventory side. I know that it's not quite as mature a product as BigFix is.

What do I think about the stability of the solution?

I think the current tool is fairly robust. We have ways of breaking it, though.

What do I think about the scalability of the solution?

We're pushing the limits of the tool. We've got over 250,000 devices in our environment; probably one of the larger customers. There are a few that are larger. But we're also doing a lot with the tool that I think other customers aren't. We're doing software distribution as well as patch management. We're also doing inventory and software usage analysis. I don't know of too many other customers that are doing that.

How are customer service and technical support?

Technical support depends on who you get. I deal with some amazing support folks, and then I've dealt with some less-than-amazing support folks.

Which solution did I use previously and why did I switch?

Our previous tool was the predecessor to BigFix, Tivoli Configuration Manager. We were entitled to migrate from TCM to BigFix, so it was kind of a no-brainer.

How was the initial setup?

I was involved in the initial setup. It was very straightforward. The implementation was pretty easy.

Which other solutions did I evaluate?

BigFix was on our short list before they were IBM. We decided against them because they were a small company, even though their solution was better than some of their competitors. Management knew it was too much of a risk to go with BigFix. When they finally became IBM, again, it was a no-brainer because they were on the top of our list of vendors satisfying the feature requirements and now they had the backing of IBM, so it made sense.

We looked at Alteryx. We looked at Microsoft SCCM. SCCM was a big competitor.

I don’t have that many criteria when selecting a vendor.

What other advice do I have?

The advice that I would give depends on the problem that you are trying to solve. I spoke with a number of people at an IBM conference (users looking for a high-end endpoint security software who were potentially going to install BigFix), and they had nothing but good things to say about the tool and the people supporting it.

It's a well-developed tool, supported by people who are passionate about it.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free BigFix Report and get advice and tips from experienced pros sharing their opinions.
Updated: December 2024
Buyer's Guide
Download our free BigFix Report and get advice and tips from experienced pros sharing their opinions.