BigFix Reviews

We use this solution for vulnerability management and patch management. We use BigFix to get information about the vulnerabilities that exist in the environment. We complete prioritization of those vulnerabilities and provide recommendations to the remediation teams. We assist the teams in case of any issues with remediation.

If our customer has a high number of critical vulnerabilities inside their environment, we use BigFix to do the patching. We are able to decrease the number of high and critical vulnerabilities by at least 30% in six months. This is a huge improvement and makes the environment more secure. 

The patch management and the BigFix Inventory have been the most valuable features.

The BigFix Inventory could have an increased scope regarding the tools that can be detected. It does not cover all the possible software installed in Asset. We used the BigFix module in a ILMT module to have the proper coverage. If we had the two of them combined, this would really assist with the inventory of software. 

Sometimes we may have a few issues with the fixlet Relevance where the Windows patches sometimes identifies as a false positive. We have opened tickets with the support team. They fixed that as soon as possible.

This is a stable solution. The only issues that we have had in the past with BigFix is with the sizing. If you don't perform the right sizing of the BigFix server, you may have performance issues. We have had no major issues with the performance itself.

This is a scalable solution. They are releasing a lot of improvements in the latest versions of BigFix. That will help us monitor how the tool is performing and if it would require change or increase of the hardware or the environment to make it run in a smoother way. The scalability has improved a lot.

The initial setup is straightforward. It involves sizing and designing the architecture to put BigFix in place and set up the proper relays. We experienced no issues doing this.

To begin the setup, we tried to identify the baseline of the customer to see how many endpoints the customer has. We also looked at the locations to know if we do need to put a low-level or top-level relay in place in each one of the data centers. In our case, as it's a huge environment, we set up two top-level relays and then a low-level relay in a different data center to not put a high load into network bandwidth when we try to transfer patches over the network.

We implemented this solution in-house.

The extent to which we use the different features of BigFix depends on the needs of our customers. We often propose new features when the need arises. 

BigFix is one of my favorite tools. I would rate it an eight out of ten. 

We use BigFix for deploying applications for updating, setting up configurations, making modifications, or customizing Windows. For example, what are the applications that need to run, and what configure is needed.

The most valuable point is when you deploy an application, you have to make sure that the application has been deployed to all computers and that is working perfectly. This solution works well at deployments. 

Other solutions can have failures, such as ManageEngine, and you have to deploy the application again. In BigFix, once the computer has communicated with the BigFix server, the agent workstation, you can be sure that the application will be deployed and delivered properly.

Sometimes the workstations communicate back to the BigFix server two or three days in a week or something similar. Sometimes there can be a delay reporting back to the server for a variety of reasons, such as users turning their computer off when they go home. When the user comes back and turns the computer back on BigFix needs to synchronize and sometimes it can take some time, approximately one week. The communication between the agent and the server should be faster, there is room for improvement in this area.

I have been using BigFix for approximately two years.

BigFix is reliable and stable, it is perfect.

Performance-wise is the best. When you have to do deployments you are sure that all the workstations will receive it, even though that there is sometimes a delay in reporting back to the server. The only time the deployment would not work is if the computer is decommissioned or not available.

BigFix is simple to scale, we are using the solution regularly. We use it every other week whenever we have meetings, we rely on it.

We have approximately 10 technicians and 3,000 users who receive a patch or use the solution in some way.

We have not had any big issues that would need the support. However, we did have some minor issues and the support was good and responsive.

I have used ManageEngine previously.

In my usage, I have found BigFix is more professional than ManageEngine. The reason that I'm saying this is when you deploy an application, you are sure and you are guaranteed that all workstations will receive it. However, for the ManageEngine, for some reason, you will find it may fail for 13 workstations. You might have to redeploy again, otherwise, you have to do it manually.

One of the positives of ManageEngine is it can be easy for users to deploy an application compared to BigFix.

The deployment process of BigFix was straightforward. You need to have a small number of programming skills or scripting skills to complete it. If you have skills, it is very easy to deploy. For somebody who's experienced, and has knowledge of some programming or scripting skills, it's very easy.

There were approximately three people, the vendors, and our technical teams that did the implementation.

BigFix requires specific maintenance, whenever there is a new release we manage it.

You are charged per server and per workstation when using BigFix. ManageEngine is a lot cheaper than BigFix. There are some additional costs, such as support.

I recommend BigFix as long as they have the budget. If they don't have that much money, they can use ManageEngine, which is satisfying for small and medium companies. For example, companies that have 250 computers. I have used ManageEngine at companies that had multiple locations. You can use some ManageEngine on one central location and then deploy it to all your branch offices.

I rate BigFix a nine out of ten.

Currently, we've got four big customers, and one is in mining. It's certainly for endpoint management, especially for patch compliance. That's normally our first use case. It's for Windows and Linux patch and patch compliance measurement. That's the biggest use case that we do. 

The main use for day-to-day operations is patching, and we are averaging 95 to 98% patch compliance, meaning we deployed almost 8,000. We put upgrades now in Africa, which is small. however, has 8,000 to 10,000 endpoints, and we have two people doing that, and it takes us about half a day a month.

The second use case is when we do compliance, and we replacing Microsoft DPOs, it makes it much easier to implement. On the compliance level, we always do level compliance due to the fact that BigFix has got the CIS, and we use the CIS standards for the checklist. 

Another company that we work with is in the energy sector. They are an energy company in Africa, and one of the things that we did was we helped them to migrate from Windows 7 to Windows 10 as one of the components of BigFix is Lifecycle OS Deployment. In that case, we helped them and they successfully migrated almost three and a half thousand Windows 7 and Windows 10 machines in three months. We used the BigFix OSD processor. 

Some of those countries, like Zimbabwe, Zambia, and Angola, didn't even have a network. We did the upgrade fully with memory sticks. We gave them USB thumb drives or memory sticks, and everything was on there, and they took that and actually went and the machines were upgraded that way.

The big drive at the end of the day is money-saving. You can accomplish a lot even if you have a very low-level resource and no access to other skilled resources. You give someone a thumb drive and he can plug it in, boot the machine, and 20 or 30 minutes later, the machine is fully completed from a pre-defined standard.

We used the solution to get control over licensing. We were able to avert a drop at the end of a three-year contract and in the process saved the client about $5 million in penalties.

The patch compliance is very good.

It's very easy to upgrade solutions, even in low-technology environments.

The stability is perfect.

The roll-out is super-easy.

The solution is unbelievably scalable.

We're not restricted on/off-network, and we don't have to be a member of a domain. You can be on a workgroup, laptop, Mac, et cetera.

Historically, the company used to belong to IBM, and there was competition between MaaS360 and BigFix components. They neglected the mobile portion, or the mobile device management portion of BigFix. It has been sold. IBM sold it two years ago to HCL of India. 

Therefore, that's one thing that's lacking - the mobile side. They don't have a proper mobile device management capability. They're working on it, however, that's the one thing that needs improvement so that you can have full unified endpoint management.

The ability to handle removable media encryption on the removable media label, et cetera, is lacking due to the fact that you cannot really control your USB device. Of course, recently, we had a use case where we had to lock down the USB devices, but there were, for instance, certain machines that were on a very specific model of USB drives that had a license key. This customer was using licensed software, and the license was on the USB stick. Now, the USB stick must be in the machine the whole time in order to use the application.

The solution needs to bring back the granular control of the USB devices that they offered a year or four years ago. That way, you can say "these devices are allowed" or "these devices are not allowed". That's the one major thing, in my opinion, that they could rethink, USB device control for removable media.

They're doing a lot of work on remote control. They are working on making it very, very simple. However, ti's not quite there yet.

I've been using the solution for five years at this point.

The stability on this solution is rock solid. I will put money up against it. BigFix is absolutely unbelievably stable. We never had any data corruption of any kind while using it.

You can do 250,000 endpoints with a machine that's got 32 bits of RAM and about 300 GB of disc space. That's the one thing about BigFix that makes it unique. The way you can easily scale is great. That's a biggie. Scalability is absolutely amazing.

I'm a little bit out of that department now, however, in Africa, in which that market is small, we've got between 20 or 30 customers. The big ones we have about 10,000 endpoints that we manage for them, and we are three people. There is only one team lead and two junior techs and we manage all the endpoints for them. Some of those endpoints are on the internet. Even if you're not on a corporate network, we can still monitor your environment on the same site. We can even give instructions in case of emergency to say, "Download this patch," or "Apply this patch," or "Change this compliance status," et cetera, with a GPO Microsoft directory.

The technical support, when the solution moved from IBM to HCL, improved dramatically. The technical documentation, the quality of the upgrades, et cetera, is really, really fantastic. I'm very glad IBM sold the product off to HCL as the quality of the product and everything surrounding it, including technical support, has improved dramatically. It's very good. We're quite satisfied.

The initial setup is not complex at all. It's very straightforward.

BigFix does license per server and per workstation. The cost depends on how many servers or work stations you are dealing with, and which tier of service you use.

BigFix consists of four modules. You get what we call the Platform Edition, which you get for free. The patch service is maybe $0.50 per workstation per month. Then there's the basic server cost, which is about $1.50 per server per month. You also get into Lifecycle which does power management, OSD remote control, and those types of things, and that might be about 10 times the price - which works out to about $13 per server and, maybe $5 per workstation per month.

It's all pretty customizable and you can just get the bare minimum or trade-up for a bit more.

We've looked at Microsoft SCCM, among others. At the end of the day, we looked for something fit for a really small company. We looked for something that can be simple, easy to deploy, and that was one of the reasons we chose BigFix. 

The main drive around BigFix was the fact that you don't need a lot of people to run it. That was one of the reasons we chose BigFix because it was small, or you can easily implement it on a very big scale, and one person can actually manage a lot of customers remotely. That was the reason we picked it. It was the only one that actually met those criteria at that point in time. 

I'm not using the latest version of the solution. I'm actually using the version before the latest.

I would advise that, before you buy the solution, you do a POC. You can do a 48-hour challenge where, if you start at 9 AM, you will be able to give patch compliance by 12 noon (for 1,000 endpoints). You've got three hours to install the product, get it up and running, deploy the agents, et cetera. Basically, take some time to test drive the product.

Overall, I'd rate the solution ten out of ten. I think it's a phenomenal product.

We primarily use the solution for patching.

The solution offers great patching, even for third-party patching. Many organizations know how to patch Microsoft products. However, the biggest benefit for BigFix is third-party patching. It can patch Notepad and Java - all of these third-party products that are non-Mircosoft.

It's stable. 

The implementation process is simple. 

It can scale. 

I'm not sure if there are any extra features needed.

It could use better integration with Hypervisor products like VMware. This is where it is lacking right now. There are articles available explaining how to integrate with VMware. However, it's my understanding that it is somewhat difficult. 

I am not sure if this is available on the cloud or not. 

I've been using the solution for three years. 

The solution is stable. I'd rate it eight out of ten. We've had no issues with stability. Performance-wise, it has been fine. 

One of the issues that my guys come across is it can take up to 48 hours before the Microsoft patches are available in BigFix since we are a day ahead in New Zealand. 

I'm not sure how many people are using the solution in our organization. 

The scalability is okay. I'd rate the solution seven or eight out of ten in terms of the ease of scaling. My experience with scaling has been pretty good. 

There is a lot of web access and online groups available, which are quite good. I don't necessarily have access to support and, therefore, cannot speak to their level of support.

We do have an internal team that would be able to get hold of support.

I'm also familiar with ECCM. However, it only patches Microsoft products. We've also used BatchPatch, used for pushing scripts, among other solutions.

I helped with the installation process for two customers. The installation was reasonably swift; however, the actual consideration and moving the patching products across into BigFix that can take a long time. The configuration took six to 12 months. 

A massive gain for BigFix would be if it was able to go and interrogate products like SCCM and import the patching sequences and groups, it would make it much easier. 

I'd rate the initial setup process seven out of ten. It does take quite a long time to bring everything across from other products. 

I'm not sure of the exact licensing structure. It might be about $23 a client. Some of the modules, such as security compliance and lifecycle, may cost extra. For example, the integration with BigFix and Micorosft Defender may require an extra license. 

I'm an avid BigFix fan, and we use it in my company quite a bit.

We're the biggest vendor in New Zealand, and we have it installed in our organization and fed out to clients. 

This is our patching product of choice. All new customers get BigFix implemented, and existing customers are encouraged to have it as well. 

We're an integrator. 

We're completing a new client install and working on the configuration of patching, and this is the best tool we've ever implemented for this customer. I love this tool. It could just be a bit more accessible.

I'd recommend the solution. I'd rate it nine out of ten.

The solution is being used for automation. We deploy the package as customized software, and we provide ad-hoc requests via BigFix.

The solution is deployed on the cloud, but it can also be installed on-premises.

The most valuable features are patch management, software installation, and asset management.

I would like the dashboard to be improved to show the problematic machines and good machines.

I have used BigFix for five years.

It's very stable.

We can scale up or down according to our needs.

Technical support is responsible and knowledgeable. They're supportive when we have any issue in the environment and require help from them.

We can troubleshoot the tool. If there are any major issues, we go to the support team for help.

I would rate technical support as five out of five.

The setup is easy. I would rate it as five out of five.

It requires maintenance every month. Only two or three people are needed for maintenance.

We used a third-party consultant.

BigFix is very easy to use. I have also used SCCM, but there were issues with the machine not restarting. There were many problems produced in the environment and in the agent. In BigFix, I haven't seen any issues with the agent. It works smoothly.

I would rate this solution as 10 out of 10.

We're using it for Windows patching and inventory. We are totally dependent on BigFix for these tasks.

Almost every feature is wonderful in BigFix. It is very stable, and we can rely on it. It is an awesome tool.

It can be improved speed-wise. They can make it a little bit light. If you do any query for servers in bulk, it can take some time. Similarly, creating a job can take some time. 

Automation is everything, and we're looking for more automation. If we have different jobs to secure the environment, such as with server hardening, and I want a particular service that is not running, BigFix should automatically check it and do the deployment. It can send a message about why a particular job is not working on the servers or not communicating properly with Active Directory. We should be able to check the reason. We just want just a little bit of monitoring in that area.

I have been using this solution for more than three years.

It is very stable. You can trust and rely on an automated job. It will definitely work. You get a proper message if it is not working for any particular reason. It gives you a complete picture.

It is definitely scalable. We are managing around 20,000 servers with it, and we have more than 100 users. We are providing web report access to application users as well. We create a job and provide access to different teams, such as the monitoring team, backup team, and security team to deploy the job. So, it is definitely scalable.

I have personally worked with them because I request them to create access for all my colleagues. If required, I log a case in BigFix. Earlier the support was very good for BigFix, but now, HCL is facing some challenges. We are getting support, but we need more in that area. Their support was much better as compared to this time.

I have not worked with a similar solution previously. We purchased Tanium
two to three years ago. It is being used by a different team, but we are still using BigFix. We want to replace BigFix, but we are not able to because we are more comfortable with it. So, we are continuing with BigFix.

It is very easy. It is simple to understand. Even though I had requested training for BigFix, I would have been able to work with it without training.

Its price is very reasonable.

I have been recommending BigFix to my friends and different companies. We are very happy with BigFix. 

I would rate it a nine out of ten. It is an excellent product, but there is always room for improvement.

I have used BigFix for patch management, compliance for security, and inventory OS deployment to software.

The most valuable feature of BigFix is the software deployment.

The solution could improve by adding support drivers for different systems and equipment. When you have a lot of different computers if they could fix how to install any updates, firmware, or drivers for different systems or servers it would be good.

In an upcoming release, they should add database support included and deliver the solution as a cloud service similar to the services on Microsft Azure.

I have been using BigFix for approximately 10 years.

BigFix is extremely stable.

I have found BigFix to be highly scalable. BigFix can be used on 10 computers, 10,000 and 1,000,000 computers. It doesn't matter the number of computers.

We have approximately 50 people using this solution in my organization. We use the solution daily.

BigFix is suitable for both SMB and enterprise customers.

The support from BigFix is excellent.

I rate the support from BigFix a five out of five.

I have used other similar solutions previously. The main difference between the other solutions and BigFix is you can do more for a lesser price with BigFix. You can do more with less effort to get it up and work properly. Its broader support for different OS systems.

I rate the implementation difficulty of BigFix a five out of five.

If you choose, for example, Microsoft SSM Configuration Manager, you need a lot of servers, databases, and the configuration of firewalls, et cetera. It's a tremendous cost before you get up and running. With BigFix, in 10 to 15 minutes, you're up and running. Everything is working well.

The price of BigFix is better than the solutions. You are able to pay monthly or annually. There are not any hidden costs with BigFix. There is an additional cost for the SQL database.

I rate the price of BigFix a five out of five.

I would recommend this solution to others. I would advise others the solutions are suitable for small to medium-sized companies, and enterprises.

I rate BigFix a ten out of ten.

We are a global security and cloud integrator, and we are also a reseller with a capability of up to 69 brands, but we're not married to anybody. Our goal is to give customers exactly what they need based on the scenario. We build everything that we sell. So, we have a large distribution partner that enables us to resell a lot of things. We definitely and always see what's hot in the market, and we are constantly reviewing technologies.

Patching and mobile device management are probably two of the biggest use cases of BigFix. 

In terms of the version, some of the clients have the latest version. BigFix is not a subscription as a service. It is not a SaaS model. It is an on-prem model for infrastructure teams to manage folks through the web or through the network, and it is not provided as a service. There is no open-source capability, so it doesn't really have an ecosystem around it. It's basically sold to clients for specific use.

For security these days, patching is obviously mission-critical. If you leave something unpatched, the vulnerability is easily found by the adversary, so that's critical. 

Mobile device management is also critical from the security aspect. BigFix is useful in scenarios where if a device is lost, you can disable it, and you can wipe it. All the company data that is available is completely encrypted, and it is basically illegible or not usable. People even have BigFix Mobile that they put on phones and other peripheral devices. You are basically putting a wrapper around the applications that are company applications in the bring your own device (BYOD) scenario.

It is for multiple use cases. A lot of people are looking at it just for security, and that's really endpoint security. The endpoint management part of it in terms of being able to constantly do patching for Windows, Unix, macOS, Cloud, Raspberry, VMware, and all Linux flavors is important, and they are very good at that. They have support for virtually every OS on the market.

A lot of people also use it for infrastructure value. HCL has changed the focus a little bit because it was originally looked at as a pure security tool on the IBM side for mobile device security, but since HCL took it over, it has become more focused on other different components. They've created REST APIs for the cloud, and there is now a scripting language that's associated with it. So, there are more broad use cases because the industry requires that. They also have their own development tool in BigFix.

HCL is India-based, and they've done a good job with BigFix, and they're also able to deliver the software at a lower price now. The integration is better with other security and vulnerability management tools. To remediate endpoint issues that are out there, they integrate with Tenable, Qualys, and others. So, you can manage all of your patches and fixes through one platform, even for all cloud services, which is a good thing. 

Training is obviously important, and HCL has done a better job than IBM at making that training available. Usually, there are different ways to do that, such as through video or self-service, etc.

I remember doing restarts a few times. So, making sure that it is rock solid from an executable perspective is important.

I have been working with all kinds of security tools, including this one, since 2001 or so. It has been 21 years.

We have interacted with them. They've been good and better probably in BigFix than some of the other tools that they acquired in that IBM divestiture. 

It is pretty easy to implement.

I would rate it an eight out of ten. It does everything reasonably well. There are so many competitors who do just one piece of this, or they're not really head-up competitors because some are into mobile security, and some are more into mobile endpoint management and patching.