The use case for BigFix is for security, patch management, and compliance which is one of the most important parameters in large banking, and large enterprises where the customers would want to comply with their latest operating system protocols. The solution is also complying with the latest ISO 27001, which is a security compliance protocol as per ISO audit. BigFix helps in getting all these operating systems, and applications to the latest patch management levels possible. The solution makes the system more compliant and ready for our business and other IT operations.
Chief Executive Officer at Catnip infotech private limited
The solution is stable, scalable, and has multi-platform support
Pros and Cons
- "The best feature of BigFix is its multi-platform support."
- "The solution should have some kind of a local caching methodology, where the patches can be taken locally into a localized relay server, and from there, the patch can be applied, so that there is not much usage of the network required."
What is our primary use case?
What is most valuable?
The best feature of BigFix is its multi-platform support. Unlike other products, the solution supports Windows, Linux, and Unix. BigFix is able to support any operating system. When a customer buys, they don't need to look at multiple options. The second valuable feature is, BigFix also has an auto patch updating feature, where the latest patches, and what is required for my system are automatically downloaded and kept ready for me. The solution applies the patch and notifies me after applying the patch. BigFix also gives me a ping saying that I should reset my system within a certain period of time, while the patch is being applied. Let's say, the patch is being applied and if there's an issue, the solution can revoke the applied patch, and revert back to the old state.
BigFix is also a tool that has inventory management, where it can go ahead and find the inventories associated with the enterprise, and it can detect the auto inventory feature, which will help me in detecting those devices that have not been already accounted for. The solution can also help me in doing SAM, Software Asset Management work. Apart from this, BigFix also is something that works with tools such as VAPT, Vulnerability Assessment, and Penetration Testing tools, if the VAPT test is being done, whatever shortcomings were being taken by VAPT can be auto-updated using BigFix.
What needs improvement?
Only one thing has room for improvement, BigFix should create some amount of localization in the product. For example, in most enterprises, being a large bank doesn't mean that they have the best network. Their remote branches can be working on a minimal network. The solution should have some kind of a local caching methodology, where the patches can be taken locally into a localized relay server, and from there, the patch can be applied, so that there is not much usage of the network required. What is happening today is, every system, even for it to be patched, has to be on the internet. I would like to be able to apply patches locally without the requirement of the internet or at least minimal internet usage to apply a patch.
For how long have I used the solution?
I have been using the solution for the last two years.
Buyer's Guide
BigFix
July 2026
Learn what your peers think about BigFix. Get advice and tips from experienced pros sharing their opinions. Updated: July 2026.
904,748 professionals have used our research since 2012.
What do I think about the stability of the solution?
I give the stability of BigFix a nine out of ten. The solution is very stable.
What do I think about the scalability of the solution?
I give the scalability of BigFix an eight out of ten.
How are customer service and support?
The technical support for BigFix is really good.
How was the initial setup?
The initial setup of BigFix is a seven out of ten because BixFix is not easy. BigFix is easy for the customer to use, but it is obviously going to be the details the customer provides.
The deployment might take approximately one to two months. But if the customer's network is bad, and they haven't done patching for many years, then it might extend well up to three to five months.
The deployment factors are going to be on three aspects. One is, how we work. What the customer's expectation is, then we have BigFix architecture, aligning it with the customer's expectation, and then deploy the central servers, put the relay servers, install agents, and start applying patches.
For deployment, we require a minimum of one to two people, and the maximum depends on the scalability of the business.
What was our ROI?
Our clients have seen a big return on investment with BigFix. More than 70 percent. The reason is, that when we take a BigFix sale to an organization with around 3,000 or 5,000 users, on average, as an implementation vendor, I'm able to make decent margins for the product, as well as it is yielding me a good amount of service revenue. The profits come out around more than 30, 40 percent overall, including the services put together, and the grand business that I get. By doing these things, I'm able to understand the customer's infrastructure very well. I'm able to look at their infrastructure, I'm able to look at how old the infrastructure is, what kind of devices they're using, and what is the new solution, which I can then propose to the client.
What's my experience with pricing, setup cost, and licensing?
I give the cost of the solution a five out of ten. The price is moderate.
There's not much big cost. We only have to pay the agents' cost for the server, and for the systems.
What other advice do I have?
I give the solution an eight out of ten.
BigFix is not going to give us the data automatically. As a system integration, from a technical vendor, we have to go onsite and look at the information, and then arrive at a solution, which is what we do. BigFix gives me a lot of drag revenue also.
I would recommend partners and customers use this solution because it makes them compliant, and in terms of security, levels are being upgraded. Last but not least, this is all part of security and compliance procedures, and keeping our system up to date. I recommend BigFix very strongly to my customers. The most important thing is the solution is a nice and stable product.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
Automation Architect at a insurance company with 10,001+ employees
Easy to set up, simple to manage, and is easily accessible
Pros and Cons
- "BigFix has always been easier to use when managing servers, especially when you deal with so many servers. We have 7,000. That's a lot of services to manage, and it's convenient to patch them all at once."
- "The relevant language takes a little getting used to since it's not used anywhere else in the industry. It's just in the BigFix environment."
What is our primary use case?
It's mostly patch-inflated. For the company I currently work for, we manage about 7,000 servers, and we use BigFix Enterprise to do most of the relevant software updates and patches to stay within compliance and away from vulnerabilities for many of our product users.
How has it helped my organization?
I'm not sure how the company functioned before. I'm fairly new.
What is most valuable?
The product is easily accessible. We already did the network setup and things like that. It is to manage servers conveniently throughout the company if it's already listed on BigFix. Where it has the BigFix client on it, it's just a matter of sending the patches and waiting for it to run.
We have the management side of BigFix as well. Most of the time, we typically don't have any problem, however, every once in a while, we try to find out why a patch didn't work, and things like that. It helps us keep on top of things.
BigFix has always been easier to use when managing servers, especially when you deal with so many servers. We have 7,000. That's a lot of services to manage, and it's convenient to patch them all at once.
It's easy to set up.
What needs improvement?
Once in a while, some servers don't get patched, usually from our end of things. Maybe a server hasn't been reported in the last few weeks, and we don't know whether that server has been decommissioned or not. That's not on in BigFix in particular.
The relevant language takes a little getting used to since it's not used anywhere else in the industry. It's just in the BigFix environment. If there's anything that could be improved, it would be making the relevant language more readable and more common.
We'd like the solution to be agentless, similar to, for example, Ansible.
For how long have I used the solution?
I've used the solution for six months.
What do I think about the stability of the solution?
It's been around for a while, according to what I've seen. It used to be an IBM product before the move to an HTC, so I'm pretty sure it doesn't have a lot of complications. It'll still be a pretty stable product moving on into the future.
For now, it seems like BigFix has been the most popular for server management.
What do I think about the scalability of the solution?
Considering the fact that the company I work for is pretty big, if that's the product they're using for their server management, I would say it's offering pretty good scalability. It's a very scalable application for managing servers. Some people use it for one or two servers, or maybe 30 or 40. We use it for pretty much all the servers managed here, and to my knowledge, that's about 7,000. It used to be 10,000. However, we decommissioned a bunch of irrelevant servers.
We do not plan to expand usage just yet.
How are customer service and support?
We talk to HTC from time to time. We do lunch and learns with them and take most of our questions directly. They're quite easily contactable for the company to reach out to and set up a meeting, and they're usually very helpful. They're a great resource.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I did not previously use a different solution. The company's been around for a long time, and it seems like everybody's just known BigFix to be one we used. I'm a bit newer to the company.
How was the initial setup?
The implementation was fairly straightforward. Documentation was online, so you just have to read it and follow instructions. It's pretty straightforward.
The deployment strategy more or less depends on our current environment for the company. It took me a while, not due to BigFix, just due to the company restrictions for onboarding employees. You have to have permission to access this and that. So it took a little longer than it would if it was on a local system, my private system, or something like that.
Currently, we have two teams that can handle deployment and maintenance. There are those on the Window side, for managing the Windows servers, and there's the Linux OS applications team. They both pretty much do the same thing for two different operating systems.
What about the implementation team?
The deployment was handled in-house. However, we are looking to try and automate more in Ansible going forward.
What's my experience with pricing, setup cost, and licensing?
I don't deal directly with licensing.
My understanding is that it is affordable. We have had conversations about other licenses, and other applications like Splunk, and we know that one is more expensive. Pricing hasn't been anything that's even come up in conversation.
What other advice do I have?
While we are using the on-premises deployment, we are moving towards the private cloud.
I'd advise new users to read a lot of the documents before subscribing to their licensing. Read much of the documentation and know what use cases would work for you. Before you get into it, try the trial version, as it might help to test it out to see what it is.
I'd rate the solution eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Buyer's Guide
BigFix
July 2026
Learn what your peers think about BigFix. Get advice and tips from experienced pros sharing their opinions. Updated: July 2026.
904,748 professionals have used our research since 2012.
Maximizing patch management efficiency and competitive pricing but needs asset management improvements
Pros and Cons
- "It covers multiple operating systems and helps with patch management."
- "BigFix could improve its asset management capabilities to discover assets, including hardware."
What is our primary use case?
BigFix is primarily used for patch management, compliance, and security patches.
How has it helped my organization?
It covers multiple operating systems and helps patch customers with patch management services, alleviating patch management issues for our customers.
What is most valuable?
It covers multiple operating systems and helps with patch management. BigFix is also valuable for its inventory, license inventory, and compliance with server hardening.
What needs improvement?
BigFix could improve its asset management capabilities to discover assets, including hardware. More improvements could be made in asset management.
For how long have I used the solution?
We have been reselling BigFix for three years.
What do I think about the stability of the solution?
The overall stability of the solution is good with no reported issues.
What do I think about the scalability of the solution?
The solution is very easy to scale.
How are customer service and support?
Customer support from HCL is satisfactory and not usually an issue.
How would you rate customer service and support?
Neutral
How was the initial setup?
The installation is quite smooth and can be managed by one person, depending on the complexity and size of the environment.
What about the implementation team?
Our project team managed the installation quite smoothly.
What was our ROI?
There has been a significant return on investment, particularly saving time and resources in patch management and compliance. It saves approximately 40% to 50% of time and resources.
What's my experience with pricing, setup cost, and licensing?
The pricing is competitive, but not the most competitive.
Disclosure: My company has a business relationship with this vendor other than being a customer. Reseller
IT Manager at a tech consulting company with 5,001-10,000 employees
Simple patching, useful patch reports, and good support
Pros and Cons
- "The most valuable aspect of BigFix is its ability to patch desktops. While we have complete control over servers and can easily push patches to them, desktops pose a greater risk for leaks and vulnerabilities if patches are not installed in a timely manner. By using BigFix, we have significantly improved our ability to patch desktops, whether they are laptops, desktops, or other mobile devices used by end-users."
- "In order to derive maximum benefit from BigFix, it is essential that we configure all of its features and implement them effectively. If the automation could be improved we would be able to mitigate the risks associated with zero-day threats."
What is our primary use case?
We are using BigFix for sending patches to our servers and desktops, such as security and regular updates.
How has it helped my organization?
BigFix has enhanced our organization by demonstrating its efficacy in delivering software updates to endpoints. For example, Microsoft releases patches and we are able to easily make them available for our end-user computing platforms. Additionally, by utilizing the network inventory feature in BigFix, we have been able to substantially improve error percentages and completion statuses, and generate reports on patching percentages within a day and subsequent weeks.
What is most valuable?
The most valuable aspect of BigFix is its ability to patch desktops. While we have complete control over servers and can easily push patches to them, desktops pose a greater risk for leaks and vulnerabilities if patches are not installed in a timely manner. By using BigFix, we have significantly improved our ability to patch desktops, whether they are laptops, desktops, or other mobile devices used by end-users.
What needs improvement?
In order to derive maximum benefit from BigFix, it is essential that we configure all of its features and implement them effectively. If the automation could be improved we would be able to mitigate the risks associated with zero-day threats.
For how long have I used the solution?
I have used BigFix within the last 12 months.
What do I think about the stability of the solution?
The solution is stable. The primary role of the solution is to patch the systems to the latest released security updates. We have not had any issues once we had deployed the solution correctly.
During our exploration of available solutions, we found that very few in the market offer comprehensive security features. In our evaluation of BigFix, we were particularly impressed with its VMware functionality, which far exceeded that of other solutions we considered. Rather than having to configure multiple solutions, BigFix provided us with basic security information and VMware management detection and response all in one. While the effectiveness of BigFix is certainly a key consideration, its ability to consolidate security features was a major factor in our decision to choose it.
I rate the stability of BigFix an eight out of ten.
What do I think about the scalability of the solution?
I rate the scalability of BigFix an eight out of ten.
How are customer service and support?
I rate the support of BigFix an eight out of ten.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We were using Microsoft SCCM prior to BigFix. We switched toBigFix because we wanted to have a complete solution. Microsoft SCCM was lacking features, such as managing the network endpoints, the discovery of the endpoints, VMware functionality, and Linux patching.
How was the initial setup?
The deployment of BigFix is complicated. There are a lot of firewall ports that need to be configured and with a company with 50,000 employees, this can be a challenge. The configuration could improve by being more streamlined in the future.
We were assigned a project manager from the BigFix team who provided us with a comprehensive list of requirements for establishing effective communication. However, implementing these requirements across multiple countries and coordinating with various network teams posed a challenge, particularly in terms of opening the necessary communication channels through firewalls. This was a daunting task, especially if the application utilizes codes that are commonly blocked by firewalls.
The full deployment of the solution took three months.
What's my experience with pricing, setup cost, and licensing?
The price of the solution is high. There are not any additional fees from the standard license.
I rate the price of BigFix a seven out of ten.
What other advice do I have?
For those considering the use of BigFix, my advice is to pay close attention to the deployment phase. This involves identifying the necessary firewall ports and ensuring that the servers are configured to communicate with the internet to download patches. Proper deployment is critical for ensuring smooth operation in the future, as troubleshooting can be difficult once the solution is fully deployed.
I rate BigFix an eight out of ten.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Sr Technical Architect - ITAM at a tech consulting company with 5,001-10,000 employees
Easy to use, good sub-capacity licensing, and helpful support
Pros and Cons
- "It's good for reporting hardware and software."
- "The sub-capacity licensing was a challenge for some of it. We had trouble getting it to calculate right."
What is our primary use case?
It matches with the ILMT tool. We're trying to validate the licensing for IBM software.
How has it helped my organization?
We're using the permanent discovery tool for septic for hardware and software too. For IBM, we have to use that due to the reporting of sub-capacity licenses.
What is most valuable?
It's mostly easy to use.
The sub-capacity licensing is the most valuable aspect of the product right now for us.
It's good for reporting hardware and software.
The solution is stable.
Technical support is helpful.
It scales well.
What needs improvement?
It's got some complexity when we're trying to figure out the IBM setup for software.
The sub-capacity licensing was a challenge for some of it. We had trouble getting it to calculate right.
It's better for hardware discovery. We get to increase its capabilities for hardware discovery. They need to enhance their sub-capacity capabilities, so we can use it easier for sub-capacity so that it is less of an art form and more of a science.
We'd like agents to be able to collect usage.
For how long have I used the solution?
I've used the solution on and off for about eight years or so. I've used it for quite a while now.
What do I think about the stability of the solution?
It is stable and reliable. There are no bugs or glitches. It doesn't crash or freeze.
What do I think about the scalability of the solution?
The solution has scaled well for what we are doing.
How are customer service and support?
Technical support has been very good. Sometimes they can't do things if it is not a function of the system; however, if the function of the system is possible, they help us and make it work. We are satisfied with the level of support we get.
How was the initial setup?
The initial setup was not overly complex. The complexity was the handling of configurations.
What's my experience with pricing, setup cost, and licensing?
The pricing was good. We had government pricing going into the project and it was pretty fair.
What other advice do I have?
I am using the latest version of the solution. I am not sure of the exact version number. I help different companies. Some are on the latest, and some aren't.
I'd advise people to understand what data they need and that the solution can actually pull that data in the right format for them.
I'd rate the solution eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
VP of Solutions at a tech vendor with 51-200 employees
It can manage lost devices, so you can wipe them remotely to ensure the IP doesn't get out in public.
Pros and Cons
- "BigFix can manage lost devices, so you can wipe them remotely to ensure the IP doesn't get out in public. Unified endpoint security is a new perspective. I know that HCL is also collaborating with IBM, but I'm not sure if there is any cooperation between them and MaaS360 or other endpoint components."
- "Patch management is vital for security posture, so I wouldn't be surprised if BigFix is becoming increasingly popular."
- "The main shortcoming of BigFix was integration with vulnerability management. If you had a vulnerability in your software and BigFix on the endpoint, you needed integration with Qualys, Tenable, or another vulnerability management solution to fix that. It was like, "Okay, we can identify issues, and get that information back from the endpoint, but what are we doing about it?""
- "The main shortcoming of BigFix was integration with vulnerability management."
What is our primary use case?
We used BigFix internally at my previous org. My current company is a BigFix reseller. A lot of people are looking at endpoint security now, but we primarily used BigFix for true endpoint management.
Endpoint security has become the main thing, but we used BigFix for patching and a lot of the other use cases in the past, and I think it worked pretty well. Obviously, the market has gotten much more crowded.
What is most valuable?
The UEM component evolved into reunified endpoint management. Many of our customers used it for deployment and patching. HCL has a new endpoint security approach now, but it was really for managing that.
BigFix can manage lost devices, so you can wipe them remotely to ensure the IP doesn't get out in public. Unified endpoint security is a new perspective. I know that HCL is also collaborating with IBM, but I'm not sure if there is any cooperation between them and MaaS360 or other endpoint components.
What needs improvement?
The main shortcoming of BigFix was integration with vulnerability management. If you had a vulnerability in your software and BigFix on the endpoint, you needed integration with Qualys, Tenable, or another vulnerability management solution to fix that. It was like, "Okay, we can identify issues, and get that information back from the endpoint, but what are we doing about it?"
What do I think about the stability of the solution?
The stability has been solid when I've used BigFix with customers in the past. In that space, I don't think everybody is doing as much innovation as in other areas in the endpoint management or security market.
I delineate between those two because endpoint management is a different use case. I think it's probably become a lot more important since the pandemic started.
What do I think about the scalability of the solution?
We never had any challenges with scalability. Some of our customers had tens of thousands of endpoints.
Which solution did I use previously and why did I switch?
I used a few competitors a while back, but I don't know what LANDESK is up to these days. They were a big player in the market, but I don't know what other contenders are out there now.
What's my experience with pricing, setup cost, and licensing?
The patching tool is $250 per client device per year. The inventory and discovery tool is $15 per client per year. They have a lifecycle management tool that is the central component for managing endpoints, which costs around $43 per year. BigFix Compliance is the other part, and that's also around $43.
What other advice do I have?
I rate BigFix nine out of 10. I wouldn't recommend it to everyone. It depends on your infrastructure. If you have a pure Microsoft shop, you can probably get by deploying and managing endpoints their way.
However, if you have a mixed environment of any kind, BigFix is good at what it does. Patch management is vital for security posture, so I wouldn't be surprised if BigFix is becoming increasingly popular.
Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
Application administrator with 201-500 employees
Very user-friendly with helpful support and great for IBM environments
Pros and Cons
- "It's very straightforward."
- "If you are using BigFix and you have the client installed on every machine, you are nearly always audit-safe from out of the box."
- "Maybe the online help could be improved. It'd be nice if you would have a lot more phrases and keywords that you could search for and find answers with the help."
What is our primary use case?
It's primarily used for endpoint license monitoring. It's for the usage of applications, monitoring usage of CPUs, and stuff like this. When you have an audit, you can prove very fast what product you are using and what kind of CPU resources they are using.
There are other use cases. For example, I can find details for every use case where I need to know something about the software installed. Once, we had a Log4j bug. When the Log4j bug was live, we could use BigFix to analyze which of all the servers and clients this bug is used.
What is most valuable?
It's very usable for a technician, for an administrator. It's very straightforward. The usability is very close to everyday technical tools that you use as a systems administrator. So it's quite user-friendly. That said, it's not user-friendly for someone who is not working a lot with stuff like this.
What needs improvement?
It's quite user-friendly if you are technical and if you just know what you want to do and to do the tasks. It's not user-friendly for someone who is a new user or something like this. It's specialized and user-friendly.
Maybe the online help could be improved.
It'd be nice if you would have a lot more phrases and keywords that you could search for and find answers with the help.
It would be nice if there could be an extra interface. Not really to script something. However, if you want to make a drag-and-drop script, something like this, that would be quite useful for us.
For how long have I used the solution?
I've been using the solution for one year now.
What do I think about the stability of the solution?
It is pretty stable and reliable. That's not a problem at all.
What do I think about the scalability of the solution?
The end users are all the teams. We have a Windows team, Linux team, application team, et cetera. All the teams work with the outputs of this tool. There might be 40 to 50 people or something working with this product.
You can have relays, and then you can scale it. It's a scalable system.
I work with it regularly, every week.
How are customer service and support?
Their online help mechanisms and documentation need to be improved. It's hard to find documented answers to your questions as the search functionality isn't ideal.
That said, their direct support is excellent.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I have not worked with any other similar product.
How was the initial setup?
I did not set up the system. It was set up when I got the task to take care of this product. It was already installed.
The product itself doesn't require a lot of maintenance. Of course, the server and client updates would be good as the tool has clients. The clients install them on all machines. However, the topic itself needs a lot of maintenance. If you want the data in BigFix to be up to date in case of an audit, you have to take care of the insights of BigFix. BigFix itself is running. However, the list of the servers needs to be correct, et cetera.
What about the implementation team?
It was set up within the company. There was no outside assistance.
What's my experience with pricing, setup cost, and licensing?
I don't handle the licensing aspect of the solution. I can't speak to the price.
What other advice do I have?
I am working with the latest update. I'm an end-user of the product.
I'm totally satisfied. For the use of the product that we have, it's totally working. It's fine.
I would recommend the solution if you are using a lot of IBM software in your company. If you are using BigFix and you have the client installed on every machine, you are nearly always audit-safe from out of the box. I would recommend it to everybody who has to take care of a lot of IBM product licensing. For everybody who has a lot of IBM products to be licensed, I would recommend using BigFix.
I'd rate it eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Head of IT Onsite Support at a energy/utilities company with 1,001-5,000 employees
Effective patch management, plenty of features, and simple deployment
Pros and Cons
- "The most valuable and essential features of BigFix are all of them, they are needed when serving the purpose of the desktop operation framework. We cannot run operations without patching or without having an appropriate mechanism for deploying software, et cetera. The features all serve their purpose for our use case."
- "BigFix can improve the way machines report back to the console. In the external relay management environment, it has become more of a hybrid environment with most of the machines not being on-site. The need of having public-facing reporting items interconnected is becoming more and more crucial. In general, the reporting could use some enhancement."
- "BigFix can improve the way machines report back to the console."
What is our primary use case?
We are using BigFix for desktop management, endpoint management, inventory, application control, remote control, building machines, master images, OS deployment, and software distribution.
What is most valuable?
The most valuable and essential features of BigFix are all of them, they are needed when serving the purpose of the desktop operation framework. We cannot run operations without patching or without having an appropriate mechanism for deploying software, et cetera. The features all serve their purpose for our use case.
The one feature that provided the most value and efficiency would be patch management. It's the most powerful feature in BigFix.
What needs improvement?
BigFix can improve the way machines report back to the console. In the external relay management environment, it has become more of a hybrid environment with most of the machines not being on-site. The need of having public-facing reporting items interconnected is becoming more and more crucial. In general, the reporting could use some enhancement.
In a future release, it would be a benefit to have a cloud-based solution with external cloud-based relays. Additionally, having a remote control in the cloud feature would be interesting.
For how long have I used the solution?
I have been using BigFix for approximately four years.
What do I think about the stability of the solution?
BigFix is stable. However, there have been a few minor issues, such as the relay's not reporting.
What do I think about the scalability of the solution?
The scalability of BigFix is good. How deployment is not that large in size. The exercises that we do are pretty limited.
We have approximately 30 administrators using this solution.
How are customer service and support?
Our company has a good relationship with the reseller that we work with and the support they provide to us is fair.
How was the initial setup?
The initial setup of BigFix was easy because we started from scratch, we didn't have a CCM before. The deployment of BigFix is a powerful feature, it is simple to do.
What's my experience with pricing, setup cost, and licensing?
The price of BigFix could be lower. However, I am always seeking a lower price.
What other advice do I have?
My advice to others is for them to take a holistic approach while designing. Don't look at one functionality, but look at the environment as a framework. View it from all aspects and merge operation with security. Don't let your focus be on the compliance of your environment or on the operation element alone, take other aspects into consideration, such as the security aspect, which is fast remediation, vulnerability management, and end-of-life management.
I rate BigFix an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
IBM Watson Cloud BigFix Security and Compliance SME at IBM
Patch management service reliable at identifying vulnerabilities and providing recommendations
Pros and Cons
- "The patch management and the BigFix Inventory have been the most valuable features."
- "We are able to decrease the number of high and critical vulnerabilities by at least 30% in six months, which is a huge improvement and makes the environment more secure."
- "The BigFix Inventory could have an increased scope regarding the tools that can be detected. It does not cover all the possible software installed in Asset."
What is our primary use case?
We use this solution for vulnerability management and patch management. We use BigFix to get information about the vulnerabilities that exist in the environment. We complete prioritization of those vulnerabilities and provide recommendations to the remediation teams. We assist the teams in case of any issues with remediation.
How has it helped my organization?
If our customer has a high number of critical vulnerabilities inside their environment, we use BigFix to do the patching. We are able to decrease the number of high and critical vulnerabilities by at least 30% in six months. This is a huge improvement and makes the environment more secure.
What is most valuable?
The patch management and the BigFix Inventory have been the most valuable features.
What needs improvement?
The BigFix Inventory could have an increased scope regarding the tools that can be detected. It does not cover all the possible software installed in Asset. We used the BigFix module in a ILMT module to have the proper coverage. If we had the two of them combined, this would really assist with the inventory of software.
Sometimes we may have a few issues with the fixlet Relevance where the Windows patches sometimes identifies as a false positive. We have opened tickets with the support team. They fixed that as soon as possible.
What do I think about the stability of the solution?
This is a stable solution. The only issues that we have had in the past with BigFix is with the sizing. If you don't perform the right sizing of the BigFix server, you may have performance issues. We have had no major issues with the performance itself.
What do I think about the scalability of the solution?
This is a scalable solution. They are releasing a lot of improvements in the latest versions of BigFix. That will help us monitor how the tool is performing and if it would require change or increase of the hardware or the environment to make it run in a smoother way. The scalability has improved a lot.
How was the initial setup?
The initial setup is straightforward. It involves sizing and designing the architecture to put BigFix in place and set up the proper relays. We experienced no issues doing this.
To begin the setup, we tried to identify the baseline of the customer to see how many endpoints the customer has. We also looked at the locations to know if we do need to put a low-level or top-level relay in place in each one of the data centers. In our case, as it's a huge environment, we set up two top-level relays and then a low-level relay in a different data center to not put a high load into network bandwidth when we try to transfer patches over the network.
What about the implementation team?
We implemented this solution in-house.
What other advice do I have?
The extent to which we use the different features of BigFix depends on the needs of our customers. We often propose new features when the need arises.
BigFix is one of my favorite tools. I would rate it an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Senior System Administrator at a legal firm with 201-500 employees
Effective deployments, highly reliable, and responsive support
Pros and Cons
- "The most valuable point is when you deploy an application, you have to make sure that the application has been deployed to all computers and that is working perfectly. This solution works well at deployments."
- "BigFix is reliable and stable, it is perfect."
- "Sometimes the workstations communicate back to the BigFix server two or three days in a week or something similar. Sometimes there can be a delay reporting back to the server for a variety of reasons, such as users turning their computer off when they go home. When the user comes back and turns the computer back on BigFix needs to synchronize and sometimes it can take some time, approximately one week. The communication between the agent and the server should be faster, there is room for improvement in this area."
- "Sometimes there can be a delay reporting back to the server for a variety of reasons, such as users turning their computer off when they go home."
What is our primary use case?
We use BigFix for deploying applications for updating, setting up configurations, making modifications, or customizing Windows. For example, what are the applications that need to run, and what configure is needed.
What is most valuable?
The most valuable point is when you deploy an application, you have to make sure that the application has been deployed to all computers and that is working perfectly. This solution works well at deployments.
Other solutions can have failures, such as ManageEngine, and you have to deploy the application again. In BigFix, once the computer has communicated with the BigFix server, the agent workstation, you can be sure that the application will be deployed and delivered properly.
What needs improvement?
Sometimes the workstations communicate back to the BigFix server two or three days in a week or something similar. Sometimes there can be a delay reporting back to the server for a variety of reasons, such as users turning their computer off when they go home. When the user comes back and turns the computer back on BigFix needs to synchronize and sometimes it can take some time, approximately one week. The communication between the agent and the server should be faster, there is room for improvement in this area.
For how long have I used the solution?
I have been using BigFix for approximately two years.
What do I think about the stability of the solution?
BigFix is reliable and stable, it is perfect.
Performance-wise is the best. When you have to do deployments you are sure that all the workstations will receive it, even though that there is sometimes a delay in reporting back to the server. The only time the deployment would not work is if the computer is decommissioned or not available.
What do I think about the scalability of the solution?
BigFix is simple to scale, we are using the solution regularly. We use it every other week whenever we have meetings, we rely on it.
We have approximately 10 technicians and 3,000 users who receive a patch or use the solution in some way.
How are customer service and support?
We have not had any big issues that would need the support. However, we did have some minor issues and the support was good and responsive.
Which solution did I use previously and why did I switch?
I have used ManageEngine previously.
In my usage, I have found BigFix is more professional than ManageEngine. The reason that I'm saying this is when you deploy an application, you are sure and you are guaranteed that all workstations will receive it. However, for the ManageEngine, for some reason, you will find it may fail for 13 workstations. You might have to redeploy again, otherwise, you have to do it manually.
One of the positives of ManageEngine is it can be easy for users to deploy an application compared to BigFix.
How was the initial setup?
The deployment process of BigFix was straightforward. You need to have a small number of programming skills or scripting skills to complete it. If you have skills, it is very easy to deploy. For somebody who's experienced, and has knowledge of some programming or scripting skills, it's very easy.
What about the implementation team?
There were approximately three people, the vendors, and our technical teams that did the implementation.
BigFix requires specific maintenance, whenever there is a new release we manage it.
What's my experience with pricing, setup cost, and licensing?
You are charged per server and per workstation when using BigFix. ManageEngine is a lot cheaper than BigFix. There are some additional costs, such as support.
What other advice do I have?
I recommend BigFix as long as they have the budget. If they don't have that much money, they can use ManageEngine, which is satisfying for small and medium companies. For example, companies that have 250 computers. I have used ManageEngine at companies that had multiple locations. You can use some ManageEngine on one central location and then deploy it to all your branch offices.
I rate BigFix a nine out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Buyer's Guide
Download our free BigFix Report and get advice and tips from experienced pros
sharing their opinions.
Updated: July 2026
Product Categories
Endpoint Protection Platform (EPP) Configuration Management Patch Management Unified Endpoint Management (UEM)Popular Comparisons
CrowdStrike Falcon
Microsoft Intune
Cortex XDR by Palo Alto Networks
Microsoft Defender for Endpoint
SentinelOne Singularity Endpoint
Tanium
NinjaOne
Trellix Endpoint Security Platform
HP Wolf Security
Microsoft Configuration Manager
WhatsUp Gold
Red Hat Ansible Automation Platform
Workspace ONE UEM
VMware Aria Automation
Symantec Endpoint Security
Buyer's Guide
Download our free BigFix Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What Is The Biggest Difference Between BigFix And Carbon Black Cb Defense?
- SCCM vs BigFix: what are pros and cons?
- What is the biggest difference between BigFix and BMC TrueSight Server Automation?
- What is the biggest difference between EPP and EDR products?
- Can Cylance be used with Symantec or Kaspersky endpoint solutions without conflict?
- When evaluating Endpoint Security, what aspect do you think is the most important to look for?
- What's the best way to trial endpoint protection solutions?
- What are the threats associated with using ‘bogus’ cybersecurity tools?
- Which Endpoint Protection Solution offers Zero Trust (ZTN) as a feature?
- What to choose: an endpoint antivirus, an EDR solution or both?



















Well articulated. BigFix needs to add a few more features like Alerting on task failures (example patching failed on a group of servers), advanced reporting capabilities.