BigFix Reviews

We are a global security and cloud integrator, and we are also a reseller with a capability of up to 69 brands, but we're not married to anybody. Our goal is to give customers exactly what they need based on the scenario. We build everything that we sell. So, we have a large distribution partner that enables us to resell a lot of things. We definitely and always see what's hot in the market, and we are constantly reviewing technologies.

Patching and mobile device management are probably two of the biggest use cases of BigFix. 

In terms of the version, some of the clients have the latest version. BigFix is not a subscription as a service. It is not a SaaS model. It is an on-prem model for infrastructure teams to manage folks through the web or through the network, and it is not provided as a service. There is no open-source capability, so it doesn't really have an ecosystem around it. It's basically sold to clients for specific use.

For security these days, patching is obviously mission-critical. If you leave something unpatched, the vulnerability is easily found by the adversary, so that's critical. 

Mobile device management is also critical from the security aspect. BigFix is useful in scenarios where if a device is lost, you can disable it, and you can wipe it. All the company data that is available is completely encrypted, and it is basically illegible or not usable. People even have BigFix Mobile that they put on phones and other peripheral devices. You are basically putting a wrapper around the applications that are company applications in the bring your own device (BYOD) scenario.

It is for multiple use cases. A lot of people are looking at it just for security, and that's really endpoint security. The endpoint management part of it in terms of being able to constantly do patching for Windows, Unix, macOS, Cloud, Raspberry, VMware, and all Linux flavors is important, and they are very good at that. They have support for virtually every OS on the market.

A lot of people also use it for infrastructure value. HCL has changed the focus a little bit because it was originally looked at as a pure security tool on the IBM side for mobile device security, but since HCL took it over, it has become more focused on other different components. They've created REST APIs for the cloud, and there is now a scripting language that's associated with it. So, there are more broad use cases because the industry requires that. They also have their own development tool in BigFix.

HCL is India-based, and they've done a good job with BigFix, and they're also able to deliver the software at a lower price now. The integration is better with other security and vulnerability management tools. To remediate endpoint issues that are out there, they integrate with Tenable, Qualys, and others. So, you can manage all of your patches and fixes through one platform, even for all cloud services, which is a good thing. 

Training is obviously important, and HCL has done a better job than IBM at making that training available. Usually, there are different ways to do that, such as through video or self-service, etc.

I remember doing restarts a few times. So, making sure that it is rock solid from an executable perspective is important.

I have been working with all kinds of security tools, including this one, since 2001 or so. It has been 21 years.

We have interacted with them. They've been good and better probably in BigFix than some of the other tools that they acquired in that IBM divestiture. 

It is pretty easy to implement.

I would rate it an eight out of ten. It does everything reasonably well. There are so many competitors who do just one piece of this, or they're not really head-up competitors because some are into mobile security, and some are more into mobile endpoint management and patching.

We use the HCL BigFix solution to provide patch-, software- and OS-image distribution services for our customers. In addition endpoint solution avcurat software, ILMT and hardware inventory. Since BigFix is base on the principle of pull, not push the administrators can afford precise information in real time about the status of distribution of patches and software.

The BigFix console deliver an excellent overview of all endpoints, and tasks and fixlets to be done. You do not need to click through an endless numbers of wysiwigs, one by one - With BigFix you can create dynamics group with thousands of endoints, selected by an excact numbers of criteria. When you need to do many tasks and distribute many patches at once, BigFix gives you the opurutnity to create baselinesr where you ochestras tasks to be fone to be performed in a specific order.

BigFix is base on the principle if something is relevant or not. The systems works more or less like an complex database the sends small messeges to endpoint and ask them to report back to the server. If a given condition is true, them it's relevant and server will ask the client to something It's simple as that. Therefore, BigFix is extrempower solution when it supports more than 90 diffferent OS. The system can manage whatever you you want!

"The heart of the Fixlet technology is the Relevance language that allows authors to interrogate the hardware and software properties of your managed clients using Inspectors. With the Relevance language, you can write expressions describing virtually any aspect of the client environment. Some Fixlets are simply designed to return Relevance information to the servers, but most of them suggest actions that can patch or update the client computer. The actions, in turn, also take advantage of Relevance expressions. Fixlet messages and Relevance expressions by themselves can only notify the user or the administrator. Actions, on the other hand, are specifically designed to modify the client, so there is a clear dividing line between a Relevance expression and its associated action - typically a human is required to deploy the action."

The support of other 3rd party ssytems could be better. ServiceNow is supported by BigFix - But there is a lot of other systems that BigFix could support and vice versa and make it even more powerful. With all the inventory information avout the osftware and hardware in the network of the organization - The BigFix database could be a very valuable source for other maniufactors and porviders of software and hardware.

I have been working with Bigfix for almost ten years where I use the it distribute patches and software for my customers. After a while, the Windows 7 and later Windows 10 clienent become very stable. From what I have learn, IBM and HCL who owned thd product, do an wxtra quality chack of the patches before the release them. Sometimes the team behind Bigfix discover need of patches that become recommended by Microsoft many years later.

The stability is great! We have not experienced any issues. 

The scalability is excellent!. The BigFix solution is organized like a pyramid with the main master server at top. From there BigFix use relays to distribute Fixlets and Tasks to the clients. You can organize your hierarchy to fit your organization. The number of endpoints should not pass 5000 clients pr. relay before you set up a new relay. The funnie matter of fact is that a relay can use workstation with a lot of disk space - It does need to be a Windows-server, it can also be a Linux server or a workstation. From my point of view, this is really remarkable, because how many endpoint management systems can handle everything from a small office with 10 computers to multitenant conglormerat with 300 000 endpoints with only one, yes 1 server? Waht you need at your backroom is a SQL-server that is able to handle all the data...

Technical support is above average, and in fact, I would say that they have superb support.

Like many other small IT-companies, I patch the clients manually or by Windows Update. When you get a lot of clients to be patched, it's impossible to do it manually. You need a tool to do the job and you need documentation what you have done and when. If patch goes wrong, you must be able to identify that one very wuick and removed before it do to much damage. With BigFix, you get control and you know excactly the status of patches. If you use tools like Microsoft InTune to do the patch job, it's like sending Voyager 2 to Pluto - It felles like the patch is lost in space and you never know if it will ever send information back home what happends. With BigFix, more than 90% of you patches will dsitrbuted at first try and report back home that they found a safe harbour.

The documentation is good. Follow the recommended configuration by HCL and you will be up and running very soon. It's pretty easy to set up with some knowledge. Be aware that DNS-isssues can be a challenge if the server is not visible at Internet by a public IP during the initial setup. The configuration at firewall can a challenge especially to get SQL-server vissible for the BigFix-server.

We mananged to do it by our self. 

Very high. In a short time, you will get your expenses paid back very shortly.

The licens price of the HCL BigFix is very fair. The challenge is the license of the MS SQL server. If you can handle DB2 - The DB2 database server that is included with BigFix is free to use. Because the MS SQL -server express cannot be used unless demo purposes, I recommend and SPLA license for the MS SQL server wich gives you the oppuritiny to connect an unlimited numbers of clients to the BigFix server. 

Other systems like Microsoft SCCM has been considered. The systems is too complex and require too many resources compared with BigFix. The BigFix server with the SQL server included could be running and on a singel portable workstation and mange the patch-management of ogf thousands of endpoint. How many SCCM do you need to do that? With Bigfix you can manage a small office with 10 clients as well as enterprise evirement with 250 000 endpoint with only one BigFix-server. 

BigFix is value for money - You get a simple, robust, dynamic and very powerful solution for a very reasonable price. Don't for get the hidden cost compared to other tool - How many ports do you need to configure by very expensive network assistant when running SCCM? With BigFix it's enough to open only one port. With BigFix you have a multitenant solution that make is possible for you as an service provider to use BigFix to manage many customers at the same time with same server, without setting up trust between different networks. Because BigFix has it's own secure comminication between the server and the clients.

The most valuable features of the solution are Windows patching and the hardware and software inventory. The solution's reporting is very good in a single console.

The solution’s pricing could be improved.

We have been doing a POC for the last three months with BigFix's Evolution version.

I rate the solution a nine out of ten for stability.

Around 500 users are using the solution in our organization.

I rate the solution an eight or nine out of ten for scalability.

Intune only supports Windows and does not support other platforms like Unix and Linux. On the other hand, BigFix supports all platforms.

The solution's initial setup is simple and not complex. I have done the full server installation and configuration thrice, and it's not complex.

On a scale from one to ten, where one is expensive and ten is cheap, I rate the solution's pricing one out of ten.

Patch management is configured in existing endpoint computers. We are pushing the custom policy deployment in weekly patches, which require critical and important patches. Since it's a by-policy, it's pushed automatically. We have enabled the solution's remote endpoint management option, but we are primarily focussing on licensing hardware and software inventory.

BigFix's integration with our IT infrastructure was easy. I would recommend the solution to other users.

Overall, I rate the solution ten out of ten.

We use the solution to push patches to our servers, primarily for desktop and server security updates.

We proved the endpoint's effective delivery of software updates and conducted a network inventory in BigFix. This significantly improved the completion status and generated reports on the percentage of patching immediately after Microsoft releases the patches. This report is easily available for our end-user computing platform.

Desktop patching is the most valuable feature, because with servers, we have complete control over them, and we can simply push patches to the servers. However, desktops are one of the most common sources of leakage, which can occur for different reasons if patches are not uploaded on time. We have significantly improved the desktop side of it. This includes endpoints such as laptops, desktops, and other mobile devices.

The deployment has room for improvement and can be more streamlined.

The automation has room for improvement.

I have been using the solution for one year.

I give the stability an eight out of ten.

I give the scalability an eight out of ten.

We previously used Microsoft Windows Server Update Services, but we switched because we could not have a complete schedule for a server to receive updates. We have a few other features in BigFix, such as managing network endpoints, discovering endpoints, and a scanner. All of these features are not available with Microsoft and Linux patching.

It is very important to use the solution effectively. In most installations, we deploy without configuring all the features and implementing them, so we do not gain much from it. Therefore, I think some automation processes can be adjusted to prevent the zero-rate thread.

The deployment phase was somewhat complex due to the need to open many firewalls within the network. Considering the large scale of the company, with fifty thousand employees around the world, I believe that in my previous job, we could have improved communication by reducing the number of ports required for the servers to communicate within the network.

We had a project manager assigned from the BigFix team who listed out all the requirements for effective communication to be established. However, the challenge of implementing BigFix in multiple countries and coordinating with multiple network teams in order to open the required communication between the firewalls was a seemingly hopeless task. If the application uses specific codes that are common in nature, typically those ports are already allowed in the network.

The deployment took us three months.

I give the pricing a seven out of ten. The cost is slightly high.

I give the solution an eight out of ten.

In the deployment phase, we need to get the firewall ports that are required and open ports to the Internet for the DNC-based servers to communicate and download patches. These tasks need to be taken care of during the deployment phase, as it will be very difficult to troubleshoot and fix things once they are implemented. Therefore, the deployment phase needs to be covered effectively. Thinking of the features at a later point in time will not solve all the problems.

When evaluating solutions, there were very few in the market that provided most of the security features. When we evaluated BigFix, it was the VMDR functionality that stood out compared to the others. We would have to use a piecemeal solution or multiple products to be configured in the system. The effectiveness of BigFix was secondary, but we at least had some basic information available regarding security, VMDR management, detection, and response.

I'm a full stack developer and we are customers of BigFix. 

All the vendor patches are synchronized automatically, which is something you don't find in other tools. It enables an unlimited number of management fixes to be created automatically. For software deployments and software package staging, we can easily use a web script and deploy directly which is another great feature.

Improvements can be made when it comes to in-place and OS upgrades. For example, SCCM provides a feature upgrade that's automatically synchronized, whereas in BigFix it doesn't synchronize for feature updates for Windows 10.
I'd also like to see some more advanced reporting tools. 

I've been using this solution for about four years. 

The solution is generally stable although sometimes our customers will report some issues and it's not always easy to find the source. 

The scalability is fine. 

We don't really use customer support. We have enough knowledge for reporting and deployments, and we have a TRC that allows us to access the remote of the end-users and check any problems. 

The initial setup is straightforward. 

If you compare BigFix with SCCM, both have their own specialty tools. In some cases, I prefer BigFix and in others I prefer SCCM. If you're talking about patching, I'd go with BigFix but if it's connected to image management, then I'd go with SCCM.

I rate this solution seven out of 10. 

We use the latest version.

Upon our evaluation of other products we found that most solutions provide the same technological functions and features. But, BigFix has two advantages over these. The first is that its price is competitive. The second is that we found the implementation partner to be very supportive in terms of explaining and training the in-house resources and deploying the solution. 

The architecture is also lightweight.

The reporting and dashboard parts have room for improvement. When it comes to the dashboard it should include certain customized reports. The requirements may vary from one automation to another and it would be nice to see the reports in their own style. As such, there should be more reports included and a greater ability to customize them. 

I cannot say I am aware of all the functions of BigFix. I believe it has antivirus capabilities and others of which I am not knowledgeable. For the moment, we use the antivirus capabilities of Trend Micro although, going forward, I would like to evaluate those of BigFix. Should these turn out to be lightweight and more effective than those of Trend Micro then I would definitely consider replacing them so that I may have all the functions contained within a single console. 

We have been using BigFix for the past two years.

The solution is stable. 

Scalability is another factor which must be taken into account at the design stage, keeping in mind the endpoints and how one wishes for them to grow. The endpoints will govern how one provisions the infrastructure. Since the license is only subscription-based, if a person provisions his infrastructure correctly, he may scale up easily. 

The initial setup was easy. 

Yet, there are many other criteria which must be taken into account because there is a need for the distributed network. As such, it is important to understand the bandwidth that it will consume when it comes to pushing the latest updates. This means that the solution must be designed in such a way that the implementation would not choke the bandwidth or consume much of it or other activities, as the appliances it contains would also be consuming the same bandwidth. 

We are not talking about putting a separate network or network connectivity for pushing the patches. We usually use the same connectivity. We see that the designing stage is of critical importance and, if done correctly, the implementation will follow more easily. 

We utilized an implementation partner who we found to be supportive and explanatory when it came to training the in-house resources and to deploying the solution. 

The license is subscription-based. 

I would recommend the solution to others. This said, it is important to understand one's architecture and to have a knowledge of how one's endpoints are scattered and what the deployment and network architecture will look like. Once this is clarified, the solution would provide a good option. The same can be said for any product. The design of the implementation of the solution is of especial importance. 

We are using BigFix 10. We have been using this solution for app management and even for BP management. We use it for continuous improvement in terms of security and enhancements. We use it for AWS, Azure, Google, and other applications. 

It supports most of the applications, software, and OS. We don't need to go around and look for many tools. Most of the applications are completely supported, and it is much better than Qualys and Tenable. It also works pretty fast.

It is pretty secure, and it gives extensive vulnerability features as compared to other applications. It supports multiple languages, and the security checks are pretty high as compared to other tools in the market. 

It is a one-stop tool that allows you to do everything. It supports reporting, vulnerability management, patch management, and configuration. All things can be done in one tool.

It is a very user-friendly solution with a very good interface.

The reporting structure could be a little more simplistic. Currently, it throws too many vulnerabilities. Some of them are not needed because they are only informational and limitations, and they are not of much help. It doesn't need to show us these things.

Its pricing should be improved. It is too costly.

Its stability is very good. It is a standard tool, and it is also one of the leading tools in the market.

It supports most of the applications. It is pretty good in terms of scalability.

In our organization, we don't have more than 10 users. We use this tool on client-specific applications, and it is purchased by the client, and that's why we don't have many users in our organization.

We have plans to increase its usage, but it depends on the budget. If most of the application owners agree to the budget, we can probably use it extensively.

We get pretty good support on this. We can call them, and we also can connect with them through chat centers.

It was straightforward, but it took some time for us to settle down and get started. There were a lot of things to learn online. The deployment took about two to three months.

It is too costly. It is one of the best tools, but because of pricing, not all clients support it. 

Its licensing is on a yearly basis.

It was directly purchased by the client, and that's why we didn't look for or evaluate a different product. It was also better than most of the tools.

I would highly recommend this solution and advise everybody to use it in their organization.

I would rate BigFix a nine out of 10. I am super happy with it. It works well and surpasses what you expect.

We are an MSP, and we use this solution for our customers as well as for our company. 

I use BigFix for everything. I use it for patch management, software distribution, OS deployment, server automation, and inventory and asset management.

BigFix is a great product. The flexibility of putting together your own relevance and retrieving custom data from any one of your agents is a valuable feature. It is one of my favorite features because if a boss asks me, "How many of these devices do we have?", I can put together a report in two seconds.

The only thing that I don't like about BigFix is that it does not support other devices such as printer firmware, router firmware, and things like that. I will be happy if I can control everything and get everything else in there, even if it is just a line item.

They can do some enhancements to the Web UI. I am trying to get customers to be able to manage their environment by using Web UI, and it would be good if we can delete endpoints by using Web UI. We should also be able to generate Excel content or data tables from the Web UI without having to go to the console. It is small stuff, and it drives me crazy that I have to go to another console to do these things.

I have been using this solution for years.

It is a pretty stable product. There are problems only if you mess up during the installation. If you do it right, then everything is fine.

It is scalable. It is able to handle up to 250,000 devices. So, you should be fine with anything under that. 

I work with all kinds of customers. I have small customers with 30 endpoints, and I also have a couple of big customers with 30,000 or 40,000 endpoints.

It has been great since it became HCL.

I know how to use them all. I have used Asterisk and other solutions, but I got used to BigFix. BigFix is pretty straightforward.

Its initial setup is straightforward.

I would advise taking some of the training so that you can use the product to the fullest potential. It is a huge and flexible product, and you can take advantage of a lot of stuff if you know how to do it. If you don't know, you're never going to take advantage of it.

I would rate BigFix a ten out of ten.