BigFix Reviews

Currently, we've got four big customers, and one is in mining. It's certainly for endpoint management, especially for patch compliance. That's normally our first use case. It's for Windows and Linux patch and patch compliance measurement. That's the biggest use case that we do. 

The main use for day-to-day operations is patching, and we are averaging 95 to 98% patch compliance, meaning we deployed almost 8,000. We put upgrades now in Africa, which is small. however, has 8,000 to 10,000 endpoints, and we have two people doing that, and it takes us about half a day a month.

The second use case is when we do compliance, and we replacing Microsoft DPOs, it makes it much easier to implement. On the compliance level, we always do level compliance due to the fact that BigFix has got the CIS, and we use the CIS standards for the checklist. 

Another company that we work with is in the energy sector. They are an energy company in Africa, and one of the things that we did was we helped them to migrate from Windows 7 to Windows 10 as one of the components of BigFix is Lifecycle OS Deployment. In that case, we helped them and they successfully migrated almost three and a half thousand Windows 7 and Windows 10 machines in three months. We used the BigFix OSD processor. 

Some of those countries, like Zimbabwe, Zambia, and Angola, didn't even have a network. We did the upgrade fully with memory sticks. We gave them USB thumb drives or memory sticks, and everything was on there, and they took that and actually went and the machines were upgraded that way.

The big drive at the end of the day is money-saving. You can accomplish a lot even if you have a very low-level resource and no access to other skilled resources. You give someone a thumb drive and he can plug it in, boot the machine, and 20 or 30 minutes later, the machine is fully completed from a pre-defined standard.

We used the solution to get control over licensing. We were able to avert a drop at the end of a three-year contract and in the process saved the client about $5 million in penalties.

The patch compliance is very good.

It's very easy to upgrade solutions, even in low-technology environments.

The stability is perfect.

The roll-out is super-easy.

The solution is unbelievably scalable.

We're not restricted on/off-network, and we don't have to be a member of a domain. You can be on a workgroup, laptop, Mac, et cetera.

Historically, the company used to belong to IBM, and there was competition between MaaS360 and BigFix components. They neglected the mobile portion, or the mobile device management portion of BigFix. It has been sold. IBM sold it two years ago to HCL of India. 

Therefore, that's one thing that's lacking - the mobile side. They don't have a proper mobile device management capability. They're working on it, however, that's the one thing that needs improvement so that you can have full unified endpoint management.

The ability to handle removable media encryption on the removable media label, et cetera, is lacking due to the fact that you cannot really control your USB device. Of course, recently, we had a use case where we had to lock down the USB devices, but there were, for instance, certain machines that were on a very specific model of USB drives that had a license key. This customer was using licensed software, and the license was on the USB stick. Now, the USB stick must be in the machine the whole time in order to use the application.

The solution needs to bring back the granular control of the USB devices that they offered a year or four years ago. That way, you can say "these devices are allowed" or "these devices are not allowed". That's the one major thing, in my opinion, that they could rethink, USB device control for removable media.

They're doing a lot of work on remote control. They are working on making it very, very simple. However, ti's not quite there yet.

I've been using the solution for five years at this point.

The stability on this solution is rock solid. I will put money up against it. BigFix is absolutely unbelievably stable. We never had any data corruption of any kind while using it.

You can do 250,000 endpoints with a machine that's got 32 bits of RAM and about 300 GB of disc space. That's the one thing about BigFix that makes it unique. The way you can easily scale is great. That's a biggie. Scalability is absolutely amazing.

I'm a little bit out of that department now, however, in Africa, in which that market is small, we've got between 20 or 30 customers. The big ones we have about 10,000 endpoints that we manage for them, and we are three people. There is only one team lead and two junior techs and we manage all the endpoints for them. Some of those endpoints are on the internet. Even if you're not on a corporate network, we can still monitor your environment on the same site. We can even give instructions in case of emergency to say, "Download this patch," or "Apply this patch," or "Change this compliance status," et cetera, with a GPO Microsoft directory.

The technical support, when the solution moved from IBM to HCL, improved dramatically. The technical documentation, the quality of the upgrades, et cetera, is really, really fantastic. I'm very glad IBM sold the product off to HCL as the quality of the product and everything surrounding it, including technical support, has improved dramatically. It's very good. We're quite satisfied.

The initial setup is not complex at all. It's very straightforward.

BigFix does license per server and per workstation. The cost depends on how many servers or work stations you are dealing with, and which tier of service you use.

BigFix consists of four modules. You get what we call the Platform Edition, which you get for free. The patch service is maybe $0.50 per workstation per month. Then there's the basic server cost, which is about $1.50 per server per month. You also get into Lifecycle which does power management, OSD remote control, and those types of things, and that might be about 10 times the price - which works out to about $13 per server and, maybe $5 per workstation per month.

It's all pretty customizable and you can just get the bare minimum or trade-up for a bit more.

We've looked at Microsoft SCCM, among others. At the end of the day, we looked for something fit for a really small company. We looked for something that can be simple, easy to deploy, and that was one of the reasons we chose BigFix. 

The main drive around BigFix was the fact that you don't need a lot of people to run it. That was one of the reasons we chose BigFix because it was small, or you can easily implement it on a very big scale, and one person can actually manage a lot of customers remotely. That was the reason we picked it. It was the only one that actually met those criteria at that point in time. 

I'm not using the latest version of the solution. I'm actually using the version before the latest.

I would advise that, before you buy the solution, you do a POC. You can do a 48-hour challenge where, if you start at 9 AM, you will be able to give patch compliance by 12 noon (for 1,000 endpoints). You've got three hours to install the product, get it up and running, deploy the agents, et cetera. Basically, take some time to test drive the product.

Overall, I'd rate the solution ten out of ten. I think it's a phenomenal product.

We use the HCL BigFix solution to provide patch-, software- and OS-image distribution services for our customers. In addition endpoint solution avcurat software, ILMT and hardware inventory. Since BigFix is base on the principle of pull, not push the administrators can afford precise information in real time about the status of distribution of patches and software.

The BigFix console deliver an excellent overview of all endpoints, and tasks and fixlets to be done. You do not need to click through an endless numbers of wysiwigs, one by one - With BigFix you can create dynamics group with thousands of endoints, selected by an excact numbers of criteria. When you need to do many tasks and distribute many patches at once, BigFix gives you the opurutnity to create baselinesr where you ochestras tasks to be fone to be performed in a specific order.

BigFix is base on the principle if something is relevant or not. The systems works more or less like an complex database the sends small messeges to endpoint and ask them to report back to the server. If a given condition is true, them it's relevant and server will ask the client to something It's simple as that. Therefore, BigFix is extrempower solution when it supports more than 90 diffferent OS. The system can manage whatever you you want!

"The heart of the Fixlet technology is the Relevance language that allows authors to interrogate the hardware and software properties of your managed clients using Inspectors. With the Relevance language, you can write expressions describing virtually any aspect of the client environment. Some Fixlets are simply designed to return Relevance information to the servers, but most of them suggest actions that can patch or update the client computer. The actions, in turn, also take advantage of Relevance expressions. Fixlet messages and Relevance expressions by themselves can only notify the user or the administrator. Actions, on the other hand, are specifically designed to modify the client, so there is a clear dividing line between a Relevance expression and its associated action - typically a human is required to deploy the action."

The support of other 3rd party ssytems could be better. ServiceNow is supported by BigFix - But there is a lot of other systems that BigFix could support and vice versa and make it even more powerful. With all the inventory information avout the osftware and hardware in the network of the organization - The BigFix database could be a very valuable source for other maniufactors and porviders of software and hardware.

I have been working with Bigfix for almost ten years where I use the it distribute patches and software for my customers. After a while, the Windows 7 and later Windows 10 clienent become very stable. From what I have learn, IBM and HCL who owned thd product, do an wxtra quality chack of the patches before the release them. Sometimes the team behind Bigfix discover need of patches that become recommended by Microsoft many years later.

The stability is great! We have not experienced any issues. 

The scalability is excellent!. The BigFix solution is organized like a pyramid with the main master server at top. From there BigFix use relays to distribute Fixlets and Tasks to the clients. You can organize your hierarchy to fit your organization. The number of endpoints should not pass 5000 clients pr. relay before you set up a new relay. The funnie matter of fact is that a relay can use workstation with a lot of disk space - It does need to be a Windows-server, it can also be a Linux server or a workstation. From my point of view, this is really remarkable, because how many endpoint management systems can handle everything from a small office with 10 computers to multitenant conglormerat with 300 000 endpoints with only one, yes 1 server? Waht you need at your backroom is a SQL-server that is able to handle all the data...

Technical support is above average, and in fact, I would say that they have superb support.

Like many other small IT-companies, I patch the clients manually or by Windows Update. When you get a lot of clients to be patched, it's impossible to do it manually. You need a tool to do the job and you need documentation what you have done and when. If patch goes wrong, you must be able to identify that one very wuick and removed before it do to much damage. With BigFix, you get control and you know excactly the status of patches. If you use tools like Microsoft InTune to do the patch job, it's like sending Voyager 2 to Pluto - It felles like the patch is lost in space and you never know if it will ever send information back home what happends. With BigFix, more than 90% of you patches will dsitrbuted at first try and report back home that they found a safe harbour.

The documentation is good. Follow the recommended configuration by HCL and you will be up and running very soon. It's pretty easy to set up with some knowledge. Be aware that DNS-isssues can be a challenge if the server is not visible at Internet by a public IP during the initial setup. The configuration at firewall can a challenge especially to get SQL-server vissible for the BigFix-server.

We mananged to do it by our self. 

Very high. In a short time, you will get your expenses paid back very shortly.

The licens price of the HCL BigFix is very fair. The challenge is the license of the MS SQL server. If you can handle DB2 - The DB2 database server that is included with BigFix is free to use. Because the MS SQL -server express cannot be used unless demo purposes, I recommend and SPLA license for the MS SQL server wich gives you the oppuritiny to connect an unlimited numbers of clients to the BigFix server. 

Other systems like Microsoft SCCM has been considered. The systems is too complex and require too many resources compared with BigFix. The BigFix server with the SQL server included could be running and on a singel portable workstation and mange the patch-management of ogf thousands of endpoint. How many SCCM do you need to do that? With Bigfix you can manage a small office with 10 clients as well as enterprise evirement with 250 000 endpoint with only one BigFix-server. 

BigFix is value for money - You get a simple, robust, dynamic and very powerful solution for a very reasonable price. Don't for get the hidden cost compared to other tool - How many ports do you need to configure by very expensive network assistant when running SCCM? With BigFix it's enough to open only one port. With BigFix you have a multitenant solution that make is possible for you as an service provider to use BigFix to manage many customers at the same time with same server, without setting up trust between different networks. Because BigFix has it's own secure comminication between the server and the clients.

It's primarily used for endpoint license monitoring. It's for the usage of applications, monitoring usage of CPUs, and stuff like this. When you have an audit, you can prove very fast what product you are using and what kind of CPU resources they are using.

There are other use cases. For example, I can find details for every use case where I need to know something about the software installed. Once, we had a Log4j bug. When the Log4j bug was live, we could use BigFix to analyze which of all the servers and clients this bug is used.

It's very usable for a technician, for an administrator. It's very straightforward. The usability is very close to everyday technical tools that you use as a systems administrator. So it's quite user-friendly. That said, it's not user-friendly for someone who is not working a lot with stuff like this. 

It's quite user-friendly if you are technical and if you just know what you want to do and to do the tasks. It's not user-friendly for someone who is a new user or something like this. It's specialized and user-friendly.

Maybe the online help could be improved. 

It'd be nice if you would have a lot more phrases and keywords that you could search for and find answers with the help.

It would be nice if there could be an extra interface. Not really to script something. However, if you want to make a drag-and-drop script, something like this, that would be quite useful for us.

I've been using the solution for one year now.

It is pretty stable and reliable. That's not a problem at all. 

The end users are all the teams. We have a Windows team, Linux team, application team, et cetera. All the teams work with the outputs of this tool. There might be 40 to 50 people or something working with this product.

You can have relays, and then you can scale it. It's a scalable system.

I work with it regularly, every week.

Their online help mechanisms and documentation need to be improved. It's hard to find documented answers to your questions as the search functionality isn't ideal. 

That said, their direct support is excellent. 

Positive

I have not worked with any other similar product.

I did not set up the system. It was set up when I got the task to take care of this product. It was already installed.

The product itself doesn't require a lot of maintenance. Of course, the server and client updates would be good as the tool has clients. The clients install them on all machines. However, the topic itself needs a lot of maintenance. If you want the data in BigFix to be up to date in case of an audit, you have to take care of the insights of BigFix. BigFix itself is running. However, the list of the servers needs to be correct, et cetera.

It was set up within the company. There was no outside assistance.

I don't handle the licensing aspect of the solution. I can't speak to the price. 

I am working with the latest update. I'm an end-user of the product.

I'm totally satisfied. For the use of the product that we have, it's totally working. It's fine.

I would recommend the solution if you are using a lot of IBM software in your company. If you are using BigFix and you have the client installed on every machine, you are nearly always audit-safe from out of the box. I would recommend it to everybody who has to take care of a lot of IBM product licensing. For everybody who has a lot of IBM products to be licensed, I would recommend using BigFix.

I'd rate it eight out of ten. 

We are a global security and cloud integrator, and we are also a reseller with a capability of up to 69 brands, but we're not married to anybody. Our goal is to give customers exactly what they need based on the scenario. We build everything that we sell. So, we have a large distribution partner that enables us to resell a lot of things. We definitely and always see what's hot in the market, and we are constantly reviewing technologies.

Patching and mobile device management are probably two of the biggest use cases of BigFix. 

In terms of the version, some of the clients have the latest version. BigFix is not a subscription as a service. It is not a SaaS model. It is an on-prem model for infrastructure teams to manage folks through the web or through the network, and it is not provided as a service. There is no open-source capability, so it doesn't really have an ecosystem around it. It's basically sold to clients for specific use.

For security these days, patching is obviously mission-critical. If you leave something unpatched, the vulnerability is easily found by the adversary, so that's critical. 

Mobile device management is also critical from the security aspect. BigFix is useful in scenarios where if a device is lost, you can disable it, and you can wipe it. All the company data that is available is completely encrypted, and it is basically illegible or not usable. People even have BigFix Mobile that they put on phones and other peripheral devices. You are basically putting a wrapper around the applications that are company applications in the bring your own device (BYOD) scenario.

It is for multiple use cases. A lot of people are looking at it just for security, and that's really endpoint security. The endpoint management part of it in terms of being able to constantly do patching for Windows, Unix, macOS, Cloud, Raspberry, VMware, and all Linux flavors is important, and they are very good at that. They have support for virtually every OS on the market.

A lot of people also use it for infrastructure value. HCL has changed the focus a little bit because it was originally looked at as a pure security tool on the IBM side for mobile device security, but since HCL took it over, it has become more focused on other different components. They've created REST APIs for the cloud, and there is now a scripting language that's associated with it. So, there are more broad use cases because the industry requires that. They also have their own development tool in BigFix.

HCL is India-based, and they've done a good job with BigFix, and they're also able to deliver the software at a lower price now. The integration is better with other security and vulnerability management tools. To remediate endpoint issues that are out there, they integrate with Tenable, Qualys, and others. So, you can manage all of your patches and fixes through one platform, even for all cloud services, which is a good thing. 

Training is obviously important, and HCL has done a better job than IBM at making that training available. Usually, there are different ways to do that, such as through video or self-service, etc.

I remember doing restarts a few times. So, making sure that it is rock solid from an executable perspective is important.

I have been working with all kinds of security tools, including this one, since 2001 or so. It has been 21 years.

We have interacted with them. They've been good and better probably in BigFix than some of the other tools that they acquired in that IBM divestiture. 

It is pretty easy to implement.

I would rate it an eight out of ten. It does everything reasonably well. There are so many competitors who do just one piece of this, or they're not really head-up competitors because some are into mobile security, and some are more into mobile endpoint management and patching.

We use BigFix for deploying applications for updating, setting up configurations, making modifications, or customizing Windows. For example, what are the applications that need to run, and what configure is needed.

The most valuable point is when you deploy an application, you have to make sure that the application has been deployed to all computers and that is working perfectly. This solution works well at deployments. 

Other solutions can have failures, such as ManageEngine, and you have to deploy the application again. In BigFix, once the computer has communicated with the BigFix server, the agent workstation, you can be sure that the application will be deployed and delivered properly.

Sometimes the workstations communicate back to the BigFix server two or three days in a week or something similar. Sometimes there can be a delay reporting back to the server for a variety of reasons, such as users turning their computer off when they go home. When the user comes back and turns the computer back on BigFix needs to synchronize and sometimes it can take some time, approximately one week. The communication between the agent and the server should be faster, there is room for improvement in this area.

I have been using BigFix for approximately two years.

BigFix is reliable and stable, it is perfect.

Performance-wise is the best. When you have to do deployments you are sure that all the workstations will receive it, even though that there is sometimes a delay in reporting back to the server. The only time the deployment would not work is if the computer is decommissioned or not available.

BigFix is simple to scale, we are using the solution regularly. We use it every other week whenever we have meetings, we rely on it.

We have approximately 10 technicians and 3,000 users who receive a patch or use the solution in some way.

We have not had any big issues that would need the support. However, we did have some minor issues and the support was good and responsive.

I have used ManageEngine previously.

In my usage, I have found BigFix is more professional than ManageEngine. The reason that I'm saying this is when you deploy an application, you are sure and you are guaranteed that all workstations will receive it. However, for the ManageEngine, for some reason, you will find it may fail for 13 workstations. You might have to redeploy again, otherwise, you have to do it manually.

One of the positives of ManageEngine is it can be easy for users to deploy an application compared to BigFix.

The deployment process of BigFix was straightforward. You need to have a small number of programming skills or scripting skills to complete it. If you have skills, it is very easy to deploy. For somebody who's experienced, and has knowledge of some programming or scripting skills, it's very easy.

There were approximately three people, the vendors, and our technical teams that did the implementation.

BigFix requires specific maintenance, whenever there is a new release we manage it.

You are charged per server and per workstation when using BigFix. ManageEngine is a lot cheaper than BigFix. There are some additional costs, such as support.

I recommend BigFix as long as they have the budget. If they don't have that much money, they can use ManageEngine, which is satisfying for small and medium companies. For example, companies that have 250 computers. I have used ManageEngine at companies that had multiple locations. You can use some ManageEngine on one central location and then deploy it to all your branch offices.

I rate BigFix a nine out of ten.

We use the latest version.

Upon our evaluation of other products we found that most solutions provide the same technological functions and features. But, BigFix has two advantages over these. The first is that its price is competitive. The second is that we found the implementation partner to be very supportive in terms of explaining and training the in-house resources and deploying the solution. 

The architecture is also lightweight.

The reporting and dashboard parts have room for improvement. When it comes to the dashboard it should include certain customized reports. The requirements may vary from one automation to another and it would be nice to see the reports in their own style. As such, there should be more reports included and a greater ability to customize them. 

I cannot say I am aware of all the functions of BigFix. I believe it has antivirus capabilities and others of which I am not knowledgeable. For the moment, we use the antivirus capabilities of Trend Micro although, going forward, I would like to evaluate those of BigFix. Should these turn out to be lightweight and more effective than those of Trend Micro then I would definitely consider replacing them so that I may have all the functions contained within a single console. 

We have been using BigFix for the past two years.

The solution is stable. 

Scalability is another factor which must be taken into account at the design stage, keeping in mind the endpoints and how one wishes for them to grow. The endpoints will govern how one provisions the infrastructure. Since the license is only subscription-based, if a person provisions his infrastructure correctly, he may scale up easily. 

The initial setup was easy. 

Yet, there are many other criteria which must be taken into account because there is a need for the distributed network. As such, it is important to understand the bandwidth that it will consume when it comes to pushing the latest updates. This means that the solution must be designed in such a way that the implementation would not choke the bandwidth or consume much of it or other activities, as the appliances it contains would also be consuming the same bandwidth. 

We are not talking about putting a separate network or network connectivity for pushing the patches. We usually use the same connectivity. We see that the designing stage is of critical importance and, if done correctly, the implementation will follow more easily. 

We utilized an implementation partner who we found to be supportive and explanatory when it came to training the in-house resources and to deploying the solution. 

The license is subscription-based. 

I would recommend the solution to others. This said, it is important to understand one's architecture and to have a knowledge of how one's endpoints are scattered and what the deployment and network architecture will look like. Once this is clarified, the solution would provide a good option. The same can be said for any product. The design of the implementation of the solution is of especial importance. 

We use this solution for vulnerability management and patch management. We use BigFix to get information about the vulnerabilities that exist in the environment. We complete prioritization of those vulnerabilities and provide recommendations to the remediation teams. We assist the teams in case of any issues with remediation.

If our customer has a high number of critical vulnerabilities inside their environment, we use BigFix to do the patching. We are able to decrease the number of high and critical vulnerabilities by at least 30% in six months. This is a huge improvement and makes the environment more secure. 

The patch management and the BigFix Inventory have been the most valuable features.

The BigFix Inventory could have an increased scope regarding the tools that can be detected. It does not cover all the possible software installed in Asset. We used the BigFix module in a ILMT module to have the proper coverage. If we had the two of them combined, this would really assist with the inventory of software. 

Sometimes we may have a few issues with the fixlet Relevance where the Windows patches sometimes identifies as a false positive. We have opened tickets with the support team. They fixed that as soon as possible.

This is a stable solution. The only issues that we have had in the past with BigFix is with the sizing. If you don't perform the right sizing of the BigFix server, you may have performance issues. We have had no major issues with the performance itself.

This is a scalable solution. They are releasing a lot of improvements in the latest versions of BigFix. That will help us monitor how the tool is performing and if it would require change or increase of the hardware or the environment to make it run in a smoother way. The scalability has improved a lot.

The initial setup is straightforward. It involves sizing and designing the architecture to put BigFix in place and set up the proper relays. We experienced no issues doing this.

To begin the setup, we tried to identify the baseline of the customer to see how many endpoints the customer has. We also looked at the locations to know if we do need to put a low-level or top-level relay in place in each one of the data centers. In our case, as it's a huge environment, we set up two top-level relays and then a low-level relay in a different data center to not put a high load into network bandwidth when we try to transfer patches over the network.

We implemented this solution in-house.

The extent to which we use the different features of BigFix depends on the needs of our customers. We often propose new features when the need arises. 

BigFix is one of my favorite tools. I would rate it an eight out of ten. 

We're using it for Windows patching and inventory. We are totally dependent on BigFix for these tasks.

Almost every feature is wonderful in BigFix. It is very stable, and we can rely on it. It is an awesome tool.

It can be improved speed-wise. They can make it a little bit light. If you do any query for servers in bulk, it can take some time. Similarly, creating a job can take some time. 

Automation is everything, and we're looking for more automation. If we have different jobs to secure the environment, such as with server hardening, and I want a particular service that is not running, BigFix should automatically check it and do the deployment. It can send a message about why a particular job is not working on the servers or not communicating properly with Active Directory. We should be able to check the reason. We just want just a little bit of monitoring in that area.

I have been using this solution for more than three years.

It is very stable. You can trust and rely on an automated job. It will definitely work. You get a proper message if it is not working for any particular reason. It gives you a complete picture.

It is definitely scalable. We are managing around 20,000 servers with it, and we have more than 100 users. We are providing web report access to application users as well. We create a job and provide access to different teams, such as the monitoring team, backup team, and security team to deploy the job. So, it is definitely scalable.

I have personally worked with them because I request them to create access for all my colleagues. If required, I log a case in BigFix. Earlier the support was very good for BigFix, but now, HCL is facing some challenges. We are getting support, but we need more in that area. Their support was much better as compared to this time.

I have not worked with a similar solution previously. We purchased Tanium
two to three years ago. It is being used by a different team, but we are still using BigFix. We want to replace BigFix, but we are not able to because we are more comfortable with it. So, we are continuing with BigFix.

It is very easy. It is simple to understand. Even though I had requested training for BigFix, I would have been able to work with it without training.

Its price is very reasonable.

I have been recommending BigFix to my friends and different companies. We are very happy with BigFix. 

I would rate it a nine out of ten. It is an excellent product, but there is always room for improvement.