BigFix Reviews

I am supporting a client and serving as an administrator of BigFix. My responsibilities include taking care of the whole infrastructure, patch deployment, vulnerability scanning, vulnerability assessment, third-party application vulnerability mitigation, generating reports, and ensuring compliance with security standards such as the CIS checklist. We handle all the security standards related to BigFix.

BigFix has several good features. Firstly, its client on the endpoints consumes less than 2% of CPU memory. Unlike other solutions like CrowdStrike or Tenable, where clients communicate with the database once a day or collect data every two days, BigFix offers real-time detection of endpoints. For example, if we have predefined conditions for monthly OS patches on various operating systems like AIX, Windows, Linux, and Mac, BigFix provides its own external sites where patches released by Microsoft or Mac are stored. These patches and content are integrated with the BigFix network. Each patch or package has relevant conditions that continuously evaluate the endpoints to determine if they are applicable. When creating software packages, we ensure that relevant conditions are met to prevent redundant deployments. This is important as continuous patching without checks can lead to system corruption or device issues. 

We are currently managing more than a hundred devices. So, upon creating a package with the relevant condition in place, there are already thousands of devices that have that specific package deployed. The condition checks to ensure that the package is not redeployed to those devices, avoiding any potential issues that can arise from repeated deployments. 

In some internal solutions, continuously deploying patches to an endpoint can lead to system corruption, device hang-ups, or other problems. However, BigFix prevents such issues by evaluating the relevance of each patch and ensuring it is only deployed when necessary.

BigFix is an endpoint customer solution that offers various capabilities. It enables compliance management, pack management, software and OS deployment, and power management. You can also integrate One Ready scanning tools like Qualys or Tenable, allowing vulnerability feeds to be directly evaluated within BigFix. 

If BigFix does not have a pre-existing solution, we can create our own scripts using its action script and relevant language. The platform supports multiple scripting languages, including PowerShell and Python, providing flexibility for deployments.

One aspect that could be improved is the speed of the console. Sometimes it can be slow, which is something that needs to be addressed. When compared to other solutions like Tenable or CrowdStrike, BigFix constantly communicates with the database in real time, which can cause some slowness.

I have been working dedicatedly with BigFix for the past five years. We are currently using version 10.0.4 of BigFix.

BigFix is stable overall. However, like any software, you may encounter occasional issues, but they are manageable.

It is a scalable solution. Scalability is relatively easy to achieve with BigFix. We already have a capacity planning guide in place that outlines predefined steps to check and scale the environment. It provides guidelines for designing the infrastructure to meet scalability requirements.

Currently, I'm working with a large enterprise that uses BigFix.

The technical support for BigFix is really amazing. There are dedicated technical support engineers available, and you can open tickets or seek help through the BigFix forum. Additionally, there are technical solution architects who can assist you. Just open a ticket with the Excel support team, and they will be there to help you.

The support is generally excellent, but there may be occasional delays due to their workload.

Positive

When it comes to the root server, you have the option to use either Windows or Linux. Deploying the root server is a straightforward process. Deploying the root server is the first step. After that, if you're considering deploying the complete infrastructure, you'll need to follow the capacity planning guidelines. It will help determine the appropriate infrastructure requirements. For instance, if you have 10,000 devices, it is recommended to use a server with at least 128 GB of RAM, 32-core processors, and a robust server configuration. You can choose to host it in a cloud-based environment or a dedicated environment, but it should meet the necessary specifications in terms of RAM and processor capacity.

Once you have the server set up, you will define your release strategy. This involves setting up top-level releases and renewal releases. The reason for having multiple releases is to distribute the load and avoid overburdening the root server. Top-level releases communicate with the root server and receive data from it, which they then distribute to the lower-level releases. These releases, in turn, distribute the data to the endpoints.

As for the installation process, it is quite straightforward. Once the root server is installed, you need to install the console. Once the console is installed, you can proceed to deploy clients or agents on the endpoints. 

BigFix provides a built-in client deployment tool called the Data Tool. Using this tool, you can leverage your active directory credentials to scan and analyze your network, identifying devices that have or do not have BigFix installed. Once the scanning process begins, the tool will start deploying the agents to the appropriate endpoints. The installation of the agents does not require a reboot. However, when deploying the infrastructure itself, a reboot may be necessary. But for clients deployed on agents or endpoints, whether it's servers, Windows 10 machines, or Linux machines, the agent installation does not require a reboot. 

Once the agents are installed, they automatically refresh themselves every 15 minutes. They communicate with the nearest relay to check if any new content needs to be deployed to that particular endpoint. The agent keeps checking with the relay and deploys content if there is any to be received.

For the complete infrastructure deployment, you need to follow capacity planning guidelines. This will help determine the required infrastructure.

Recently, we have set up new infrastructure, and capacity planning is a time-consuming process. Depending on the client and their requirements, it can take a couple of days to two weeks to finalize the agreement, especially if there are cost constraints. Companies often have limitations on project expenses. Once everything is finalized, it takes just one day to get the entire infrastructure up and running.

As for the endpoints, when we start deploying agents on laptops or desktops used by end users (not servers), it can take up to 30 days. This is because the agents are deployed as the endpoints come online intermittently. We keep the deployment policy open for five business days to accommodate this.

So, to summarize, infrastructure installation is typically completed within six to eight hours. After that, the network team checks the network utilization and load, and if necessary, they adjust the bandwidth. Deployment of agents onto clients usually takes about a week, but in server environments with a large number of servers (e.g., 5,000 servers), all the clients can be deployed within an hour or two. Once the entire infrastructure is up and running, we need to monitor the dashboards to ensure that BigFix is performing as expected. This monitoring period lasts for 30 days. Once everything is set up and functioning properly, we can start using BigFix.

For the basic setup of BigFix, you would typically require two architects: one familiar with Windows and another familiar with Linux. Additionally, networking expertise is needed to enable and disable certain ports. The involvement of various teams is necessary, especially the network team, which handles port opening and tunnel creation. For environments larger than 20,000 endpoints, two architects are needed. However, if the environment has around 5,000 to 10,000 endpoints, one architect is sufficient. Apart from the architects, you would also need two sole operators to manage all the modules within BigFix, such as inventory, compliance, cash management, and lifecycle management, which includes package deployment and patch deployment.

Currently, we have two people managing the maintenance of over a thousand devices. However, we recently increased the team to three members. They provide 24/5 support and handle various issues, including configuration and web application problems. If you require 24/5 support, it's recommended to have two architects and two operators who have a good understanding of BigFix. During peak times, the architects are available, and during off-peak hours, the operators can handle the tasks.

I would say that with great power comes great responsibility. As a BigFix admin, it is crucial to be careful and use the tool wisely. You have the ability to bring positive outcomes, but one incorrect deployment can have severe consequences and potentially disrupt the entire network.

Overall, I will give BigFix an alpha ten out of ten. 

We use BigFix for deploying applications for updating, setting up configurations, making modifications, or customizing Windows. For example, what are the applications that need to run, and what configure is needed.

The most valuable point is when you deploy an application, you have to make sure that the application has been deployed to all computers and that is working perfectly. This solution works well at deployments. 

Other solutions can have failures, such as ManageEngine, and you have to deploy the application again. In BigFix, once the computer has communicated with the BigFix server, the agent workstation, you can be sure that the application will be deployed and delivered properly.

Sometimes the workstations communicate back to the BigFix server two or three days in a week or something similar. Sometimes there can be a delay reporting back to the server for a variety of reasons, such as users turning their computer off when they go home. When the user comes back and turns the computer back on BigFix needs to synchronize and sometimes it can take some time, approximately one week. The communication between the agent and the server should be faster, there is room for improvement in this area.

I have been using BigFix for approximately two years.

BigFix is reliable and stable, it is perfect.

Performance-wise is the best. When you have to do deployments you are sure that all the workstations will receive it, even though that there is sometimes a delay in reporting back to the server. The only time the deployment would not work is if the computer is decommissioned or not available.

BigFix is simple to scale, we are using the solution regularly. We use it every other week whenever we have meetings, we rely on it.

We have approximately 10 technicians and 3,000 users who receive a patch or use the solution in some way.

We have not had any big issues that would need the support. However, we did have some minor issues and the support was good and responsive.

I have used ManageEngine previously.

In my usage, I have found BigFix is more professional than ManageEngine. The reason that I'm saying this is when you deploy an application, you are sure and you are guaranteed that all workstations will receive it. However, for the ManageEngine, for some reason, you will find it may fail for 13 workstations. You might have to redeploy again, otherwise, you have to do it manually.

One of the positives of ManageEngine is it can be easy for users to deploy an application compared to BigFix.

The deployment process of BigFix was straightforward. You need to have a small number of programming skills or scripting skills to complete it. If you have skills, it is very easy to deploy. For somebody who's experienced, and has knowledge of some programming or scripting skills, it's very easy.

There were approximately three people, the vendors, and our technical teams that did the implementation.

BigFix requires specific maintenance, whenever there is a new release we manage it.

You are charged per server and per workstation when using BigFix. ManageEngine is a lot cheaper than BigFix. There are some additional costs, such as support.

I recommend BigFix as long as they have the budget. If they don't have that much money, they can use ManageEngine, which is satisfying for small and medium companies. For example, companies that have 250 computers. I have used ManageEngine at companies that had multiple locations. You can use some ManageEngine on one central location and then deploy it to all your branch offices.

I rate BigFix a nine out of ten.

We used BigFix internally at my previous org. My current company is a BigFix reseller. A lot of people are looking at endpoint security now, but we primarily used BigFix for true endpoint management.

Endpoint security has become the main thing, but we used BigFix for patching and a lot of the other use cases in the past, and I think it worked pretty well. Obviously, the market has gotten much more crowded. 

The UEM component evolved into reunified endpoint management. Many of our customers used it for deployment and patching. HCL has a new endpoint security approach now, but it was really for managing that. 

BigFix can manage lost devices, so you can wipe them remotely to ensure the IP doesn't get out in public. Unified endpoint security is a new perspective. I know that HCL is also collaborating with IBM, but I'm not sure if there is any cooperation between them and MaaS360 or other endpoint components.

The main shortcoming of BigFix was integration with vulnerability management. If you had a vulnerability in your software and BigFix on the endpoint, you needed integration with Qualys, Tenable, or another vulnerability management solution to fix that. It was like, "Okay, we can identify issues, and get that information back from the endpoint, but what are we doing about it?" 

The stability has been solid when I've used BigFix with customers in the past. In that space, I don't think everybody is doing as much innovation as in other areas in the endpoint management or security market. 

I delineate between those two because endpoint management is a different use case. I think it's probably become a lot more important since the pandemic started.

We never had any challenges with scalability. Some of our customers had tens of thousands of endpoints. 

I used a few competitors a while back, but I don't know what LANDESK is up to these days. They were a big player in the market, but I don't know what other contenders are out there now.

The patching tool is $250 per client device per year. The inventory and discovery tool is $15 per client per year. They have a lifecycle management tool that is the central component for managing endpoints, which costs around $43 per year. BigFix Compliance is the other part, and that's also around $43.

I rate BigFix nine out of 10. I wouldn't recommend it to everyone. It depends on your infrastructure. If you have a pure Microsoft shop, you can probably get by deploying and managing endpoints their way. 

However, if you have a mixed environment of any kind, BigFix is good at what it does. Patch management is vital for security posture, so I wouldn't be surprised if BigFix is becoming increasingly popular.

We are using BigFix for desktop management, endpoint management, inventory, application control, remote control, building machines, master images, OS deployment, and software distribution.

The most valuable and essential features of BigFix are all of them, they are needed when serving the purpose of the desktop operation framework. We cannot run operations without patching or without having an appropriate mechanism for deploying software, et cetera. The features all serve their purpose for our use case.

The one feature that provided the most value and efficiency would be patch management. It's the most powerful feature in BigFix.

BigFix can improve the way machines report back to the console. In the external relay management environment, it has become more of a hybrid environment with most of the machines not being on-site. The need of having public-facing reporting items interconnected is becoming more and more crucial. In general, the reporting could use some enhancement.

In a future release, it would be a benefit to have a cloud-based solution with external cloud-based relays. Additionally, having a remote control in the cloud feature would be interesting.

I have been using BigFix for approximately four years.

BigFix is stable. However, there have been a few minor issues, such as the relay's not reporting.

The scalability of BigFix is good. How deployment is not that large in size. The exercises that we do are pretty limited.

We have approximately 30 administrators using this solution.

Our company has a good relationship with the reseller that we work with and the support they provide to us is fair.

The initial setup of BigFix was easy because we started from scratch, we didn't have a CCM before. The deployment of BigFix is a powerful feature, it is simple to do.

The price of BigFix could be lower. However, I am always seeking a lower price.

My advice to others is for them to take a holistic approach while designing. Don't look at one functionality, but look at the environment as a framework. View it from all aspects and merge operation with security. Don't let your focus be on the compliance of your environment or on the operation element alone, take other aspects into consideration, such as the security aspect, which is fast remediation, vulnerability management, and end-of-life management.

I rate BigFix an eight out of ten.

I have used BigFix for patch management, compliance for security, and inventory OS deployment to software.

The most valuable feature of BigFix is the software deployment.

The solution could improve by adding support drivers for different systems and equipment. When you have a lot of different computers if they could fix how to install any updates, firmware, or drivers for different systems or servers it would be good.

In an upcoming release, they should add database support included and deliver the solution as a cloud service similar to the services on Microsft Azure.

I have been using BigFix for approximately 10 years.

BigFix is extremely stable.

I have found BigFix to be highly scalable. BigFix can be used on 10 computers, 10,000 and 1,000,000 computers. It doesn't matter the number of computers.

We have approximately 50 people using this solution in my organization. We use the solution daily.

BigFix is suitable for both SMB and enterprise customers.

The support from BigFix is excellent.

I rate the support from BigFix a five out of five.

I have used other similar solutions previously. The main difference between the other solutions and BigFix is you can do more for a lesser price with BigFix. You can do more with less effort to get it up and work properly. Its broader support for different OS systems.

I rate the implementation difficulty of BigFix a five out of five.

If you choose, for example, Microsoft SSM Configuration Manager, you need a lot of servers, databases, and the configuration of firewalls, et cetera. It's a tremendous cost before you get up and running. With BigFix, in 10 to 15 minutes, you're up and running. Everything is working well.

The price of BigFix is better than the solutions. You are able to pay monthly or annually. There are not any hidden costs with BigFix. There is an additional cost for the SQL database.

I rate the price of BigFix a five out of five.

I would recommend this solution to others. I would advise others the solutions are suitable for small to medium-sized companies, and enterprises.

I rate BigFix a ten out of ten.

Our primary use of this solution is for the server side patching and compliance remediation. We use it for all of Windows server patching, remediation, vulnerability scanning, and inventory management of IBM licensing.

We're able to single console manage all departmental Windows, Linux, AIX servers, and from a single console, we can grant access via role base depending on department status and access. It's just easy to get a big picture on a single screen.

It reduces network traffic when it comes to downloading patches. It's a single patch repository on the root server, all patches start on the root server, and then they are disseminated via relevance as required, up above a chain and a single connection via the relays up until it gets to the bottom of the last relay and then it disburses to the client. Storage and network wise, it makes the smallest download possible down to the last band and then disseminates from there, so you can take your relays as far down as possible to make a small download chain size wise. 

We use it to compare current and past patch cycles. We do monthly compliance verification and we use external vulnerability scanning, and we compare that to the BigFix compliance results and make a mesh of the two for our monthly reports for executives. We do that on a monthly basis.

It has helped us to compress our patch cycles. It's been condensed 100 percent. Our patch cycle is now under 10 days for everything that we patch, and we get no complaints from our compliance people about that. They've given us requests and we recondense it. Depending on how much urgency we put on it we can take it down as much as possible.

Finally, it has helped to reduce help desk calls. We actually know if there's an issue before the help desk finds out. We'll report a server down sometimes before the server owner knows, and we'll let them know that there may be an issue and then we can actually roll back a patch via BigFix before the server owner knows that there's an issue. Altogether, help desk calls have been reduced by around 50%.  

Some of the most valuable features are its: 

• Ease of use
• The fact that it's a single port access across the board. There's only one firewall to be required.
• The user community is great, very helpful. 
• There's not a lot of overhead to the client. There's a bit of set up to do but it's pretty simple once it gets running to maintain it. It basically maintains itself. As such for as big of a system, it only requires a little manpower. There's only a couple of people that have to manage it.

My impressions of peer to peer file transfer in relation to BigFix, is that it's a relay structure that goes up and down the chain, as servers check in they check into their relays, the relays pass up and down the chain. It has tight security. They say it heals itself. It doesn't put a load on the system and doesn't give our guys any headaches or anything. It just seems to work pretty well and it's easy to maintain.

I'd like to see:

• More visibility
• Better reporting
• I'd like for it to be more futuristic, for it to be less plain Windows looking with a little more pizazz. 
• Better integration, with the different applications within BigFix. Instead of sometimes feeling like four or five different applications, they need to be integrated a little better within themselves. 
• Better folder structure internally.

I've been admining the system for two and a half years now and other than server side issues we have never had stability problems. My core system is four servers and they're not maxed out. We've never had any performance issues.

Scalability is amazing. We have over 10,000 systems and could easily add to that without a performance hit. We'd have to increase our relay structure to keep it manageable but I don't think we'd have any problems.

Between the user groups, the community, the AVP support, the direct access via technical route and the PMR support, half the time I don't even need to do a formal PMR because the solutions from the community resolve whatever issues we're having. It's the best community and support based system I've ever used.

We implemented in-house. 

The main reason why we chose BigFix is because at the time we were looking for a single solution for multiple OS, and SCCM at the time couldn't handle a Windows, Linux, and AIX coverage as BigFix does. I haven't directly managed SCCM myself, but I do feel that BigFix is a much simpler set up, simpler configuration. It's better accepted by our marketing solutions, to get into some of the restricted VLANs, we have a much easier time connecting to restricted LANs than they do. BigFix has better reporting, they're just better integration. The one part where I think SCCM is better is in the remote control. The BigFix solution remote control is a little dated. 

I would rate it an eight out of ten. An eight because of the stability and the ease of use. Not a ten because I'm looking for more modernization, but I do have to give the BigFix community credit because they seem to listen to us.

I would advise someone considering this solution to talk to the community. Talk to the BigFix users, ask their honest opinion on what they think is good and bad about it. 

We use the latest version.

Upon our evaluation of other products we found that most solutions provide the same technological functions and features. But, BigFix has two advantages over these. The first is that its price is competitive. The second is that we found the implementation partner to be very supportive in terms of explaining and training the in-house resources and deploying the solution. 

The architecture is also lightweight.

The reporting and dashboard parts have room for improvement. When it comes to the dashboard it should include certain customized reports. The requirements may vary from one automation to another and it would be nice to see the reports in their own style. As such, there should be more reports included and a greater ability to customize them. 

I cannot say I am aware of all the functions of BigFix. I believe it has antivirus capabilities and others of which I am not knowledgeable. For the moment, we use the antivirus capabilities of Trend Micro although, going forward, I would like to evaluate those of BigFix. Should these turn out to be lightweight and more effective than those of Trend Micro then I would definitely consider replacing them so that I may have all the functions contained within a single console. 

We have been using BigFix for the past two years.

The solution is stable. 

Scalability is another factor which must be taken into account at the design stage, keeping in mind the endpoints and how one wishes for them to grow. The endpoints will govern how one provisions the infrastructure. Since the license is only subscription-based, if a person provisions his infrastructure correctly, he may scale up easily. 

The initial setup was easy. 

Yet, there are many other criteria which must be taken into account because there is a need for the distributed network. As such, it is important to understand the bandwidth that it will consume when it comes to pushing the latest updates. This means that the solution must be designed in such a way that the implementation would not choke the bandwidth or consume much of it or other activities, as the appliances it contains would also be consuming the same bandwidth. 

We are not talking about putting a separate network or network connectivity for pushing the patches. We usually use the same connectivity. We see that the designing stage is of critical importance and, if done correctly, the implementation will follow more easily. 

We utilized an implementation partner who we found to be supportive and explanatory when it came to training the in-house resources and to deploying the solution. 

The license is subscription-based. 

I would recommend the solution to others. This said, it is important to understand one's architecture and to have a knowledge of how one's endpoints are scattered and what the deployment and network architecture will look like. Once this is clarified, the solution would provide a good option. The same can be said for any product. The design of the implementation of the solution is of especial importance. 

We are using BigFix 10. We have been using this solution for app management and even for BP management. We use it for continuous improvement in terms of security and enhancements. We use it for AWS, Azure, Google, and other applications. 

It supports most of the applications, software, and OS. We don't need to go around and look for many tools. Most of the applications are completely supported, and it is much better than Qualys and Tenable. It also works pretty fast.

It is pretty secure, and it gives extensive vulnerability features as compared to other applications. It supports multiple languages, and the security checks are pretty high as compared to other tools in the market. 

It is a one-stop tool that allows you to do everything. It supports reporting, vulnerability management, patch management, and configuration. All things can be done in one tool.

It is a very user-friendly solution with a very good interface.

The reporting structure could be a little more simplistic. Currently, it throws too many vulnerabilities. Some of them are not needed because they are only informational and limitations, and they are not of much help. It doesn't need to show us these things.

Its pricing should be improved. It is too costly.

Its stability is very good. It is a standard tool, and it is also one of the leading tools in the market.

It supports most of the applications. It is pretty good in terms of scalability.

In our organization, we don't have more than 10 users. We use this tool on client-specific applications, and it is purchased by the client, and that's why we don't have many users in our organization.

We have plans to increase its usage, but it depends on the budget. If most of the application owners agree to the budget, we can probably use it extensively.

We get pretty good support on this. We can call them, and we also can connect with them through chat centers.

It was straightforward, but it took some time for us to settle down and get started. There were a lot of things to learn online. The deployment took about two to three months.

It is too costly. It is one of the best tools, but because of pricing, not all clients support it. 

Its licensing is on a yearly basis.

It was directly purchased by the client, and that's why we didn't look for or evaluate a different product. It was also better than most of the tools.

I would highly recommend this solution and advise everybody to use it in their organization.

I would rate BigFix a nine out of 10. I am super happy with it. It works well and surpasses what you expect.