BigFix Reviews

We used BigFix internally at my previous org. My current company is a BigFix reseller. A lot of people are looking at endpoint security now, but we primarily used BigFix for true endpoint management.

Endpoint security has become the main thing, but we used BigFix for patching and a lot of the other use cases in the past, and I think it worked pretty well. Obviously, the market has gotten much more crowded. 

The UEM component evolved into reunified endpoint management. Many of our customers used it for deployment and patching. HCL has a new endpoint security approach now, but it was really for managing that. 

BigFix can manage lost devices, so you can wipe them remotely to ensure the IP doesn't get out in public. Unified endpoint security is a new perspective. I know that HCL is also collaborating with IBM, but I'm not sure if there is any cooperation between them and MaaS360 or other endpoint components.

The main shortcoming of BigFix was integration with vulnerability management. If you had a vulnerability in your software and BigFix on the endpoint, you needed integration with Qualys, Tenable, or another vulnerability management solution to fix that. It was like, "Okay, we can identify issues, and get that information back from the endpoint, but what are we doing about it?" 

The stability has been solid when I've used BigFix with customers in the past. In that space, I don't think everybody is doing as much innovation as in other areas in the endpoint management or security market. 

I delineate between those two because endpoint management is a different use case. I think it's probably become a lot more important since the pandemic started.

We never had any challenges with scalability. Some of our customers had tens of thousands of endpoints. 

I used a few competitors a while back, but I don't know what LANDESK is up to these days. They were a big player in the market, but I don't know what other contenders are out there now.

The patching tool is $250 per client device per year. The inventory and discovery tool is $15 per client per year. They have a lifecycle management tool that is the central component for managing endpoints, which costs around $43 per year. BigFix Compliance is the other part, and that's also around $43.

I rate BigFix nine out of 10. I wouldn't recommend it to everyone. It depends on your infrastructure. If you have a pure Microsoft shop, you can probably get by deploying and managing endpoints their way. 

However, if you have a mixed environment of any kind, BigFix is good at what it does. Patch management is vital for security posture, so I wouldn't be surprised if BigFix is becoming increasingly popular.

It's primarily used for endpoint license monitoring. It's for the usage of applications, monitoring usage of CPUs, and stuff like this. When you have an audit, you can prove very fast what product you are using and what kind of CPU resources they are using.

There are other use cases. For example, I can find details for every use case where I need to know something about the software installed. Once, we had a Log4j bug. When the Log4j bug was live, we could use BigFix to analyze which of all the servers and clients this bug is used.

It's very usable for a technician, for an administrator. It's very straightforward. The usability is very close to everyday technical tools that you use as a systems administrator. So it's quite user-friendly. That said, it's not user-friendly for someone who is not working a lot with stuff like this. 

It's quite user-friendly if you are technical and if you just know what you want to do and to do the tasks. It's not user-friendly for someone who is a new user or something like this. It's specialized and user-friendly.

Maybe the online help could be improved. 

It'd be nice if you would have a lot more phrases and keywords that you could search for and find answers with the help.

It would be nice if there could be an extra interface. Not really to script something. However, if you want to make a drag-and-drop script, something like this, that would be quite useful for us.

I've been using the solution for one year now.

It is pretty stable and reliable. That's not a problem at all. 

The end users are all the teams. We have a Windows team, Linux team, application team, et cetera. All the teams work with the outputs of this tool. There might be 40 to 50 people or something working with this product.

You can have relays, and then you can scale it. It's a scalable system.

I work with it regularly, every week.

Their online help mechanisms and documentation need to be improved. It's hard to find documented answers to your questions as the search functionality isn't ideal. 

That said, their direct support is excellent. 

Positive

I have not worked with any other similar product.

I did not set up the system. It was set up when I got the task to take care of this product. It was already installed.

The product itself doesn't require a lot of maintenance. Of course, the server and client updates would be good as the tool has clients. The clients install them on all machines. However, the topic itself needs a lot of maintenance. If you want the data in BigFix to be up to date in case of an audit, you have to take care of the insights of BigFix. BigFix itself is running. However, the list of the servers needs to be correct, et cetera.

It was set up within the company. There was no outside assistance.

I don't handle the licensing aspect of the solution. I can't speak to the price. 

I am working with the latest update. I'm an end-user of the product.

I'm totally satisfied. For the use of the product that we have, it's totally working. It's fine.

I would recommend the solution if you are using a lot of IBM software in your company. If you are using BigFix and you have the client installed on every machine, you are nearly always audit-safe from out of the box. I would recommend it to everybody who has to take care of a lot of IBM product licensing. For everybody who has a lot of IBM products to be licensed, I would recommend using BigFix.

I'd rate it eight out of ten. 

I'm a full stack developer and we are customers of BigFix. 

All the vendor patches are synchronized automatically, which is something you don't find in other tools. It enables an unlimited number of management fixes to be created automatically. For software deployments and software package staging, we can easily use a web script and deploy directly which is another great feature.

Improvements can be made when it comes to in-place and OS upgrades. For example, SCCM provides a feature upgrade that's automatically synchronized, whereas in BigFix it doesn't synchronize for feature updates for Windows 10.
I'd also like to see some more advanced reporting tools. 

I've been using this solution for about four years. 

The solution is generally stable although sometimes our customers will report some issues and it's not always easy to find the source. 

The scalability is fine. 

We don't really use customer support. We have enough knowledge for reporting and deployments, and we have a TRC that allows us to access the remote of the end-users and check any problems. 

The initial setup is straightforward. 

If you compare BigFix with SCCM, both have their own specialty tools. In some cases, I prefer BigFix and in others I prefer SCCM. If you're talking about patching, I'd go with BigFix but if it's connected to image management, then I'd go with SCCM.

I rate this solution seven out of 10. 

We use the latest version.

Upon our evaluation of other products we found that most solutions provide the same technological functions and features. But, BigFix has two advantages over these. The first is that its price is competitive. The second is that we found the implementation partner to be very supportive in terms of explaining and training the in-house resources and deploying the solution. 

The architecture is also lightweight.

The reporting and dashboard parts have room for improvement. When it comes to the dashboard it should include certain customized reports. The requirements may vary from one automation to another and it would be nice to see the reports in their own style. As such, there should be more reports included and a greater ability to customize them. 

I cannot say I am aware of all the functions of BigFix. I believe it has antivirus capabilities and others of which I am not knowledgeable. For the moment, we use the antivirus capabilities of Trend Micro although, going forward, I would like to evaluate those of BigFix. Should these turn out to be lightweight and more effective than those of Trend Micro then I would definitely consider replacing them so that I may have all the functions contained within a single console. 

We have been using BigFix for the past two years.

The solution is stable. 

Scalability is another factor which must be taken into account at the design stage, keeping in mind the endpoints and how one wishes for them to grow. The endpoints will govern how one provisions the infrastructure. Since the license is only subscription-based, if a person provisions his infrastructure correctly, he may scale up easily. 

The initial setup was easy. 

Yet, there are many other criteria which must be taken into account because there is a need for the distributed network. As such, it is important to understand the bandwidth that it will consume when it comes to pushing the latest updates. This means that the solution must be designed in such a way that the implementation would not choke the bandwidth or consume much of it or other activities, as the appliances it contains would also be consuming the same bandwidth. 

We are not talking about putting a separate network or network connectivity for pushing the patches. We usually use the same connectivity. We see that the designing stage is of critical importance and, if done correctly, the implementation will follow more easily. 

We utilized an implementation partner who we found to be supportive and explanatory when it came to training the in-house resources and to deploying the solution. 

The license is subscription-based. 

I would recommend the solution to others. This said, it is important to understand one's architecture and to have a knowledge of how one's endpoints are scattered and what the deployment and network architecture will look like. Once this is clarified, the solution would provide a good option. The same can be said for any product. The design of the implementation of the solution is of especial importance. 

We are using BigFix 10. We have been using this solution for app management and even for BP management. We use it for continuous improvement in terms of security and enhancements. We use it for AWS, Azure, Google, and other applications. 

It supports most of the applications, software, and OS. We don't need to go around and look for many tools. Most of the applications are completely supported, and it is much better than Qualys and Tenable. It also works pretty fast.

It is pretty secure, and it gives extensive vulnerability features as compared to other applications. It supports multiple languages, and the security checks are pretty high as compared to other tools in the market. 

It is a one-stop tool that allows you to do everything. It supports reporting, vulnerability management, patch management, and configuration. All things can be done in one tool.

It is a very user-friendly solution with a very good interface.

The reporting structure could be a little more simplistic. Currently, it throws too many vulnerabilities. Some of them are not needed because they are only informational and limitations, and they are not of much help. It doesn't need to show us these things.

Its pricing should be improved. It is too costly.

Its stability is very good. It is a standard tool, and it is also one of the leading tools in the market.

It supports most of the applications. It is pretty good in terms of scalability.

In our organization, we don't have more than 10 users. We use this tool on client-specific applications, and it is purchased by the client, and that's why we don't have many users in our organization.

We have plans to increase its usage, but it depends on the budget. If most of the application owners agree to the budget, we can probably use it extensively.

We get pretty good support on this. We can call them, and we also can connect with them through chat centers.

It was straightforward, but it took some time for us to settle down and get started. There were a lot of things to learn online. The deployment took about two to three months.

It is too costly. It is one of the best tools, but because of pricing, not all clients support it. 

Its licensing is on a yearly basis.

It was directly purchased by the client, and that's why we didn't look for or evaluate a different product. It was also better than most of the tools.

I would highly recommend this solution and advise everybody to use it in their organization.

I would rate BigFix a nine out of 10. I am super happy with it. It works well and surpasses what you expect.

We are an MSP, and we use this solution for our customers as well as for our company. 

I use BigFix for everything. I use it for patch management, software distribution, OS deployment, server automation, and inventory and asset management.

BigFix is a great product. The flexibility of putting together your own relevance and retrieving custom data from any one of your agents is a valuable feature. It is one of my favorite features because if a boss asks me, "How many of these devices do we have?", I can put together a report in two seconds.

The only thing that I don't like about BigFix is that it does not support other devices such as printer firmware, router firmware, and things like that. I will be happy if I can control everything and get everything else in there, even if it is just a line item.

They can do some enhancements to the Web UI. I am trying to get customers to be able to manage their environment by using Web UI, and it would be good if we can delete endpoints by using Web UI. We should also be able to generate Excel content or data tables from the Web UI without having to go to the console. It is small stuff, and it drives me crazy that I have to go to another console to do these things.

I have been using this solution for years.

It is a pretty stable product. There are problems only if you mess up during the installation. If you do it right, then everything is fine.

It is scalable. It is able to handle up to 250,000 devices. So, you should be fine with anything under that. 

I work with all kinds of customers. I have small customers with 30 endpoints, and I also have a couple of big customers with 30,000 or 40,000 endpoints.

It has been great since it became HCL.

I know how to use them all. I have used Asterisk and other solutions, but I got used to BigFix. BigFix is pretty straightforward.

Its initial setup is straightforward.

I would advise taking some of the training so that you can use the product to the fullest potential. It is a huge and flexible product, and you can take advantage of a lot of stuff if you know how to do it. If you don't know, you're never going to take advantage of it.

I would rate BigFix a ten out of ten.

Currently, we've got four big customers, and one is in mining. It's certainly for endpoint management, especially for patch compliance. That's normally our first use case. It's for Windows and Linux patch and patch compliance measurement. That's the biggest use case that we do. 

The main use for day-to-day operations is patching, and we are averaging 95 to 98% patch compliance, meaning we deployed almost 8,000. We put upgrades now in Africa, which is small. however, has 8,000 to 10,000 endpoints, and we have two people doing that, and it takes us about half a day a month.

The second use case is when we do compliance, and we replacing Microsoft DPOs, it makes it much easier to implement. On the compliance level, we always do level compliance due to the fact that BigFix has got the CIS, and we use the CIS standards for the checklist. 

Another company that we work with is in the energy sector. They are an energy company in Africa, and one of the things that we did was we helped them to migrate from Windows 7 to Windows 10 as one of the components of BigFix is Lifecycle OS Deployment. In that case, we helped them and they successfully migrated almost three and a half thousand Windows 7 and Windows 10 machines in three months. We used the BigFix OSD processor. 

Some of those countries, like Zimbabwe, Zambia, and Angola, didn't even have a network. We did the upgrade fully with memory sticks. We gave them USB thumb drives or memory sticks, and everything was on there, and they took that and actually went and the machines were upgraded that way.

The big drive at the end of the day is money-saving. You can accomplish a lot even if you have a very low-level resource and no access to other skilled resources. You give someone a thumb drive and he can plug it in, boot the machine, and 20 or 30 minutes later, the machine is fully completed from a pre-defined standard.

We used the solution to get control over licensing. We were able to avert a drop at the end of a three-year contract and in the process saved the client about $5 million in penalties.

The patch compliance is very good.

It's very easy to upgrade solutions, even in low-technology environments.

The stability is perfect.

The roll-out is super-easy.

The solution is unbelievably scalable.

We're not restricted on/off-network, and we don't have to be a member of a domain. You can be on a workgroup, laptop, Mac, et cetera.

Historically, the company used to belong to IBM, and there was competition between MaaS360 and BigFix components. They neglected the mobile portion, or the mobile device management portion of BigFix. It has been sold. IBM sold it two years ago to HCL of India. 

Therefore, that's one thing that's lacking - the mobile side. They don't have a proper mobile device management capability. They're working on it, however, that's the one thing that needs improvement so that you can have full unified endpoint management.

The ability to handle removable media encryption on the removable media label, et cetera, is lacking due to the fact that you cannot really control your USB device. Of course, recently, we had a use case where we had to lock down the USB devices, but there were, for instance, certain machines that were on a very specific model of USB drives that had a license key. This customer was using licensed software, and the license was on the USB stick. Now, the USB stick must be in the machine the whole time in order to use the application.

The solution needs to bring back the granular control of the USB devices that they offered a year or four years ago. That way, you can say "these devices are allowed" or "these devices are not allowed". That's the one major thing, in my opinion, that they could rethink, USB device control for removable media.

They're doing a lot of work on remote control. They are working on making it very, very simple. However, ti's not quite there yet.

I've been using the solution for five years at this point.

The stability on this solution is rock solid. I will put money up against it. BigFix is absolutely unbelievably stable. We never had any data corruption of any kind while using it.

You can do 250,000 endpoints with a machine that's got 32 bits of RAM and about 300 GB of disc space. That's the one thing about BigFix that makes it unique. The way you can easily scale is great. That's a biggie. Scalability is absolutely amazing.

I'm a little bit out of that department now, however, in Africa, in which that market is small, we've got between 20 or 30 customers. The big ones we have about 10,000 endpoints that we manage for them, and we are three people. There is only one team lead and two junior techs and we manage all the endpoints for them. Some of those endpoints are on the internet. Even if you're not on a corporate network, we can still monitor your environment on the same site. We can even give instructions in case of emergency to say, "Download this patch," or "Apply this patch," or "Change this compliance status," et cetera, with a GPO Microsoft directory.

The technical support, when the solution moved from IBM to HCL, improved dramatically. The technical documentation, the quality of the upgrades, et cetera, is really, really fantastic. I'm very glad IBM sold the product off to HCL as the quality of the product and everything surrounding it, including technical support, has improved dramatically. It's very good. We're quite satisfied.

The initial setup is not complex at all. It's very straightforward.

BigFix does license per server and per workstation. The cost depends on how many servers or work stations you are dealing with, and which tier of service you use.

BigFix consists of four modules. You get what we call the Platform Edition, which you get for free. The patch service is maybe $0.50 per workstation per month. Then there's the basic server cost, which is about $1.50 per server per month. You also get into Lifecycle which does power management, OSD remote control, and those types of things, and that might be about 10 times the price - which works out to about $13 per server and, maybe $5 per workstation per month.

It's all pretty customizable and you can just get the bare minimum or trade-up for a bit more.

We've looked at Microsoft SCCM, among others. At the end of the day, we looked for something fit for a really small company. We looked for something that can be simple, easy to deploy, and that was one of the reasons we chose BigFix. 

The main drive around BigFix was the fact that you don't need a lot of people to run it. That was one of the reasons we chose BigFix because it was small, or you can easily implement it on a very big scale, and one person can actually manage a lot of customers remotely. That was the reason we picked it. It was the only one that actually met those criteria at that point in time. 

I'm not using the latest version of the solution. I'm actually using the version before the latest.

I would advise that, before you buy the solution, you do a POC. You can do a 48-hour challenge where, if you start at 9 AM, you will be able to give patch compliance by 12 noon (for 1,000 endpoints). You've got three hours to install the product, get it up and running, deploy the agents, et cetera. Basically, take some time to test drive the product.

Overall, I'd rate the solution ten out of ten. I think it's a phenomenal product.

We use the solution to manage servers in the data center. Then the other client monitors the server, including Windows 10.

BigFix is integrated with the development process, making it easy for developers to remediate vulnerabilities directly from the outside.

Some clients have adopted it but have expressed concerns about its flexibility. They have other tools that effectively address this flexibility. BigFix offers basic vulnerability management capabilities, but it lacks integration.

I have been using the solution for eight and a half years. We are using the V10 of the solution.

The product is stable.

The solution has high scalability. Most of our clients are the big ones like National Banking.

I rate the solution’s scalability a nine out of ten.

There have been some technical issues that have required us to contact support. Support has helped troubleshoot and fix these issues, but it can sometimes be a problem, depending on the case.

Positive

The initial setup is easy and takes an hour.

The tool offers a good return on investment. There are many defects, but it can provide solutions for the company.

The product is affordable. I rate the solution’s pricing a three out of ten, where one is cheap, and ten is high.

BigFix provide a comprehensive set of device monitoring features. BigFix can monitor not only the device's hardware and software, but also its security posture and performance. This information can be used by the IT team to troubleshoot problems, improve performance, and maintain security.

Overall, I rate the solution a ten out of ten.