BigFix Reviews

Patch management: We've gone from hideous to amazing.

The most valuable feature is the extensibility of the tool. We're able to implement solutions through available APIs and custom solutions. We're able to provide services quickly. We're able to provide services completely.

A lot of my suggestions have already been submitted through RFEs; some of them involve inspector enhancements in the end point. We've got enhancement requests on the BigFix Inventory side. I know that it's not quite as mature a product as BigFix is.

I think the current tool is fairly robust. We have ways of breaking it, though.

We're pushing the limits of the tool. We've got over 250,000 devices in our environment; probably one of the larger customers. There are a few that are larger. But we're also doing a lot with the tool that I think other customers aren't. We're doing software distribution as well as patch management. We're also doing inventory and software usage analysis. I don't know of too many other customers that are doing that.

Technical support depends on who you get. I deal with some amazing support folks, and then I've dealt with some less-than-amazing support folks.

Our previous tool was the predecessor to BigFix, Tivoli Configuration Manager. We were entitled to migrate from TCM to BigFix, so it was kind of a no-brainer.

I was involved in the initial setup. It was very straightforward. The implementation was pretty easy.

BigFix was on our short list before they were IBM. We decided against them because they were a small company, even though their solution was better than some of their competitors. Management knew it was too much of a risk to go with BigFix. When they finally became IBM, again, it was a no-brainer because they were on the top of our list of vendors satisfying the feature requirements and now they had the backing of IBM, so it made sense.

We looked at Alteryx. We looked at Microsoft SCCM. SCCM was a big competitor.

I don’t have that many criteria when selecting a vendor.

The advice that I would give depends on the problem that you are trying to solve. I spoke with a number of people at an IBM conference (users looking for a high-end endpoint security software who were potentially going to install BigFix), and they had nothing but good things to say about the tool and the people supporting it.

It's a well-developed tool, supported by people who are passionate about it.

I support multiple customers who use BixFix for many uses including for security compliance, server automation, remote control, software distribution, patching, etc. 

One of the biggest benefits BigFix has had for our organization is the ease and efficiency to perform many different tasks, across pillars and platforms, all from one pane of glass.

It has immensely reduced network traffic when it comes to downloading patches. Across the board, I've had a number of customers who've had platform tools that I'm able to combine into one tool.

We've set up and started using BigFix to patch and have had much higher patch saturation rates than in the past. We do historical tracking with BigFix, and we can see that the success rate's gone way up.

It has also helped to reduce help desk calls because of the success rate that we have with the patching. As the success rate goes up, we get fewer calls. 

The power is all in the platform. It's great to be able to patch. It's great to have a bunch of stuff for security compliance, etc but the power truly is in the platform or the tool.

I would like to see SDK for Web UI included in the next release. 

Overall it's a very stable solution.

I've worked with customers that have a couple thousand endpoints to a couple hundred thousand endpoints. I've also looked at other competing technologies out there, and it is definitely one of the leading tools on the marketplace in terms of the scalability performance.

The initial setup is very straight forward. Depending on the customer, it can be complex as far as doing the necessary planning. Some customers can miss the point of doing a lot of that planning up front. If done right, it's not complex at all. You get really fast ROI from the tool.

My customers definitely do see ROI from using BigFix but it varies from customer to customer. 

BigFix has faster ROI than SCCM. It's more scalable, requires a lot less hardware, has faster reporting, quicker data to get out of it; it's better.

I would rate it a nine out of ten. Not a ten because there's always room for improvement. I've been working with tools like BigFix for quite a while and it's one of the best tools on the market.

Software distribution and patch management are the most valuable. Patch management is the native first usage of this product. Bulletin and Security Update are ready to use. Software deployment is fast and the product can be tuned for poor bandwidth network.

This product has massively reduced the wasted time for a technician to deploy or upgrade a security patch or a software version. With only one technician, you can deploy a large application in less 24 hours (Office, SAP, AutoCAD) in all your computers worldwide. We have used this product to upgrade Office 2000 to 2010 and now Office 365, for 80,000 users.

The console interface is not friendly, and requires training before using it in production. The levels of permissions are too complex to share the product with other teams. The technician must have all permissions to work easily. There is no web interface.

I have been using BigFix for three years.

We had problems with stability from the first use. There was network bandwidth outage when we deployed a huge application or a lot of security patches. This problem was solved by specific client settings and their management, and some changes to the architecture of the product.

Customer service and technical support people have a high level of knowledge. The forum and knowledge database are very interesting and up to date.

I previously used Symantec Altiris v6.5. We stopped using this product because the maintenance cost of the hardware infrastructure was too high. This solution requires high numbers of servers, as opposed to IBM BigFix.

The initial setup was straightforward. Installation was easy and a basic configuration is enough to start to work locally in the same network. But it is more complex when you need to deploy it worldwide.

Our implementation was done through a vendor partner team. My advice: choose a partner with real experience on this product. The settings and design of this product are not complex but require a great deal of experience to adapt it to your IT ecosystem.

I cannot reply about ROI.

I can estimate the reduced cost of servers maintenance to approximatively $500,000.

During deployment and design of this product you must involve the services that will use the product. You have to change the mindset (concept) of your team if you used another product in the past.

The most valuable features for us are scalability and reliability. Hands down.

My organization came from a product that was not nearly as reliable. It was causing failures across our infrastructure and across our enterprise. Switching to BixFix has alleviated that to a great degree.

The other part is it's now allowing our company to think ahead how we can incorporate other pieces of BigFix that other solutions don't have integrated natively. So we can get five or six product sets out of BigFix as opposed to just a single product set on a solution that didn't even work to begin with.

IBM dropped what's called BigFix Detect on us here at Interconnect this year. That blew our socks off because we had just completed signing a contract with a software that does almost the exact same thing called Carbon Black. So we came here and noticed that they're putting a Carbon Black type solution into BigFix. I will be curious about how that particular application develops over time and into the future. I'd like to see them continue to scale that out.

A major feature that I think they need to add to Detect is application whitelisting. That will be incredibly important. If they can get that I might be able to convince my company to start using that.

Stability is excellent. It doesn't crash, it can handle whatever we throw at it. It does a good job with that. Other solutions that we've had haven't panned out that way.

Scalability is excellent. There are people here who are using BigFix in much larger deployments than what we have. We're not small by any means but we're also not the largest out there. We know we can trust with confidence that we'll scale up well over time.

We haven't had to use the technical support at all.

We were using a different solution before this and we outgrew it. My company has gone through a period of hypergrowth and we went from handling just a few years ago 60 stores with maybe 500 endpoints in them, to 1600 stores now with tens of thousands of endpoints. So we knew we needed a new solution because the one we had just kept breaking, over and over.

I was not involved in the initial installation.

For myself as a manager who makes business decisions like selecting a vendor, there needs to be a level of trust and a level of partnership where I can go back to this vendor and actually get support and help if we need it, when we need it. Interconnect has been a great resource for that. So there's got to be that trust level there, absolutely.

I will never push a product I don't believe in. So I have to see that it works. I would argue the same is the case for anyone above me in our business or enterprise. We don't want to work with vendors whose products are half-baked. They have got to work.

So we ended up with IBM because we are partnered with GameStop and they were already using the product and saw that it worked. So we didn't formulate a shortlist off the bat. We said let's try GameStop's product and see how well that works for us, and then if it's not working we will go out and make a shortlist. So we didn't have to do that, fortunately.

The advice I would give is not to be turned off from the learning curve. There is a little bit of a learning curve to it. But that learning curve is there for a reason and the talent that goes into actually using BigFix properly takes a little while to tune, but that is what makes BigFix so powerful. That being said, as a result of that you're going to get reliability and scalability and a much faster response time than probably most products out there.

I primarily consult with other companies for their software asset management purposes. I use BigFix to help deploy the IBM license metric tool and BigFix inventory.

The older version of the tools that I use also included the connectivity aspect, and the fact that the tool now has it separate from the collection of usage data makes the deployment of these tools much easier.

The fact that it works with endpoints so well is the most valuable feature. A big part of the collection of IBM License Metric Tool data is from the endpoint so it really helps.

Even at a very large number of endpoints, it's very stable.

Their technical support is very good. The PMRs I have had to open with IBM are answered pretty well. I have nothing but praise for these people.

I self-taught for this online, so the initial setup was a little difficult to pick up at first. I had to create a couple of testing environments and destroy them in order to learn how to use it. There was a lot of trial and error, a lot of reading of the manuals. 

I would rate this solution a ten out of ten. I'd give it an eleven but it's off the scale. It does what it says it's supposed to do. Once you get over the learning curve, it is pretty easy to use. Plugging in the endpoints is pretty simple.

I would advise someone considering this solution to hands down use it. 

I use BigFix to help collect information on endpoints to assist my team in troubleshooting break/fix tickets. I also use it to proactively create solutions for problems that come up and to help with patching of individual applications as well as for checking for compliance on an operating system level.

Being able to intelligently create reports, gather data, export CSVs and give that to the leadership of some of the client groups that my team supports has been a benefit to my organization. 

There are instances where we have been able to utilize BigFix to reduce help desk calls by automating certain things. Along with the concept of savings calls for the help desk it's saving individual help desk tickets that get navigated to our group by automating things which save us man-hours.

The most valuable feature is the ability to create my own properties and analyses to collect information so that folks who might only have access to web reports, but not the console, can gather information and I can create reports to give to the leadership of my client groups.

The stability is generally pretty good. The one thing that we came across is the battle between load on endpoints and load on our servers and relays versus how quickly, effectively and reliably actions can be taken. I'd like to not have to take an action on a system while I'm working with someone and then have to say whether something will happen between five seconds or thirty minutes from that point. 

I haven't messed with SCCM too much. There's a lot of things that are desirable in SCCM regarding scalability. There are lots of workflows that exist that SCCM is pretty universally used and can make things happen instantly. It can also help with a lot of the zero configuration, zero-touch computerization things but we get to get a little more specific with BigFix. We can employ a lot of things from all kinds of different sources to help tailor our solutions and we have better functionality with Mac and Lenox.

My experience is that you can get really deep and detailed with this solution and the sky is the limit in terms of how complicated you can get if you're willing to dig in and spend the time to learn how BigFix works and invent some of your own processes.

Our primary use of this solution is for endpoint patching and to deply operating system level patches to seventy-five thousand plus Mac and Windows endpoints.

Before we had BigFix, we had problems with some malware. BigFix allows us to immediately patch all instances of endpoints that are vulnerable to antivirus and initiate scans. That's key.

It helps us to compress our patch cycles. With our patches, I can make sure 80% of the community has got their endpoint patching up to current standards, which is a current patch cycle within a week and a half.

Finally, it has helped us to avoid compliance issues, potentially by millions. We use it for device compliance. It's key that endpoints with a certain type of data, if they were to get lost and not encrypted, would need to be reported and those would need to be reported to a federal agency. This can mean associated fines in the hundreds of thousands if not millions. We have lost endpoints with data on there, but because we can confirm with BigFix that they were verifiably encrypted, we are protected and don't have to make those sorts of reports. It has saved us maybe millions in funds.

One of the most valuable features is the ability to be able to check relevance. You can see what's applicable for what patches and deploy only the required patches to those individual endpoints.

The peer to peer file transfers feature is scary to me. I'm a security engineer, so thinking about sending updates or any sort of infrastructure level software communications coming from an endpoint that I didn't build or maybe don't trust is a bit scary.

I want to see a solution for being able to deploy automated software to a Mac running OS X 10.13, something that's going to deal with kernel exceptions and answering prompts for user permissions for data folders and whatnot. They need to really streamline and automate the Mac software deployment.

Stability is totally safe. We've been using it for years and years and it hasn't done us wrong.

Scalability is awesome. We've gone from twenty thousand machines to seventy thousand machines and there's plenty of room for lots more.

Any time I've had to call or take it up with the support at BigFix, I've had nothing but the best support. The engineers get what it is we're trying to do. We've had an outstanding relationship with them, and some of them even know us on a first name basis. Very good support.

The initial setup was pretty straightforward, but that was 2006, 2007. A lot has changed. It would be a little bit more intense right now.

We also looked at Altiris but BigFix came in because of its unique capabilities. It was Mac and PC compliant and worked with our endpoints. At the time, the price was right for us. There was local support and we had a very personal relationship with BigFix.

SCCM will do most of the Mac stuff I want but doesn't give you the highly targeted capabilities I have in deploying anything I want to endpoints in any configuration that I choose.

I would rate BigFix a ten out of ten. It has saved me so much time in patching alone. The capabilities it gives me for very granular targeting of endpoints based on whatever criteria that I can come up with is great. It is very simply a tool that can do just about anything. There is always room for improvement. I want to see better capability in Mac software deployments. Apple changed some of their policies, so I'd like to see BigFix get up to speed with that. 

I would advise someone considering this solution to jump heavily into the community features. The BigFix forums are fantastic, we have an amazing user community that has been so helpful for me and it's a great learning resource for folks who are new to BigFix. It's a great community for people who are more experienced, people share that and help each other out. The community is fantastic.

The primary use case of this solution is for patch management, software distribution, inventory, and power management.

BigFix has helped us to compress our patch cycles. We typically do one release a month. Where we really benefited from this solution is that we now have one to two people whereas previously we would need thirty to forty people taking care of it. That's where we benefited from BigFix the most. We've never had central patching before, so BigFix has improved things quite a bit.

It has helped to reduce software spend. We do have the inventory component, but it's not fully implemented yet. We know that the software does take out certain data and so now we have better data.

We are able to go from patching thousands of machines by twenty to thirty people to one person. 

I would like better support on the backend.

It's stable. We occasionally run into hic-ups here and there. We've been working with BigFix for eight-plus years and occasionally things happen. 

We're in the tens of thousands and we're under twenty thousand endpoints. It's been pretty easy to maintain.

Their technical support can be helpful. We send a PMR and they are pretty helpful. I would give them, on a scale from one to five, with five being the best, around a four.

The initial setup was straightforward on the BigFix side. We had some internal stuff that caused some issues but otherwise it's pretty straightforward. 

We implemented in-house. 

We were looking for something that could run Mac and Windows. At the time SCCM didn't do anything with the backend side. We tried to set SCCM up but it seems to be more complicated than it needs to be. BigFix has one central database and is easier. 

I would rate it an 8.5 out of ten. BigFix has a great community, there's a lot of people that believe in it, it's whatever they advertise, and they listen to customers' feedback. We are heavily on-prem and with BigFix we have that option of staying on-prem.