BigFix Reviews

Our primary use case of this solution is for automated server patching. It integrates with our change management tool. It replaced SCCM for Windows. 

Servers are patched more consistently than they have been previously.

Some of the most valuable features are the development of the patches, the fixlets, and not having to bundle things ourselves. 

I would like to see integration of user security between the different products to be improved. There's separate security for compliance, separate security for web reports, and the console, and you have to manage those things separately. 

It's very stable.

It's very scalable. It handles it effortlessly for our needs. 

The first level two support was a little spotty a year ago. It's improved. I get a B, B plus from them. The knowledge of the first line of support seemed to be limited. 

Once you've done the setup once, it's not that complex. Initially, it can be a little bit complex to get your head around, but now that I've done it a couple of times, I don't deem it to be overly complex.

We used IBM Professional Services and it was a good experience. 

I would rate BigFix an eight out of ten. It's powerful, has low administrative overhead, it's reliable, and not too expensive. Not a ten because there's always room for improvement. 

I use BigFix to help collect information on endpoints to assist my team in troubleshooting break/fix tickets. I also use it to proactively create solutions for problems that come up and to help with patching of individual applications as well as for checking for compliance on an operating system level.

Being able to intelligently create reports, gather data, export CSVs and give that to the leadership of some of the client groups that my team supports has been a benefit to my organization. 

There are instances where we have been able to utilize BigFix to reduce help desk calls by automating certain things. Along with the concept of savings calls for the help desk it's saving individual help desk tickets that get navigated to our group by automating things which save us man-hours.

The most valuable feature is the ability to create my own properties and analyses to collect information so that folks who might only have access to web reports, but not the console, can gather information and I can create reports to give to the leadership of my client groups.

The stability is generally pretty good. The one thing that we came across is the battle between load on endpoints and load on our servers and relays versus how quickly, effectively and reliably actions can be taken. I'd like to not have to take an action on a system while I'm working with someone and then have to say whether something will happen between five seconds or thirty minutes from that point. 

I haven't messed with SCCM too much. There's a lot of things that are desirable in SCCM regarding scalability. There are lots of workflows that exist that SCCM is pretty universally used and can make things happen instantly. It can also help with a lot of the zero configuration, zero-touch computerization things but we get to get a little more specific with BigFix. We can employ a lot of things from all kinds of different sources to help tailor our solutions and we have better functionality with Mac and Lenox.

My experience is that you can get really deep and detailed with this solution and the sky is the limit in terms of how complicated you can get if you're willing to dig in and spend the time to learn how BigFix works and invent some of your own processes.

We use BigFix as our primary automation platform. We use it to tie in disparate tasks and services that we need to apply to our servers. We use it for patching, reporting, and compliance.

We are able to use BigFix through API connections to automate and reduce resources and time. The product's been great for us. It's increased the security posture ten-fold and it's increased our visibility across our endpoints enormously.

It has helped us to reduce network traffic when it comes to downloading patches. We don't have a million machines reach out in the middle of the night to get devices. We have BigFix on our cruise lines in which satellite connectivity is limited. We had to pay per byte that goes across the wire. 

We use BigFix to compare our past and present patch cycles. We use it to report on the success of patching and what patches are available. It lets us do postmortems to find out when a patch was first available, first supplied, and if it had any issues.

Using BigFix and the automation we built we've been able to reduce patch time from three hours and 37 minutes on average to less than twenty minutes per server. 

Through using our automation we've seen a reduction in failures, critical patch failures, probably by about three or four percent.

The most valuable feature would be its flexibility. It's one product that works across multiple OSs. We have one agent that will sit on six to seven different OSs in our environment. I can use one console to push a patch to six or seven different OSs in one view. I don't have to jump from screen to screen or remote log-in.

I don't like the peer to peer file transfers feature. Security wise, it's a bad format and it's not useful. 

I would like to see API connectivity, built-in API connectors to the standard toolsets, whether it's for ServiceNow or Qualys. More API connectivity to make it easier to integrate to other tools.

It's very stable. We haven't had any major issues from it. Most times, we have false positives. Our people tell us that BigFix is doing something and we go back and look and it doesn't.

It's been scalable for us. We've taken it from physical to virtual, from virtual to cloud, from on-prem to off-prem seamlessly.

Their technical support is above average. Sometimes, because there are different modules, we'd get bounced to different help desks. It's frustrating that we don't have a one-stop shop. Overall, when we do get the right person, it's quick and easy. 

We rebuilt it three years ago from the ground up and the setup wasn't complex.

We've seen ROI time-wise. We reduced compliance reporting from about 100 hours per server to less than six. We reduced patch time from three hours and a half to less than twenty, and we've reduced the patch man-hours from about five to six people per eight-hour shift. 

We also considered Red Hat and Microsoft. We chose BigFix because we saw more fidelity in reporting, more fidelity in accuracy, and more fidelity in security. 

It's a night and day difference between BigFix and SCCM. Anyone who's used SCCM before knows that BigFix provides a far better product in scalability, reporting, and the accuracy of patching.

I would rate it a ten out of ten. It's worked for what we wanted. It's provided one screen to look across different OSs. It's also provided speed and flexibility. We're able to integrate it to all of our tools, do things to other servers and automate things that aren't done on one platform.

My advice to someone considering this solution would be to find a tool that can span as many OSs as possible. If you're using three different patching tools to approach three different OSs, you're probably lost. 

Our primary use case is for the automation of patch compliance.

BigFix has drastically reduced the maintenance window period to patch and reboot servers.

It has helped to reduce network traffic when it comes to downloading patches. There's a single download to the primary BigFix server which is then replicated and cached on the Relays for all data center connected servers.

Due to the automation, we've been able to prevent a lot of human errors with BigFix so it's reduced our help desk calls by 50%.

Finally, it has helped us to compress patch cycles by around 75%.

The power is in the Platform!

I would like to see a WebUI SDK so we could take what is provided currently and be able to build our own customized web UI for particular customers that want to sell service.

It's extremely stable. 

It's very scalable. 

Their technical support is excellent. 

We've used BigFix in the past with other companies so we knew BigFix was a superior tool. Ten years prior, the current tool we were using had a lot of overhead, was time-consuming, used a lot of resources, and time spent on it. We knew there were better tools out there. 

It's far superior and there's no comparison to SCCM. It is so easy to navigate in the console. Everything's in a single view within a fixlet or a task. You can tell what actions are taking place versus having to go through separate menus in your console to figure it out. Just that alone and knowing instantly what your environment looks like based off of content makes BigFix superior. 

The initial setup was very straightforward. It's simple infrastructure to set up in comparison to other tools, like BladeLogic or SCCM, very simple infrastructure to set up.

We implemented ourselves. 

I would rate it a ten out of ten. It hasn't changed much since it's inception, so it's a superior product and it's just going to get better with the expansion of the API endpoint security and WebUI.

If you're considering BigFix, you should look deeper than just what's on the retail box of patch and compliance and software distribution. Look at the platform, what it can do on the back, and the relevance language, and the reporting capabilities. There's a lot more to this that you can use in your DevOps org to accomplish automation tasks.

Our primary use case of this solution is for endpoint management. 

Prior to BigFix we used Altiris, which was distributed. We had to manage multiple servers, and duplicate the tasks that we did on each server. BigFix tremendously reduced the amount of work that we had to do on each server in a centralized manner. We could minimize the work that we had to do, and we had a lot more control over the tasks and what machines they ran on.

It has helped to reduce help desk calls by 60-70%. Using the self-service portal allows our users a lot of access to fix their own problems as far as errors, as well as policies that auto-resolve issues as they come up without the user even knowing.

Finally, it has helped us to avoid compliance fines in the tens of thousands of dollars, if not more. We've used it for software audits numerous times and saved significant amounts of money with being able to clearly identify what machines have what software, then verify that we're licensed for the software that we have.

Power to query anything on the machine servers and problem resolution is where we find a lot of value in being able to turn around and find a fix, and identify machines that are having an issue, and being able to resolve that.

I believe that the peer to peer file transfers feature will speed up the time to get files to individual machines. I haven't used it myself, but I think that as far as clients go, instead of having to use one server for that, being able to get that data from their clients will be a lot faster and more efficient.

I would like to see for it to be a little easier for new users to be able to learn and create relevant statements. In my opinion, that's the hardest part for bringing on new people that haven't had BigFix experience. Being able to have easier ways to build relevance in ActionScript would be the biggest improvement I'd like to see.

It's very stable. There's minimal maintenance on the server infrastructure itself.

It's very scalable. We've had mergers that have come in and put a relay out there, and immediately get the information back for their clients. It's very scalable, we don't have to worry about putting too much burden on our other servers.

Their technical support is very good. 

We switched to BigFix mainly because of scalability and for centralizing the work that we did, rather than being distributed. From what I know of SCCM, and the little that I've used it, the granularity that relevance an ActionScript allows you over the endpoint, and the information coming back from the endpoint is fairly significant compared to the work that you would have to do to script all that out in SCCM to get that information back.

I would rate it an eight out of ten. Not a ten because of the training aspect of getting new users up and going on the technology. That would be the only downfall because it does take quite a bit of time to train new users. As far as the power, it's by far the best.

If you're considering BigFix look at the power that it allows you to have visibility into your system. If you don't have visibility into your systems, it takes a lot longer to get something resolved. Whereas if you can instantly get that information back from your client that's having a problem, being able to know that that issue needs to get fixed on that client's machine and being able to fix it instantly, could save you hundreds of hours.

Our primary use of this solution is for compliance management, patching, and security configuration management.

It allows us to quickly deploy capabilities that we need, whether it be security or non-security. We use it to keep systems up to date, deploy new drivers, and find the information we need in the case of security incidents. The capability allows us to gather a lot of information very quickly and it also allows us to have a centralized reporting feature and a centralized deployment capability, which is nice.

It has helped to reduce network traffic when it comes to downloading patches with the relay structure. Talking from the corporate server down to the relays and then to the endpoints, it has helped from that perspective. It still causes impacts, not because of the capability itself but because of the content that's being provided by Microsoft and other vendors is just so large that it starts having impacts whether you want it to or not, no matter what kind of infrastructure you put in place.

The flexibility of the capability of being able to use the out-of-the-box content that we get from the vendor as well as develop our own capabilities on top of the core capability is the most valuable feature. 

The scalability of the web UI product doesn't scale to the size that we need for our implementation so it needs to expand. I would also like to see the capability to develop on the back of the web UI capability. There are lots of web features and integrations that we could do with web UI that it would be nice to be able to put on top of what's already there, rather than waiting for IBM to develop what we need.

The core capability is very strong and hasn't changed a lot. Sometimes it is harder than others to get to some of the newer features, mostly just because we have a very large install base, and so having the time to roll out new capabilities is hard. Overall the stability and the upper trend of the capability is very good.

Scalability is good. 

Overall, technical support is very good. Sometimes you have to figure out a different way to get to what you want and you have to escalate through multiple layers to get to the right solution. We've been using the tool for long enough that we don't need the easy help, we need the hard help. Sometimes that's really hard to get to and then the turnaround cycle between when we report an issue and when we hear back and being able to get data to the right people at the right time, we end up having to re-open tickets over and over again because we don't have the data that they need. Sometimes they ask for something and we have to go ask somebody else for it and get it back to them and by then the SLA has run out, so that's not good.

We implemented internally. We've worked with IBM professional services for new capability and assistance with improving our overall capability but we didn't use them directly to implement. We've been using the tool for a really long time.

It's better than SCCM, it's more flexible. 

I would rate it a seven or eight out of ten. The pain points that we have are particular to us just because of the size of our implementation, the number of endpoints, etc. Overall, I think it's a great product and a product that most people would really get a lot of benefit out of. The things that we struggle with are things that are particular to our organization.

If you're considering this solution, get involved with the user community early, make relationships with the development organizations, learn how you can advocate for yourself. User group kind of things are the best way to learn. Learning from other people who have been using the tool for a long time is probably the easiest way to see the most effective implementation and best use of your resources using the tool.

Our primary use of this solution is for endpoint patching and to deply operating system level patches to seventy-five thousand plus Mac and Windows endpoints.

Before we had BigFix, we had problems with some malware. BigFix allows us to immediately patch all instances of endpoints that are vulnerable to antivirus and initiate scans. That's key.

It helps us to compress our patch cycles. With our patches, I can make sure 80% of the community has got their endpoint patching up to current standards, which is a current patch cycle within a week and a half.

Finally, it has helped us to avoid compliance issues, potentially by millions. We use it for device compliance. It's key that endpoints with a certain type of data, if they were to get lost and not encrypted, would need to be reported and those would need to be reported to a federal agency. This can mean associated fines in the hundreds of thousands if not millions. We have lost endpoints with data on there, but because we can confirm with BigFix that they were verifiably encrypted, we are protected and don't have to make those sorts of reports. It has saved us maybe millions in funds.

One of the most valuable features is the ability to be able to check relevance. You can see what's applicable for what patches and deploy only the required patches to those individual endpoints.

The peer to peer file transfers feature is scary to me. I'm a security engineer, so thinking about sending updates or any sort of infrastructure level software communications coming from an endpoint that I didn't build or maybe don't trust is a bit scary.

I want to see a solution for being able to deploy automated software to a Mac running OS X 10.13, something that's going to deal with kernel exceptions and answering prompts for user permissions for data folders and whatnot. They need to really streamline and automate the Mac software deployment.

Stability is totally safe. We've been using it for years and years and it hasn't done us wrong.

Scalability is awesome. We've gone from twenty thousand machines to seventy thousand machines and there's plenty of room for lots more.

Any time I've had to call or take it up with the support at BigFix, I've had nothing but the best support. The engineers get what it is we're trying to do. We've had an outstanding relationship with them, and some of them even know us on a first name basis. Very good support.

The initial setup was pretty straightforward, but that was 2006, 2007. A lot has changed. It would be a little bit more intense right now.

We also looked at Altiris but BigFix came in because of its unique capabilities. It was Mac and PC compliant and worked with our endpoints. At the time, the price was right for us. There was local support and we had a very personal relationship with BigFix.

SCCM will do most of the Mac stuff I want but doesn't give you the highly targeted capabilities I have in deploying anything I want to endpoints in any configuration that I choose.

I would rate BigFix a ten out of ten. It has saved me so much time in patching alone. The capabilities it gives me for very granular targeting of endpoints based on whatever criteria that I can come up with is great. It is very simply a tool that can do just about anything. There is always room for improvement. I want to see better capability in Mac software deployments. Apple changed some of their policies, so I'd like to see BigFix get up to speed with that. 

I would advise someone considering this solution to jump heavily into the community features. The BigFix forums are fantastic, we have an amazing user community that has been so helpful for me and it's a great learning resource for folks who are new to BigFix. It's a great community for people who are more experienced, people share that and help each other out. The community is fantastic.

Our primary use case of this solution is for security patching and application patching.

From a security standpoint, it allows us to make sure that we're not leaving ourselves vulnerable to exploits and things like that. That's the biggest advantage that we see to the product from a security standpoint. 

We use it to compare current and past patch cycles. We usually roll the baselines into every patch cycle. We do some recording on previous patch cycles and stuff like that, and how effective each baseline is.

It has helped to compress our patch cycles from a long time ago. We were patching individually each day, then we were able to compress them all into a month.

I'm not sure by what percentage but it has helped to reduce help desk calls, in terms of security vulnerabilities, but it has reduced the amount of vulnerabilities and the security notifications we get. Also, self-service lets us install notifications, not like sending a front line support personnel.

Some of the most valuable features would be: 

• The custom content 
• Baselines
• Inventory
• Application usage

I would like to see: 

• More custom content
• Better content for Mac 
• Automated patching. They have this but I'm looking for improvements.
• Automated baselines for patching.

Stability is good. It works well. When it works, it works great. It's pretty quick to respond.

Scalability is good. From my other experience using the relays and things like that, it scales pretty widely. We have a pretty good amount of endpoints and it works well for us.

Technical support is good. We have a close relationship with people who work in the company. We are fortunate where we get direct communication with them, so it's good.

We weren't previously using a solution, so we knew we had to invest in one. We brought in a bunch of different solutions and BigFix was the one that won out. 

The initial setup was was complex because it was new. The help that they gave us and the documents that they gave us were really straightforward. The first time I set it up there was a learning curve, but the second time it was real easy.

We also looked at Microsoft SCCM. We chose BigFix because it's more inclusive, it's centered towards Microsoft and Windows. There's a lot more content and things like that so, it's much more in-depth and widespread than SCCM.

I would rate BigFix an eight or nine. We've been using it for a really long time and we're happy customers. 

I would advise someone considering BigFix to split it up and compare it to what you're looking at. You'll see that it can do more than other competitors.