BigFix Reviews

The use case for BigFix is for security, patch management, and compliance which is one of the most important parameters in large banking, and large enterprises where the customers would want to comply with their latest operating system protocols. The solution is also complying with the latest ISO 27001, which is a security compliance protocol as per ISO audit. BigFix helps in getting all these operating systems, and applications to the latest patch management levels possible. The solution makes the system more compliant and ready for our business and other IT operations.

The best feature of BigFix is its multi-platform support. Unlike other products, the solution supports Windows, Linux, and Unix. BigFix is able to support any operating system. When a customer buys, they don't need to look at multiple options. The second valuable feature is, BigFix also has an auto patch updating feature, where the latest patches, and what is required for my system are automatically downloaded and kept ready for me. The solution applies the patch and notifies me after applying the patch. BigFix also gives me a ping saying that I should reset my system within a certain period of time, while the patch is being applied. Let's say, the patch is being applied and if there's an issue, the solution can revoke the applied patch, and revert back to the old state. 

BigFix is also a tool that has inventory management, where it can go ahead and find the inventories associated with the enterprise, and it can detect the auto inventory feature, which will help me in detecting those devices that have not been already accounted for. The solution can also help me in doing SAM, Software Asset Management work. Apart from this, BigFix also is something that works with tools such as VAPT, Vulnerability Assessment, and Penetration Testing tools, if the VAPT test is being done, whatever shortcomings were being taken by VAPT can be auto-updated using BigFix.

Only one thing has room for improvement, BigFix should create some amount of localization in the product. For example, in most enterprises, being a large bank doesn't mean that they have the best network. Their remote branches can be working on a minimal network. The solution should have some kind of a local caching methodology, where the patches can be taken locally into a localized relay server, and from there, the patch can be applied, so that there is not much usage of the network required. What is happening today is, every system, even for it to be patched, has to be on the internet. I would like to be able to apply patches locally without the requirement of the internet or at least minimal internet usage to apply a patch.

I have been using the solution for the last two years.

I give the stability of BigFix a nine out of ten. The solution is very stable.

I give the scalability of BigFix an eight out of ten.

The technical support for BigFix is really good.

Positive

The initial setup of BigFix is a seven out of ten because BixFix is not easy. BigFix is easy for the customer to use, but it is obviously going to be the details the customer provides. 

The deployment might take approximately one to two months. But if the customer's network is bad, and they haven't done patching for many years, then it might extend well up to three to five months.

The deployment factors are going to be on three aspects. One is, how we work. What the customer's expectation is, then we have BigFix architecture, aligning it with the customer's expectation, and then deploy the central servers, put the relay servers, install agents, and start applying patches.

For deployment, we require a minimum of one to two people, and the maximum depends on the scalability of the business.

Our clients have seen a big return on investment with BigFix. More than 70 percent. The reason is, that when we take a BigFix sale to an organization with around 3,000 or 5,000 users, on average, as an implementation vendor, I'm able to make decent margins for the product, as well as it is yielding me a good amount of service revenue. The profits come out around more than 30, 40 percent overall, including the services put together, and the grand business that I get. By doing these things, I'm able to understand the customer's infrastructure very well. I'm able to look at their infrastructure, I'm able to look at how old the infrastructure is, what kind of devices they're using, and what is the new solution, which I can then propose to the client.

I give the cost of the solution a five out of ten. The price is moderate.

There's not much big cost. We only have to pay the agents' cost for the server, and for the systems.

I give the solution an eight out of ten.

BigFix is not going to give us the data automatically. As a system integration, from a technical vendor, we have to go onsite and look at the information, and then arrive at a solution, which is what we do. BigFix gives me a lot of drag revenue also.

I would recommend partners and customers use this solution because it makes them compliant, and in terms of security, levels are being upgraded. Last but not least, this is all part of security and compliance procedures, and keeping our system up to date. I recommend BigFix very strongly to my customers. The most important thing is the solution is a nice and stable product. 

It's mostly patch-inflated. For the company I currently work for, we manage about 7,000 servers, and we use BigFix Enterprise to do most of the relevant software updates and patches to stay within compliance and away from vulnerabilities for many of our product users.

I'm not sure how the company functioned before. I'm fairly new.

The product is easily accessible. We already did the network setup and things like that. It is to manage servers conveniently throughout the company if it's already listed on BigFix. Where it has the BigFix client on it, it's just a matter of sending the patches and waiting for it to run.

We have the management side of BigFix as well. Most of the time, we typically don't have any problem, however, every once in a while, we try to find out why a patch didn't work, and things like that. It helps us keep on top of things.

BigFix has always been easier to use when managing servers, especially when you deal with so many servers. We have 7,000. That's a lot of services to manage, and it's convenient to patch them all at once.

It's easy to set up. 

Once in a while, some servers don't get patched, usually from our end of things. Maybe a server hasn't been reported in the last few weeks, and we don't know whether that server has been decommissioned or not. That's not on in BigFix in particular.

The relevant language takes a little getting used to since it's not used anywhere else in the industry. It's just in the BigFix environment. If there's anything that could be improved, it would be making the relevant language more readable and more common. 

We'd like the solution to be agentless, similar to, for example, Ansible. 

I've used the solution for six months. 

It's been around for a while, according to what I've seen. It used to be an IBM product before the move to an HTC, so I'm pretty sure it doesn't have a lot of complications. It'll still be a pretty stable product moving on into the future.

For now, it seems like BigFix has been the most popular for server management.

Considering the fact that the company I work for is pretty big, if that's the product they're using for their server management, I would say it's offering pretty good scalability. It's a very scalable application for managing servers. Some people use it for one or two servers, or maybe 30 or 40. We use it for pretty much all the servers managed here, and to my knowledge, that's about 7,000. It used to be 10,000. However, we decommissioned a bunch of irrelevant servers.

We do not plan to expand usage just yet.

We talk to HTC from time to time. We do lunch and learns with them and take most of our questions directly. They're quite easily contactable for the company to reach out to and set up a meeting, and they're usually very helpful. They're a great resource.

Positive

I did not previously use a different solution. The company's been around for a long time, and it seems like everybody's just known BigFix to be one we used. I'm a bit newer to the company.

The implementation was fairly straightforward. Documentation was online, so you just have to read it and follow instructions. It's pretty straightforward.

The deployment strategy more or less depends on our current environment for the company. It took me a while, not due to BigFix, just due to the company restrictions for onboarding employees. You have to have permission to access this and that. So it took a little longer than it would if it was on a local system, my private system, or something like that. 

Currently, we have two teams that can handle deployment and maintenance. There are those on the Window side, for managing the Windows servers, and there's the Linux OS applications team. They both pretty much do the same thing for two different operating systems.

The deployment was handled in-house. However, we are looking to try and automate more in Ansible going forward. 

I don't deal directly with licensing. 

My understanding is that it is  affordable. We have had conversations about other licenses, and other applications like Splunk, and we know that one is more expensive. Pricing hasn't been anything that's even come up in conversation.

While we are using the on-premises deployment, we are moving towards the private cloud. 

I'd advise new users to read a lot of the documents before subscribing to their licensing. Read much of the documentation and know what use cases would work for you. Before you get into it, try the trial version, as it might help to test it out to see what it is.

I'd rate the solution eight out of ten. 

It's primarily used for endpoint license monitoring. It's for the usage of applications, monitoring usage of CPUs, and stuff like this. When you have an audit, you can prove very fast what product you are using and what kind of CPU resources they are using.

There are other use cases. For example, I can find details for every use case where I need to know something about the software installed. Once, we had a Log4j bug. When the Log4j bug was live, we could use BigFix to analyze which of all the servers and clients this bug is used.

It's very usable for a technician, for an administrator. It's very straightforward. The usability is very close to everyday technical tools that you use as a systems administrator. So it's quite user-friendly. That said, it's not user-friendly for someone who is not working a lot with stuff like this. 

It's quite user-friendly if you are technical and if you just know what you want to do and to do the tasks. It's not user-friendly for someone who is a new user or something like this. It's specialized and user-friendly.

Maybe the online help could be improved. 

It'd be nice if you would have a lot more phrases and keywords that you could search for and find answers with the help.

It would be nice if there could be an extra interface. Not really to script something. However, if you want to make a drag-and-drop script, something like this, that would be quite useful for us.

I've been using the solution for one year now.

It is pretty stable and reliable. That's not a problem at all. 

The end users are all the teams. We have a Windows team, Linux team, application team, et cetera. All the teams work with the outputs of this tool. There might be 40 to 50 people or something working with this product.

You can have relays, and then you can scale it. It's a scalable system.

I work with it regularly, every week.

Their online help mechanisms and documentation need to be improved. It's hard to find documented answers to your questions as the search functionality isn't ideal. 

That said, their direct support is excellent. 

Positive

I have not worked with any other similar product.

I did not set up the system. It was set up when I got the task to take care of this product. It was already installed.

The product itself doesn't require a lot of maintenance. Of course, the server and client updates would be good as the tool has clients. The clients install them on all machines. However, the topic itself needs a lot of maintenance. If you want the data in BigFix to be up to date in case of an audit, you have to take care of the insights of BigFix. BigFix itself is running. However, the list of the servers needs to be correct, et cetera.

It was set up within the company. There was no outside assistance.

I don't handle the licensing aspect of the solution. I can't speak to the price. 

I am working with the latest update. I'm an end-user of the product.

I'm totally satisfied. For the use of the product that we have, it's totally working. It's fine.

I would recommend the solution if you are using a lot of IBM software in your company. If you are using BigFix and you have the client installed on every machine, you are nearly always audit-safe from out of the box. I would recommend it to everybody who has to take care of a lot of IBM product licensing. For everybody who has a lot of IBM products to be licensed, I would recommend using BigFix.

I'd rate it eight out of ten. 

We are a global security and cloud integrator, and we are also a reseller with a capability of up to 69 brands, but we're not married to anybody. Our goal is to give customers exactly what they need based on the scenario. We build everything that we sell. So, we have a large distribution partner that enables us to resell a lot of things. We definitely and always see what's hot in the market, and we are constantly reviewing technologies.

Patching and mobile device management are probably two of the biggest use cases of BigFix. 

In terms of the version, some of the clients have the latest version. BigFix is not a subscription as a service. It is not a SaaS model. It is an on-prem model for infrastructure teams to manage folks through the web or through the network, and it is not provided as a service. There is no open-source capability, so it doesn't really have an ecosystem around it. It's basically sold to clients for specific use.

For security these days, patching is obviously mission-critical. If you leave something unpatched, the vulnerability is easily found by the adversary, so that's critical. 

Mobile device management is also critical from the security aspect. BigFix is useful in scenarios where if a device is lost, you can disable it, and you can wipe it. All the company data that is available is completely encrypted, and it is basically illegible or not usable. People even have BigFix Mobile that they put on phones and other peripheral devices. You are basically putting a wrapper around the applications that are company applications in the bring your own device (BYOD) scenario.

It is for multiple use cases. A lot of people are looking at it just for security, and that's really endpoint security. The endpoint management part of it in terms of being able to constantly do patching for Windows, Unix, macOS, Cloud, Raspberry, VMware, and all Linux flavors is important, and they are very good at that. They have support for virtually every OS on the market.

A lot of people also use it for infrastructure value. HCL has changed the focus a little bit because it was originally looked at as a pure security tool on the IBM side for mobile device security, but since HCL took it over, it has become more focused on other different components. They've created REST APIs for the cloud, and there is now a scripting language that's associated with it. So, there are more broad use cases because the industry requires that. They also have their own development tool in BigFix.

HCL is India-based, and they've done a good job with BigFix, and they're also able to deliver the software at a lower price now. The integration is better with other security and vulnerability management tools. To remediate endpoint issues that are out there, they integrate with Tenable, Qualys, and others. So, you can manage all of your patches and fixes through one platform, even for all cloud services, which is a good thing. 

Training is obviously important, and HCL has done a better job than IBM at making that training available. Usually, there are different ways to do that, such as through video or self-service, etc.

I remember doing restarts a few times. So, making sure that it is rock solid from an executable perspective is important.

I have been working with all kinds of security tools, including this one, since 2001 or so. It has been 21 years.

We have interacted with them. They've been good and better probably in BigFix than some of the other tools that they acquired in that IBM divestiture. 

It is pretty easy to implement.

I would rate it an eight out of ten. It does everything reasonably well. There are so many competitors who do just one piece of this, or they're not really head-up competitors because some are into mobile security, and some are more into mobile endpoint management and patching.

We are using BigFix for sending patches to our servers and desktops, such as security and regular updates.

BigFix has enhanced our organization by demonstrating its efficacy in delivering software updates to endpoints. For example, Microsoft releases patches and we are able to easily make them available for our end-user computing platforms. Additionally, by utilizing the network inventory feature in BigFix, we have been able to substantially improve error percentages and completion statuses, and generate reports on patching percentages within a day and subsequent weeks.

The most valuable aspect of BigFix is its ability to patch desktops. While we have complete control over servers and can easily push patches to them, desktops pose a greater risk for leaks and vulnerabilities if patches are not installed in a timely manner. By using BigFix, we have significantly improved our ability to patch desktops, whether they are laptops, desktops, or other mobile devices used by end-users.

In order to derive maximum benefit from BigFix, it is essential that we configure all of its features and implement them effectively. If the automation could be improved we would be able to mitigate the risks associated with zero-day threats.

I have used BigFix within the last 12 months.

The solution is stable. The primary role of the solution is to patch the systems to the latest released security updates. We have not had any issues once we had deployed the solution correctly.

During our exploration of available solutions, we found that very few in the market offer comprehensive security features. In our evaluation of BigFix, we were particularly impressed with its VMware functionality, which far exceeded that of other solutions we considered. Rather than having to configure multiple solutions, BigFix provided us with basic security information and VMware management detection and response all in one. While the effectiveness of BigFix is certainly a key consideration, its ability to consolidate security features was a major factor in our decision to choose it.

I rate the stability of BigFix an eight out of ten.

I rate the scalability of BigFix an eight out of ten.

I rate the support of BigFix an eight out of ten.

Positive

We were using Microsoft SCCM prior to BigFix. We switched toBigFix because we wanted to have a complete solution. Microsoft SCCM was lacking features, such as managing the network endpoints, the discovery of the endpoints, VMware functionality, and Linux patching.

The deployment of BigFix is complicated. There are a lot of firewall ports that need to be configured and with a company with 50,000 employees, this can be a challenge. The configuration could improve by being more streamlined in the future.

We were assigned a project manager from the BigFix team who provided us with a comprehensive list of requirements for establishing effective communication. However, implementing these requirements across multiple countries and coordinating with various network teams posed a challenge, particularly in terms of opening the necessary communication channels through firewalls. This was a daunting task, especially if the application utilizes codes that are commonly blocked by firewalls.

The full deployment of the solution took three months.

The price of the solution is high. There are not any additional fees from the standard license.

I rate the price of BigFix a seven out of ten.

For those considering the use of BigFix, my advice is to pay close attention to the deployment phase. This involves identifying the necessary firewall ports and ensuring that the servers are configured to communicate with the internet to download patches. Proper deployment is critical for ensuring smooth operation in the future, as troubleshooting can be difficult once the solution is fully deployed.

I rate BigFix an eight out of ten.

We use BigFix for deploying applications for updating, setting up configurations, making modifications, or customizing Windows. For example, what are the applications that need to run, and what configure is needed.

The most valuable point is when you deploy an application, you have to make sure that the application has been deployed to all computers and that is working perfectly. This solution works well at deployments. 

Other solutions can have failures, such as ManageEngine, and you have to deploy the application again. In BigFix, once the computer has communicated with the BigFix server, the agent workstation, you can be sure that the application will be deployed and delivered properly.

Sometimes the workstations communicate back to the BigFix server two or three days in a week or something similar. Sometimes there can be a delay reporting back to the server for a variety of reasons, such as users turning their computer off when they go home. When the user comes back and turns the computer back on BigFix needs to synchronize and sometimes it can take some time, approximately one week. The communication between the agent and the server should be faster, there is room for improvement in this area.

I have been using BigFix for approximately two years.

BigFix is reliable and stable, it is perfect.

Performance-wise is the best. When you have to do deployments you are sure that all the workstations will receive it, even though that there is sometimes a delay in reporting back to the server. The only time the deployment would not work is if the computer is decommissioned or not available.

BigFix is simple to scale, we are using the solution regularly. We use it every other week whenever we have meetings, we rely on it.

We have approximately 10 technicians and 3,000 users who receive a patch or use the solution in some way.

We have not had any big issues that would need the support. However, we did have some minor issues and the support was good and responsive.

I have used ManageEngine previously.

In my usage, I have found BigFix is more professional than ManageEngine. The reason that I'm saying this is when you deploy an application, you are sure and you are guaranteed that all workstations will receive it. However, for the ManageEngine, for some reason, you will find it may fail for 13 workstations. You might have to redeploy again, otherwise, you have to do it manually.

One of the positives of ManageEngine is it can be easy for users to deploy an application compared to BigFix.

The deployment process of BigFix was straightforward. You need to have a small number of programming skills or scripting skills to complete it. If you have skills, it is very easy to deploy. For somebody who's experienced, and has knowledge of some programming or scripting skills, it's very easy.

There were approximately three people, the vendors, and our technical teams that did the implementation.

BigFix requires specific maintenance, whenever there is a new release we manage it.

You are charged per server and per workstation when using BigFix. ManageEngine is a lot cheaper than BigFix. There are some additional costs, such as support.

I recommend BigFix as long as they have the budget. If they don't have that much money, they can use ManageEngine, which is satisfying for small and medium companies. For example, companies that have 250 computers. I have used ManageEngine at companies that had multiple locations. You can use some ManageEngine on one central location and then deploy it to all your branch offices.

I rate BigFix a nine out of ten.

We use the solution to push patches to our servers, primarily for desktop and server security updates.

We proved the endpoint's effective delivery of software updates and conducted a network inventory in BigFix. This significantly improved the completion status and generated reports on the percentage of patching immediately after Microsoft releases the patches. This report is easily available for our end-user computing platform.

Desktop patching is the most valuable feature, because with servers, we have complete control over them, and we can simply push patches to the servers. However, desktops are one of the most common sources of leakage, which can occur for different reasons if patches are not uploaded on time. We have significantly improved the desktop side of it. This includes endpoints such as laptops, desktops, and other mobile devices.

The deployment has room for improvement and can be more streamlined.

The automation has room for improvement.

I have been using the solution for one year.

I give the stability an eight out of ten.

I give the scalability an eight out of ten.

We previously used Microsoft Windows Server Update Services, but we switched because we could not have a complete schedule for a server to receive updates. We have a few other features in BigFix, such as managing network endpoints, discovering endpoints, and a scanner. All of these features are not available with Microsoft and Linux patching.

It is very important to use the solution effectively. In most installations, we deploy without configuring all the features and implementing them, so we do not gain much from it. Therefore, I think some automation processes can be adjusted to prevent the zero-rate thread.

The deployment phase was somewhat complex due to the need to open many firewalls within the network. Considering the large scale of the company, with fifty thousand employees around the world, I believe that in my previous job, we could have improved communication by reducing the number of ports required for the servers to communicate within the network.

We had a project manager assigned from the BigFix team who listed out all the requirements for effective communication to be established. However, the challenge of implementing BigFix in multiple countries and coordinating with multiple network teams in order to open the required communication between the firewalls was a seemingly hopeless task. If the application uses specific codes that are common in nature, typically those ports are already allowed in the network.

The deployment took us three months.

I give the pricing a seven out of ten. The cost is slightly high.

I give the solution an eight out of ten.

In the deployment phase, we need to get the firewall ports that are required and open ports to the Internet for the DNC-based servers to communicate and download patches. These tasks need to be taken care of during the deployment phase, as it will be very difficult to troubleshoot and fix things once they are implemented. Therefore, the deployment phase needs to be covered effectively. Thinking of the features at a later point in time will not solve all the problems.

When evaluating solutions, there were very few in the market that provided most of the security features. When we evaluated BigFix, it was the VMDR functionality that stood out compared to the others. We would have to use a piecemeal solution or multiple products to be configured in the system. The effectiveness of BigFix was secondary, but we at least had some basic information available regarding security, VMDR management, detection, and response.

We primarily use the solution for patching.

The solution offers great patching, even for third-party patching. Many organizations know how to patch Microsoft products. However, the biggest benefit for BigFix is third-party patching. It can patch Notepad and Java - all of these third-party products that are non-Mircosoft.

It's stable. 

The implementation process is simple. 

It can scale. 

I'm not sure if there are any extra features needed.

It could use better integration with Hypervisor products like VMware. This is where it is lacking right now. There are articles available explaining how to integrate with VMware. However, it's my understanding that it is somewhat difficult. 

I am not sure if this is available on the cloud or not. 

I've been using the solution for three years. 

The solution is stable. I'd rate it eight out of ten. We've had no issues with stability. Performance-wise, it has been fine. 

One of the issues that my guys come across is it can take up to 48 hours before the Microsoft patches are available in BigFix since we are a day ahead in New Zealand. 

I'm not sure how many people are using the solution in our organization. 

The scalability is okay. I'd rate the solution seven or eight out of ten in terms of the ease of scaling. My experience with scaling has been pretty good. 

There is a lot of web access and online groups available, which are quite good. I don't necessarily have access to support and, therefore, cannot speak to their level of support.

We do have an internal team that would be able to get hold of support.

I'm also familiar with ECCM. However, it only patches Microsoft products. We've also used BatchPatch, used for pushing scripts, among other solutions.

I helped with the installation process for two customers. The installation was reasonably swift; however, the actual consideration and moving the patching products across into BigFix that can take a long time. The configuration took six to 12 months. 

A massive gain for BigFix would be if it was able to go and interrogate products like SCCM and import the patching sequences and groups, it would make it much easier. 

I'd rate the initial setup process seven out of ten. It does take quite a long time to bring everything across from other products. 

I'm not sure of the exact licensing structure. It might be about $23 a client. Some of the modules, such as security compliance and lifecycle, may cost extra. For example, the integration with BigFix and Micorosft Defender may require an extra license. 

I'm an avid BigFix fan, and we use it in my company quite a bit.

We're the biggest vendor in New Zealand, and we have it installed in our organization and fed out to clients. 

This is our patching product of choice. All new customers get BigFix implemented, and existing customers are encouraged to have it as well. 

We're an integrator. 

We're completing a new client install and working on the configuration of patching, and this is the best tool we've ever implemented for this customer. I love this tool. It could just be a bit more accessible.

I'd recommend the solution. I'd rate it nine out of ten.