BigFix Reviews

• A central engine for endpoint posture improvements
• Excellent compliance reporting with customizable dashboards
• Scalability and expandability support any heterogeneous environment.

BigFix has helped us in improving the overall endpoint posture and lifecycle management of the workstations as well as applications.

• Compliance reporting is the best.
• Patch management makes it easy for out-of-band and in-band patching.
• Inventory correlation with third-party tools.

• Complex design and administration
• Offline management
• Remote support on unsupported platforms
• A large infrastructure required to implement for a medium-sized organization
• Also, I would like to see if BigFix could be application aware for more in-depth compliance and reporting.

My primary use case for this solution is for department management. It helps us manage about 25,000 individual workers, who are all at work stations.

The product is less costly when compared to other solutions, and this is a good solid solution for what we have paid.

It is very flexible, and very user-friendly.

I would like to see a system to erase a virus and then create an analysis to find a virus. This would be a nice additional feature for the product.

In addition, sometimes there is a lag time for our users.

The technical support was pretty good. The response time was good.

I did not find anything difficult in the implementation process.

When selecting a vendor, I think it is important to consider whether the product is going to be a long-term product. And, we also need to provide the best solution for the department.

It is cheaper than other solutions on the market.

• Patch Management
• Software Distribution
• Security Compliance
• Software Compliance

Patch compliance has improved. Using software distribution, the software distributed in the environment has been standardized. With the same software versions across the environment, compatibility issues have come down with a reduction in helpdesk tickets arising out of different software versions. There is also a check on software assets by means of implementing the software inventory module and a great deal of software compliance has been achieved.

Patch Management for a variety of operating systems makes it valuable as we can rely on a single tool for obtaining patch compliance of the entire compute infrastructure. This also ensures that we do not need to have different skills for different OS patch requirements.

• Relay selection and availability needs improvement as an incorrect relay selected can cause network chokes.
• Client reporting to the console is a minor issue but definitely needs improvement.
• Reporting needs to be enhanced with maybe a simple GUI based report generator with drag and drop features to create a custom report. The current mechanism is a bit clunky by use of filters.  

It is very stable.

No scalability issues. We have customers ranging from 250 endpoints to over 100,000 endpoints.

Customer support is excellent, but involving customer support and crossing the initial hurdles of getting past the first level of support personnel sometimes takes a while. But once it lands with the right support people the support is excellent. Level 1 support from IBM definitely needs improvement. 

No other tools were used.

The setup is pretty straightforward provided you have planned well for the deployment. Know the environment well prior to deployment: The architecture needs to be drawn up prior to deployment. Plan the deployment of main server, database server, BigFix application(s), relays, console, and finally the deployment of clients.

We are a BigFix vendor. We rate ourselves as excellent subject matter experts. Given the exposure and experience of handling fairly large deployments on Bigfix, we have gathered vast knowledge in the Patch, Security & Software compliance space.

ROI is pretty quick if you consider Security & Software Compliance as your primary use cases as Patch Management and Software Inventory Management. It has worked out to be under six months in many of our deployments. You may not be able to directly attach a ROI for security, but given the fact that Bigfix has been able to address many vulnerabilities that arise out of non patching makes Bigfix a compelling investment

Plan well to ensure you have a stable and scaleable deployment. If you have a need for many use cases: Patch Management, Software Distribution, Remote Control, OS Deployment, Software Asset Management, Vulnerability Management, Security Compliance, and Server Automation, make sure you prioritize your requirements before deployment. You should go about meeting the requirements in phases, not try and burn the entire ocean.  

No other products evaluated.

Get started with BigFix.

Server management patch management and software deployment, where we have multiple platforms, such as Windows Servers, Linux, Unix, etc.

• Patch compliance reached 100%.
• Patch management, because it significantly improved the patch compliance.

Patch management, because it very much improved the patch compliance and has the capability to manage Windows and non-Windows clients.

• OSD and other features listed in SCCM, like desired configuration management
• Internet-based client management
• Offline patching of virtual machines
• Network Access Protection (NAP) technologies to prevent computers with vulnerabilities from gaining access to networks.

Vulnerability scanning and patch automation.

Also, software deployment in distributed environments, as it provides control over compliance and saves us a lot of time.

Before an internal IT team performed all these activities manually, which took time and did not guaranteed full control over compliance. These activities required access to a corporate network via LAN, because VPN often generated errors. 

Now, the process is centrally controlled, reported, and has an independently formed location (also over Internet).

There is no support for patch management on SLES on IBM pSeries (only the Intel platform is supported). This should be improved as soon as possible. It is a stopper for us to roll-out BigFix to all datacenter servers (500+).

About three years for PCs and one year for servers.

No issues.

No issues.

There was a technology consultant available in Poland, who was very helpful, but recently he has left and no one has replaced him.

Yes, Itelligence Germany uses HP automation and we had a pilot implementation.

We have complex requirements.

We offer BigFix as a service for our datacenter hosting customers.

Patch is a given and it is the flagship feature since the late 1990s. The architecture for patching and the 100% correct reporting makes BigFix stand apart from other solutions. Software Distribution is another powerful and strong feature that automates deploying software and saves a ton of time. The BigFix framework also gives you the ability to remove software and updates files, like configuration.

Patching is completed usually within a day or two. 98% of the endpoints are patched in the first pass no matter if they are all the corporate or traveling.

The new EDR (Endpoint Detection and Response) feature, Detect, is new and still needs a few updates. This is close to being a great addition to help when an attack has occurred.

Five years.

No stability issues. If relays are not configured correctly, then this can cause a performance issue. An occasional health check is needed to ensure the solution is running at peak performance.

BigFix can scale up to 250,000 endpoints on one server.

The deep technical resources are very good and can isolate an issue very quickly.

We started with SCCM and decided to switch because of inaccurate reporting, limited OS support, and we were unable to patch remote endpoints.

Initial setup is very simple. With the Web User Interface, it makes the learning curve very short.

I would stay with the Managed Virtual Server license model, which is a 1-to-1 license per OS whether it is virtual or physical.

Yes. SCCM, LANDESK, Altiris, and Tanium.

You will not be impressed with the looks of the reports, but they are accurate. The BigFix.me forum is a great place to learn from others.

Ability to run custom reports and custom relevance.

It allowed us to proactively seek out issues as well as quickly react to issues and target only computers which needed fixes. It was very easy to streamline down to what was needed.

We need a much better multi-tenant option. 

We had 60 plus divisions and there was no real way to effectively give those people the help at the division sufficient rights within the console to see just their responsibilities. We wanted Bob at one of our divisions to have console access and only be able to manage his computers. We were not able to find a way to effectively do this. They had a web console that did not really handle our needs. 

My current company is a consulting firm. If they had a better way to have multi-tenant access, this could be a product that could potentially do great good for us. As it was, when I last used it, it would not work for us without setting up a new instance for every customer we manage. Not really effective for our needs.

I have used it for about four years.

Yes, occasionally we did.

Yes, we did find some “quirks” and had to get creative, but we were able to work within the solution to streamline transfer speeds to not saturate networks between sites when synchronizing enormous install packages to our relays scattered around the country. Also, we could not easily scale the management to multiple tenants as we hoped and as we were able to do with other products in the past.

I didn’t have to deal with them much. Others did. We frequently found that we were bringing solutions to them.

I did not do the initial setup.

This was not my responsibility.

I was not the decision-maker here.

It is a great product. Spend some time really learning about the capabilities and how things are organized within the product. Then, spend some time really planning your structure and how the organizational groups should play out. It will make things a lot easier down the road when you need to send something to just one area of your business. Unfortunately, it is usually after a product is implemented that we truly understand how to best implement for our environment.