BigFix Reviews

The primary use case of this solution is for patch management, software distribution, inventory, and power management.

BigFix has helped us to compress our patch cycles. We typically do one release a month. Where we really benefited from this solution is that we now have one to two people whereas previously we would need thirty to forty people taking care of it. That's where we benefited from BigFix the most. We've never had central patching before, so BigFix has improved things quite a bit.

It has helped to reduce software spend. We do have the inventory component, but it's not fully implemented yet. We know that the software does take out certain data and so now we have better data.

We are able to go from patching thousands of machines by twenty to thirty people to one person. 

I would like better support on the backend.

It's stable. We occasionally run into hic-ups here and there. We've been working with BigFix for eight-plus years and occasionally things happen. 

We're in the tens of thousands and we're under twenty thousand endpoints. It's been pretty easy to maintain.

Their technical support can be helpful. We send a PMR and they are pretty helpful. I would give them, on a scale from one to five, with five being the best, around a four.

The initial setup was straightforward on the BigFix side. We had some internal stuff that caused some issues but otherwise it's pretty straightforward. 

We implemented in-house. 

We were looking for something that could run Mac and Windows. At the time SCCM didn't do anything with the backend side. We tried to set SCCM up but it seems to be more complicated than it needs to be. BigFix has one central database and is easier. 

I would rate it an 8.5 out of ten. BigFix has a great community, there's a lot of people that believe in it, it's whatever they advertise, and they listen to customers' feedback. We are heavily on-prem and with BigFix we have that option of staying on-prem. 

Our primary use of this solution is for the server side patching and compliance remediation. We use it for all of Windows server patching, remediation, vulnerability scanning, and inventory management of IBM licensing.

We're able to single console manage all departmental Windows, Linux, AIX servers, and from a single console, we can grant access via role base depending on department status and access. It's just easy to get a big picture on a single screen.

It reduces network traffic when it comes to downloading patches. It's a single patch repository on the root server, all patches start on the root server, and then they are disseminated via relevance as required, up above a chain and a single connection via the relays up until it gets to the bottom of the last relay and then it disburses to the client. Storage and network wise, it makes the smallest download possible down to the last band and then disseminates from there, so you can take your relays as far down as possible to make a small download chain size wise. 

We use it to compare current and past patch cycles. We do monthly compliance verification and we use external vulnerability scanning, and we compare that to the BigFix compliance results and make a mesh of the two for our monthly reports for executives. We do that on a monthly basis.

It has helped us to compress our patch cycles. It's been condensed 100 percent. Our patch cycle is now under 10 days for everything that we patch, and we get no complaints from our compliance people about that. They've given us requests and we recondense it. Depending on how much urgency we put on it we can take it down as much as possible.

Finally, it has helped to reduce help desk calls. We actually know if there's an issue before the help desk finds out. We'll report a server down sometimes before the server owner knows, and we'll let them know that there may be an issue and then we can actually roll back a patch via BigFix before the server owner knows that there's an issue. Altogether, help desk calls have been reduced by around 50%.  

Some of the most valuable features are its: 

• Ease of use
• The fact that it's a single port access across the board. There's only one firewall to be required.
• The user community is great, very helpful. 
• There's not a lot of overhead to the client. There's a bit of set up to do but it's pretty simple once it gets running to maintain it. It basically maintains itself. As such for as big of a system, it only requires a little manpower. There's only a couple of people that have to manage it.

My impressions of peer to peer file transfer in relation to BigFix, is that it's a relay structure that goes up and down the chain, as servers check in they check into their relays, the relays pass up and down the chain. It has tight security. They say it heals itself. It doesn't put a load on the system and doesn't give our guys any headaches or anything. It just seems to work pretty well and it's easy to maintain.

I'd like to see:

• More visibility
• Better reporting
• I'd like for it to be more futuristic, for it to be less plain Windows looking with a little more pizazz. 
• Better integration, with the different applications within BigFix. Instead of sometimes feeling like four or five different applications, they need to be integrated a little better within themselves. 
• Better folder structure internally.

I've been admining the system for two and a half years now and other than server side issues we have never had stability problems. My core system is four servers and they're not maxed out. We've never had any performance issues.

Scalability is amazing. We have over 10,000 systems and could easily add to that without a performance hit. We'd have to increase our relay structure to keep it manageable but I don't think we'd have any problems.

Between the user groups, the community, the AVP support, the direct access via technical route and the PMR support, half the time I don't even need to do a formal PMR because the solutions from the community resolve whatever issues we're having. It's the best community and support based system I've ever used.

We implemented in-house. 

The main reason why we chose BigFix is because at the time we were looking for a single solution for multiple OS, and SCCM at the time couldn't handle a Windows, Linux, and AIX coverage as BigFix does. I haven't directly managed SCCM myself, but I do feel that BigFix is a much simpler set up, simpler configuration. It's better accepted by our marketing solutions, to get into some of the restricted VLANs, we have a much easier time connecting to restricted LANs than they do. BigFix has better reporting, they're just better integration. The one part where I think SCCM is better is in the remote control. The BigFix solution remote control is a little dated. 

I would rate it an eight out of ten. An eight because of the stability and the ease of use. Not a ten because I'm looking for more modernization, but I do have to give the BigFix community credit because they seem to listen to us.

I would advise someone considering this solution to talk to the community. Talk to the BigFix users, ask their honest opinion on what they think is good and bad about it. 

We use BigFix to manage Windows and Mac OS. We also use it for deploying patches and software across the company.

BigFix helped us to identify the compliance of devices and has also improved the way that we manage our software inventory for reporting to vendors.

It has helped to reduce network traffic when it comes to downloading patches. It helps a lot because we have the ability to customize the uses of the bandwidth in our company, and it helps us to reach every region no matter the size of the link that we have in the network. We use patch management for deploying Microsoft patches and compliance to deploy security policy across the environment.

Finally, it has helped to compress the patch cycles. It has helped us to reduce the time that we need to use for patch management by at least 50 percent.

The scalability and the ability to manage different operating systems are the two most valuable features. 

I would like to see improvements in the web UI program and also a BigFix console for Mac OS.

Scalability is really great because we have the ability to scale the solution no matter how many endpoints we have. The last updates came with a lot of improvements regarding the scalability.

Their technical support needs some improvement. We have had some cases where we didn't get enough support from the support team but I think it's improving now.

We switched to BigFix because of the scalability and because it can be used across multiple platforms.

The implementation is really straightforward and it's easy to implement with the environment.

SCCM is a complex solution that needs a lot of licenses which means a lot of money. It only supports Windows and BigFix can be deployed across Linux and Microsoft operating systems.

I would rate BigFix a nine out of ten. Not a ten because there are some improvements that can be done to the product and the support that we get from the vendor needs improvement.
BigFix can do almost anything. You should know how to use it based on your specific requirements, but it can do almost anything.

I'm a long time user for endpoint management and now I do consulting so I design solutions for end customers.

It has improved my organization because we can automate a lot of tasks. We went from manually patching machines or doing our best and having very little visibility into it to us being able to "set it and forget it" and getting really good results on first-pass patching.

In addition, it has also helped us to reduce network traffic when it comes to downloading patches. It's very easy to throttle the network traffic, Instead of us taking down the network, downloading hundreds of patches, we're able to set a throttle, and then also spread it out over a period of time, which helps a lot.

It has helped to compress our patch cycles. In some cases, a hundred percent because in some areas, patching wasn't happening. We went from not patching to just automating it.

Finally, help desk calls have been reduced. We were able to look at help desk calls and find out which ones were most common and start automating that with BigFix. For some various organization, a quarter to half of our help desk calls were knocked out.

It's incredibly powerful and it's very extensible. Meaning, it's very easy for us to customize the platform to solve a number of different tasks for us.
We enjoy using peer-to-peer file transfers as a peering system for files. It provides built-in redundancy and we can control it all from the console, which is nice.

I would eventually like to see a SaaS offering, a cloud-hosted BigFix instance where we only have to put a relay in our environment. 

Stability is incredible. A lot of times people will let it run forever without touching it because it just keeps going. Once you stand up the solution, there's very little that you have to do. Just the occasional update and that's it.

Scalability is awesome. For one, it supports around a quarter of a million endpoints, which is a lot. It's also very easy to stand up relays anywhere in the world. It's incredibly scalable.

Technical support is pretty good. I have never had any issues with support. Primarily, though, I go to the BigFix community which has been super helpful.

We initially switched because we had different solutions for all different platforms. We had one for MAC OS, we had one for Windows, and we weren't really using them that much so we were able to use it to manage all of them with a single tool instead of a bunch of different ones.

The initial setup is very easy. 

BigFix is way better than SCCM. SCCM doesn't do MAC OS or Linux. It takes a lot of time to manage, it's a lot of work, there are all kinds of ports that you need to open, and it's just a pain to manage.

I would rate BigFix a nine out of ten because I really enjoy the tool but there's always room for improvement and there's always something to add. I've been really happy. There's a close-knit community. It's super easy to get help. They're always adding new features. I'm very happy with it.

I would advise someone considering this solution to try it out. Set up a demo, give it a shot, turn on some auto-patching, and then just watch as your organization self-heals.

We help our customers and ourselves do vulnerability and compliance implementations, licensing compliance, and patch management solutions.

I've worked with the product a very long time, almost eight and a half years now, and for my own company, we're able to make sure that our endpoints are secure, regardless of the location on or off network. Also, for a lot of our customers, a big benefit is being able to give with accuracy, the reporting of compliancies based on NIST or STIGs, compliance reporting tools and being able to know that what they're doing.

It has also helped to reduce network traffic when it comes to downloading patches. By only having to download the patch once to the central location and then utilizing the relay structure to then download the patch to a specific site and then everything gathering at local, it greatly reduces the bandwidth of multiple endpoints.

We use it to compare current and old patches. I don't necessarily want to deploy a roll-up patch, but we have to because that's how the vendors are producing them. By being able to evaluate whether the new patching is as successful as the old way, we're able to compare the different content of the patches and not just that the patch has been delivered, but that the vulnerability that the patch is supposed to fix no longer exists.

Before we started using this solution, patching was done per endpoint. What we're able to do now is, we can test the patches, deploy them, with certainty that they're not breaking anything else, and then large scale deploy the amount. I've seen customers reduce their patch cycle times from a 60-day turnaround window to a 15-day turnaround window.

Finally, it has helped reduce software spend. By having to look at the licensed tools and what's being utilized and not utilized, we're able to make informed decisions about software license levels. This product falls a little short as far as the licensing compliance capabilities. I would like to see some development surrounding that so that I could input ELA agreements, regardless of vendor, and be able to pull those compliance-based reports.

The ease of use is the most valuable feature. Underlying that is the truth that the information that's being derived from the endpoints is accurate. There's no gray matter, and we don't have to interpret the results.

I would like to see file consistency and sizing, and I would like to see more robust reporting in the power management features. Energy use and consumption has become a cry within IT development. It's an underserved piece of the product that has implications that could allow security and green IT and sustainability to be married better.

The stability is paramount. It has definitely reduced the need for multiple products down at the endpoint, it's reduced the number of agents needed at the endpoint, and overall because the product was created so many years ago when networks were not nearly as robust as they are now, the improvement of the product over time along with the improvement of the stability of large networks, has coincided. It is as stable today as when you could only transfer 15 bits across the line.

We're a partner, so we deliver technical support to customers. When we need to talk to the product support, traditionally, with the product over the last five years, I would not say support has been supportive. I hope that changes.

Our initial setup was very complex because we not only have it set up for our internal use, but we also have a managed service platform in which we service multiple clients. We have a cloud-based solution with it as well. We're called in for a lot of the crazy deployments that are out there in the customer world where they have massive amounts of endpoints and really complex network systems.

If you utilize the tool to the maximum capacity available to you, your ROI is significantly five to seven-fold over cost.

SCCM was a product that was originally designed to deploy Microsoft Office and to patch some of the underlying structures of the Microsoft operating system. It was never designed to be a large-scale security compliance or endpoint management tool. So when you look at it from those foundations, it doesn't compare. SCCM is a free product that's offered as part of an ELA agreement that can do those functions and features, but it's not designed to do it.

I would rate BigFix a nine out of ten. It is a world leader in the patch management, vulnerability management, and security compliance space. Not a ten because the product still has room for growth and maturity to be a full-scale platform for agnostic management.

I would advise someone considering this solution to start with the simplest thing that you need to be fixed, whether that's patch management or that's software-inventory, and learn how the product works. If you can conceptually understand that it's an agnostic platform, then what I would do for patching is the same thing that I would do for inventory, which is the same thing that I would do for compliance management. Then converting over those features until into a holistic environment is easy. If you're trying to eat the elephant all at once, it gets very overwhelming very quickly.

Our primary use for BigFix is in the industrial environment, we put BigFix into industrial facilities.

It allows for visibility into the OT, the industrial environments, that didn't exist before which is a big piece and has benefited my organization. Second, the speed at which people can patch is night and day versus SCCM or another similar solution.

When it comes to downloading patches it has helped our network tracking. Our networks are very low bandwidth and very sensitive. For instance, we're running a power plant and that power plant has to be up 99.99% of the time. That network that it's running on was built 35 or 40 years ago, without all the modern technologies, so we can't do it without BigFix.

Many of our clients have compliance requirements that they have to patch within a certain window and so we have to be able to give them data of when the cycle happened and if they complete the patches.

It has also helped to compress our client's patch cycles. For our clients, what was normally a full 30 days of work is now down to a couple of days to get the data in and actually get out and patch the thing. We tuned the BigFix console to enable that a little bit easier so it's a 75 to 80% reduction.

The ability for the agent to be customized, to both, run the fix list and the relevant language, but also to be able to be designed so that it only allows for outbound ports rather than inbound is the most valuable feature. We work in a lot of environments where there are segmented networks and we have to have an agent and a communication where we don't have any inbound ports into that environment. Having that agent be really small, and the ability to not have to have any open inbound ports into that environment is wonderful.

I would like to see different types of reporting and the ability to integrate closer with the cloud. 

It's very stable.

Their technical support is very good. The BigFix community is the best part. The support is nice, but the fact that we've got all those other practitioners out there, that's the best part.

Our clients have definitely seen ROI from using BigFix. 

I would rate it a nine out of ten. Not a ten because the reporting side of things could be improved and I'd like to see how they're going to fit it in with the cloud. 

I would advise someone considering BigFix to look at it and try it. It's really easy to say SCCM is free so you'll just use it but you don't know what you're missing until you actually give BigFix a shot and try it. It's dramatically easier. It significantly reduces the time and effort that it takes to do things and it's more certain. You know what you've got rather than getting in there and guessing each time.

Our primary use case of this solution is to develop custom content to deliver to restaurants.

It has improved reliability upon delivery of software and has also helped reduce software expenses. The extensibility of BigFix helps to create custom solutions where we may have considered purchasing something instead. 

We use it for PCI compliance and checking to see if endpoints are in a state where they need to be patched or not up to a certain level so it has helped us avoid compliance fees. 

Being able to report directly on aspects of the system is the most valuable feature for us. Meaning, instead of reporting on just an error code or something, you can inspect actual files, properties, registry keys, etc.

I would like to see much better web reporting because as it is now, it's convoluted, basic, it's not modern, and there are limitations to it.

The stability is excellent. I haven't had issues with BigFix crashing unexpectedly or anything like that.

The scalability seems solid. We're a smaller customer. We have about 16,000 endpoints, whereas other companies have hundreds of thousands.

Technical support is excellent, as far as the forum support. As far as new product needs, it's mixed. Sometimes if you are asked to submit an official request they go into a black hole.

We implemented in-house. 

I would rate it a seven out of ten. You can see all of the code of the custom content that is created for you. That's huge. With a lot of proprietary solutions, it's a black box where you can't see what they're doing and when it messes up you're on your own. With BigFix that was huge because if something goes wrong then you can create your own copy and start troubleshooting it.

I would advise someone considering this solution to have a developer on staff to fully leverage the features of it.

Our primary use of this solution is for patching all of our systems and maintaining their security compliance.

It enables us to patch our systems quickly and within expectations and to increase our volume as needed. It has also helped us compress our patch sites. We used to do it monthly but now we do it weekly.

Compared to SCCM, I always feel like I'm fighting the tool. I do not feel that way with BigFix.

The ability to build custom content and scale to additional endpoints without increasing staff time is the most valuable feature. 

I'd definitely like to see additional feature parody in the web UI versus the console. There are certain things that you can only do in the console and they're very cumbersome to do, like secure parameters, for example. That's definitely something that has a wide degree of utility but it needs to be easier to surface. At this particular juncture between the transition, between the Legacy console and the web UI, it's hard to justify dealing with the cumbersome aspects of the Legacy console when theoretically everything's been through the web UI.

Stability is very good. We have no issues with it.

Technical support has always been useful and they have always ultimately provided a solution.

The initial set up was very simple, single server. We've since grown to a server plus an array of relays and we even use relays to get into some difficult to reach network areas. It's been pretty useful.

We implemented in-house. 

I would rate it an eight out of ten and I'd advise someone considering this solution to start with one relay. Remember that it is a root shell robot. If you can do it on the shell you can do it with BigFix.