BigFix Reviews

The most valuable feature for me is BigFix's multi platform. It's customizable and we're able to do API integration throughout our entire network.

We're able to to implement automation and reduce touch labor for level one technicalities so we're able to free up more manpower to take on more difficult tasks.

• I would like to see it go to the cloud. I want to see it as a management service.
• For us, we basically generate our own API documentation. So I think more API integration would also help.

We've had no problems, it's a very stable solution. It's very well supported and has a big forum of users. So you always have a resource to reach out to.

We've actually fixed the patching by improving our patch application by almost 60%. We went from applying 6,000 patches manually to 34,000 on average a month.

It's very scalable. Extremely scalable. Customization is always a big issue for us so we're always able to grow with it.

We've used technical support many times. They have great support. We've had international support. We've been on calls with Poland, Ireland, Germany and all our technical experts in the USA.

I wasn't involved in the installation process.

When choosing a vendor we think that knowledge of our market place is key. The Walt Disney Company is unique in the environment so we need someone who understands that we work in different ways than a lot of other companies. This also applies with regard to product scalability. We need growth, I don't need to be working with one product in a silo.

I would really encourage them to look into it and take a look at its abilities and think of it as a platform and not just a patching mechanism. Some people think BigFix is just patching. It's a lot more than that so I would ask them to look at the bigger modules.

My primary use case of this solution is for information security-related functions, like patching and threat detection.

BigFix has enabled us to have a highly successful endpoint patching program for the past decade. It's been enormously successful there. It's also become a core part of many of our business processes, from compliance monitoring of endpoints, encryption management, key escrow, and local administrator password escrow. It's built into our inventory. It's very much everywhere.

We do use BigFix as a system of investigation in the instance of lost and stolen devices to get an idea of what sort of data was possibly on it. It is an integral part of our compliance management system. Using BigFix to report on our encryption stance has been extraordinarily impactful in terms of avoiding fines for HIPAA violations and in terms of lost and stolen devices. We're definitely talking millions of dollars per year. We've got two hospitals, and probably lose a laptop a day. The scale is such that it's a huge number of machines wandering off. Now that we have good encryption coverage and good reporting on that coverage, in a lot of instances, we can acknowledge and verify that the device was lost but that it was verifiably encrypted, there were no records released, and we can then close an investigation. That's huge.

The custom content flexibility is the most important feature. Its ubiquity is also valuable. We've got very good adoption and it helps that it's one of the few tools that we have everywhere.

Network traffic is one of our current pain points. BigFix's high performance and high availability in our environment easily overwhelms our high-performance firewalls. Every time we push out patches to our entire population, it makes the firewalls very unhappy for about an hour and slows down some of our core enterprise apps. We're working to identify ways to fix that. We think that BigFix provides mechanisms for spreading out that load over time. We're going to be deploying that soon which will hopefully take care of the problem. Bandwidth is never a problem for us, we have enormous bandwidth. The number of sessions gets overwhelming when you have tens of thousands of machines all getting patched simultaneously. We're just going to spread that out over time and BigFix does offer that capability.

Around the scalability concern, I would like to see the ability to run teamed, clustered, or hierarchical root servers in order to provide a more robust, high availability system. The single monolithic root server model does somewhat bother me.

Until our most recent information security system that we stood up, which is unrelated to BigFix, BigFix was our most solid system, in terms of how much engineering effort it requires to keep up and running, relative to the number of servers involved. It's a pretty solid system. We do run into bugs and interesting functional quirks, usually around how the endpoint agent reports into the relays. It mostly just takes care of itself, for the most part. We do have to do a little care and feeding, but it's mostly self-sufficient.

We manage about 75,000 systems, most of them in a single instance and we have not run into serious performance issues at that scale. I have some concerns around the root server and the number of relays checking into it. We may be running into some performance issues there, but they're not impacting the functionality at this time.

Technical support has gone through its ups and downs, especially under IBM. The IBM support mechanism is clunky and somewhat challenging. They have made improvements recently. One thing that I really value about this organization is that we have a dedicated customer advocate, who is on the development team, and who is able to escalate serious issues as necessary, when the standard channels aren't working well. They've maintained that personal touch that has really improved our confidence in the support.

SCCM is not particularly effective as a cross-platform solution, so that alone makes it less of a contender. Also, BigFix is a lot more flexible, in terms of the types of content you can deploy, the types of reporting you can do, and the types of customizations you can do. We used to do a lot with the integration of the data from BigFix into many other systems, and so the customization is critical and SCCM doesn't offer anything like that.

I would rate it a solid eight out of ten. It's definitely not better than that, because it has a lot of Legacy code, a lot of early design decisions that it's still limping along with. On the other hand, I haven't found anything better out there. There are other competing products in this space, but nothing has convinced me that there is any compelling reason to switch. A lot of the value that we've gotten comes from the people that we're involved with, and the relationships that we've built with the community and vendor over time. I haven't found something that has a better security design. I'm a security guy, and a lot of the decisions that were made very early on in the BigFix product translate to enforcing good security practice, which I have not seen in other vendor solutions.

I would advise organizations looking at BigFix to not try to do everything all at once, but to get one process in place really solidly, and then move on to the next, all the while working on increasing coverage, and getting it on all of the systems. Both of those things take a long time. Don't try to build everything all simultaneously, because you will fail and it will probably take several iterations to get it right so make sure to take a very measured approach.

We use this solution for vulnerability management and patch management. We use BigFix to get information about the vulnerabilities that exist in the environment. We complete prioritization of those vulnerabilities and provide recommendations to the remediation teams. We assist the teams in case of any issues with remediation.

If our customer has a high number of critical vulnerabilities inside their environment, we use BigFix to do the patching. We are able to decrease the number of high and critical vulnerabilities by at least 30% in six months. This is a huge improvement and makes the environment more secure. 

The patch management and the BigFix Inventory have been the most valuable features.

The BigFix Inventory could have an increased scope regarding the tools that can be detected. It does not cover all the possible software installed in Asset. We used the BigFix module in a ILMT module to have the proper coverage. If we had the two of them combined, this would really assist with the inventory of software. 

Sometimes we may have a few issues with the fixlet Relevance where the Windows patches sometimes identifies as a false positive. We have opened tickets with the support team. They fixed that as soon as possible.

This is a stable solution. The only issues that we have had in the past with BigFix is with the sizing. If you don't perform the right sizing of the BigFix server, you may have performance issues. We have had no major issues with the performance itself.

This is a scalable solution. They are releasing a lot of improvements in the latest versions of BigFix. That will help us monitor how the tool is performing and if it would require change or increase of the hardware or the environment to make it run in a smoother way. The scalability has improved a lot.

The initial setup is straightforward. It involves sizing and designing the architecture to put BigFix in place and set up the proper relays. We experienced no issues doing this.

To begin the setup, we tried to identify the baseline of the customer to see how many endpoints the customer has. We also looked at the locations to know if we do need to put a low-level or top-level relay in place in each one of the data centers. In our case, as it's a huge environment, we set up two top-level relays and then a low-level relay in a different data center to not put a high load into network bandwidth when we try to transfer patches over the network.

We implemented this solution in-house.

The extent to which we use the different features of BigFix depends on the needs of our customers. We often propose new features when the need arises. 

BigFix is one of my favorite tools. I would rate it an eight out of ten. 

We primarily use the solution for patching.

The solution offers great patching, even for third-party patching. Many organizations know how to patch Microsoft products. However, the biggest benefit for BigFix is third-party patching. It can patch Notepad and Java - all of these third-party products that are non-Mircosoft.

It's stable. 

The implementation process is simple. 

It can scale. 

I'm not sure if there are any extra features needed.

It could use better integration with Hypervisor products like VMware. This is where it is lacking right now. There are articles available explaining how to integrate with VMware. However, it's my understanding that it is somewhat difficult. 

I am not sure if this is available on the cloud or not. 

I've been using the solution for three years. 

The solution is stable. I'd rate it eight out of ten. We've had no issues with stability. Performance-wise, it has been fine. 

One of the issues that my guys come across is it can take up to 48 hours before the Microsoft patches are available in BigFix since we are a day ahead in New Zealand. 

I'm not sure how many people are using the solution in our organization. 

The scalability is okay. I'd rate the solution seven or eight out of ten in terms of the ease of scaling. My experience with scaling has been pretty good. 

There is a lot of web access and online groups available, which are quite good. I don't necessarily have access to support and, therefore, cannot speak to their level of support.

We do have an internal team that would be able to get hold of support.

I'm also familiar with ECCM. However, it only patches Microsoft products. We've also used BatchPatch, used for pushing scripts, among other solutions.

I helped with the installation process for two customers. The installation was reasonably swift; however, the actual consideration and moving the patching products across into BigFix that can take a long time. The configuration took six to 12 months. 

A massive gain for BigFix would be if it was able to go and interrogate products like SCCM and import the patching sequences and groups, it would make it much easier. 

I'd rate the initial setup process seven out of ten. It does take quite a long time to bring everything across from other products. 

I'm not sure of the exact licensing structure. It might be about $23 a client. Some of the modules, such as security compliance and lifecycle, may cost extra. For example, the integration with BigFix and Micorosft Defender may require an extra license. 

I'm an avid BigFix fan, and we use it in my company quite a bit.

We're the biggest vendor in New Zealand, and we have it installed in our organization and fed out to clients. 

This is our patching product of choice. All new customers get BigFix implemented, and existing customers are encouraged to have it as well. 

We're an integrator. 

We're completing a new client install and working on the configuration of patching, and this is the best tool we've ever implemented for this customer. I love this tool. It could just be a bit more accessible.

I'd recommend the solution. I'd rate it nine out of ten.

We used BigFix internally at my previous org. My current company is a BigFix reseller. A lot of people are looking at endpoint security now, but we primarily used BigFix for true endpoint management.

Endpoint security has become the main thing, but we used BigFix for patching and a lot of the other use cases in the past, and I think it worked pretty well. Obviously, the market has gotten much more crowded. 

The UEM component evolved into reunified endpoint management. Many of our customers used it for deployment and patching. HCL has a new endpoint security approach now, but it was really for managing that. 

BigFix can manage lost devices, so you can wipe them remotely to ensure the IP doesn't get out in public. Unified endpoint security is a new perspective. I know that HCL is also collaborating with IBM, but I'm not sure if there is any cooperation between them and MaaS360 or other endpoint components.

The main shortcoming of BigFix was integration with vulnerability management. If you had a vulnerability in your software and BigFix on the endpoint, you needed integration with Qualys, Tenable, or another vulnerability management solution to fix that. It was like, "Okay, we can identify issues, and get that information back from the endpoint, but what are we doing about it?" 

The stability has been solid when I've used BigFix with customers in the past. In that space, I don't think everybody is doing as much innovation as in other areas in the endpoint management or security market. 

I delineate between those two because endpoint management is a different use case. I think it's probably become a lot more important since the pandemic started.

We never had any challenges with scalability. Some of our customers had tens of thousands of endpoints. 

I used a few competitors a while back, but I don't know what LANDESK is up to these days. They were a big player in the market, but I don't know what other contenders are out there now.

The patching tool is $250 per client device per year. The inventory and discovery tool is $15 per client per year. They have a lifecycle management tool that is the central component for managing endpoints, which costs around $43 per year. BigFix Compliance is the other part, and that's also around $43.

I rate BigFix nine out of 10. I wouldn't recommend it to everyone. It depends on your infrastructure. If you have a pure Microsoft shop, you can probably get by deploying and managing endpoints their way. 

However, if you have a mixed environment of any kind, BigFix is good at what it does. Patch management is vital for security posture, so I wouldn't be surprised if BigFix is becoming increasingly popular.

It's primarily used for endpoint license monitoring. It's for the usage of applications, monitoring usage of CPUs, and stuff like this. When you have an audit, you can prove very fast what product you are using and what kind of CPU resources they are using.

There are other use cases. For example, I can find details for every use case where I need to know something about the software installed. Once, we had a Log4j bug. When the Log4j bug was live, we could use BigFix to analyze which of all the servers and clients this bug is used.

It's very usable for a technician, for an administrator. It's very straightforward. The usability is very close to everyday technical tools that you use as a systems administrator. So it's quite user-friendly. That said, it's not user-friendly for someone who is not working a lot with stuff like this. 

It's quite user-friendly if you are technical and if you just know what you want to do and to do the tasks. It's not user-friendly for someone who is a new user or something like this. It's specialized and user-friendly.

Maybe the online help could be improved. 

It'd be nice if you would have a lot more phrases and keywords that you could search for and find answers with the help.

It would be nice if there could be an extra interface. Not really to script something. However, if you want to make a drag-and-drop script, something like this, that would be quite useful for us.

I've been using the solution for one year now.

It is pretty stable and reliable. That's not a problem at all. 

The end users are all the teams. We have a Windows team, Linux team, application team, et cetera. All the teams work with the outputs of this tool. There might be 40 to 50 people or something working with this product.

You can have relays, and then you can scale it. It's a scalable system.

I work with it regularly, every week.

Their online help mechanisms and documentation need to be improved. It's hard to find documented answers to your questions as the search functionality isn't ideal. 

That said, their direct support is excellent. 

Positive

I have not worked with any other similar product.

I did not set up the system. It was set up when I got the task to take care of this product. It was already installed.

The product itself doesn't require a lot of maintenance. Of course, the server and client updates would be good as the tool has clients. The clients install them on all machines. However, the topic itself needs a lot of maintenance. If you want the data in BigFix to be up to date in case of an audit, you have to take care of the insights of BigFix. BigFix itself is running. However, the list of the servers needs to be correct, et cetera.

It was set up within the company. There was no outside assistance.

I don't handle the licensing aspect of the solution. I can't speak to the price. 

I am working with the latest update. I'm an end-user of the product.

I'm totally satisfied. For the use of the product that we have, it's totally working. It's fine.

I would recommend the solution if you are using a lot of IBM software in your company. If you are using BigFix and you have the client installed on every machine, you are nearly always audit-safe from out of the box. I would recommend it to everybody who has to take care of a lot of IBM product licensing. For everybody who has a lot of IBM products to be licensed, I would recommend using BigFix.

I'd rate it eight out of ten. 

We use the latest version.

Upon our evaluation of other products we found that most solutions provide the same technological functions and features. But, BigFix has two advantages over these. The first is that its price is competitive. The second is that we found the implementation partner to be very supportive in terms of explaining and training the in-house resources and deploying the solution. 

The architecture is also lightweight.

The reporting and dashboard parts have room for improvement. When it comes to the dashboard it should include certain customized reports. The requirements may vary from one automation to another and it would be nice to see the reports in their own style. As such, there should be more reports included and a greater ability to customize them. 

I cannot say I am aware of all the functions of BigFix. I believe it has antivirus capabilities and others of which I am not knowledgeable. For the moment, we use the antivirus capabilities of Trend Micro although, going forward, I would like to evaluate those of BigFix. Should these turn out to be lightweight and more effective than those of Trend Micro then I would definitely consider replacing them so that I may have all the functions contained within a single console. 

We have been using BigFix for the past two years.

The solution is stable. 

Scalability is another factor which must be taken into account at the design stage, keeping in mind the endpoints and how one wishes for them to grow. The endpoints will govern how one provisions the infrastructure. Since the license is only subscription-based, if a person provisions his infrastructure correctly, he may scale up easily. 

The initial setup was easy. 

Yet, there are many other criteria which must be taken into account because there is a need for the distributed network. As such, it is important to understand the bandwidth that it will consume when it comes to pushing the latest updates. This means that the solution must be designed in such a way that the implementation would not choke the bandwidth or consume much of it or other activities, as the appliances it contains would also be consuming the same bandwidth. 

We are not talking about putting a separate network or network connectivity for pushing the patches. We usually use the same connectivity. We see that the designing stage is of critical importance and, if done correctly, the implementation will follow more easily. 

We utilized an implementation partner who we found to be supportive and explanatory when it came to training the in-house resources and to deploying the solution. 

The license is subscription-based. 

I would recommend the solution to others. This said, it is important to understand one's architecture and to have a knowledge of how one's endpoints are scattered and what the deployment and network architecture will look like. Once this is clarified, the solution would provide a good option. The same can be said for any product. The design of the implementation of the solution is of especial importance. 

Our primary use case of this solution is for endpoint management. 

Prior to BigFix we used Altiris, which was distributed. We had to manage multiple servers, and duplicate the tasks that we did on each server. BigFix tremendously reduced the amount of work that we had to do on each server in a centralized manner. We could minimize the work that we had to do, and we had a lot more control over the tasks and what machines they ran on.

It has helped to reduce help desk calls by 60-70%. Using the self-service portal allows our users a lot of access to fix their own problems as far as errors, as well as policies that auto-resolve issues as they come up without the user even knowing.

Finally, it has helped us to avoid compliance fines in the tens of thousands of dollars, if not more. We've used it for software audits numerous times and saved significant amounts of money with being able to clearly identify what machines have what software, then verify that we're licensed for the software that we have.

Power to query anything on the machine servers and problem resolution is where we find a lot of value in being able to turn around and find a fix, and identify machines that are having an issue, and being able to resolve that.

I believe that the peer to peer file transfers feature will speed up the time to get files to individual machines. I haven't used it myself, but I think that as far as clients go, instead of having to use one server for that, being able to get that data from their clients will be a lot faster and more efficient.

I would like to see for it to be a little easier for new users to be able to learn and create relevant statements. In my opinion, that's the hardest part for bringing on new people that haven't had BigFix experience. Being able to have easier ways to build relevance in ActionScript would be the biggest improvement I'd like to see.

It's very stable. There's minimal maintenance on the server infrastructure itself.

It's very scalable. We've had mergers that have come in and put a relay out there, and immediately get the information back for their clients. It's very scalable, we don't have to worry about putting too much burden on our other servers.

Their technical support is very good. 

We switched to BigFix mainly because of scalability and for centralizing the work that we did, rather than being distributed. From what I know of SCCM, and the little that I've used it, the granularity that relevance an ActionScript allows you over the endpoint, and the information coming back from the endpoint is fairly significant compared to the work that you would have to do to script all that out in SCCM to get that information back.

I would rate it an eight out of ten. Not a ten because of the training aspect of getting new users up and going on the technology. That would be the only downfall because it does take quite a bit of time to train new users. As far as the power, it's by far the best.

If you're considering BigFix look at the power that it allows you to have visibility into your system. If you don't have visibility into your systems, it takes a lot longer to get something resolved. Whereas if you can instantly get that information back from your client that's having a problem, being able to know that that issue needs to get fixed on that client's machine and being able to fix it instantly, could save you hundreds of hours.