BigFix Review

Enabled us to reduce compliance reporting from about 100 hours per server to less than six


What is our primary use case?

We use BigFix as our primary automation platform. We use it to tie in disparate tasks and services that we need to apply to our servers. We use it for patching, reporting, and compliance.

How has it helped my organization?

We are able to use BigFix through API connections to automate and reduce resources and time. The product's been great for us. It's increased the security posture ten-fold and it's increased our visibility across our endpoints enormously.

It has helped us to reduce network traffic when it comes to downloading patches. We don't have a million machines reach out in the middle of the night to get devices. We have BigFix on our cruise lines in which satellite connectivity is limited. We had to pay per byte that goes across the wire. 

We use BigFix to compare our past and present patch cycles. We use it to report on the success of patching and what patches are available. It lets us do postmortems to find out when a patch was first available, first supplied, and if it had any issues.

Using BigFix and the automation we built we've been able to reduce patch time from three hours and 37 minutes on average to less than twenty minutes per server. 

Through using our automation we've seen a reduction in failures, critical patch failures, probably by about three or four percent.

What is most valuable?

The most valuable feature would be its flexibility. It's one product that works across multiple OSs. We have one agent that will sit on six to seven different OSs in our environment. I can use one console to push a patch to six or seven different OSs in one view. I don't have to jump from screen to screen or remote log-in.

I don't like the peer to peer file transfers feature. Security wise, it's a bad format and it's not useful. 

What needs improvement?

I would like to see API connectivity, built-in API connectors to the standard toolsets, whether it's for ServiceNow or Qualys. More API connectivity to make it easier to integrate to other tools.

What do I think about the stability of the solution?

It's very stable. We haven't had any major issues from it. Most times, we have false positives. Our people tell us that BigFix is doing something and we go back and look and it doesn't.

What do I think about the scalability of the solution?

It's been scalable for us. We've taken it from physical to virtual, from virtual to cloud, from on-prem to off-prem seamlessly.

How are customer service and technical support?

Their technical support is above average. Sometimes, because there are different modules, we'd get bounced to different help desks. It's frustrating that we don't have a one-stop shop. Overall, when we do get the right person, it's quick and easy. 

How was the initial setup?

We rebuilt it three years ago from the ground up and the setup wasn't complex.

What was our ROI?

We've seen ROI time-wise. We reduced compliance reporting from about 100 hours per server to less than six. We reduced patch time from three hours and a half to less than twenty, and we've reduced the patch man-hours from about five to six people per eight-hour shift. 

Which other solutions did I evaluate?

We also considered Red Hat and Microsoft. We chose BigFix because we saw more fidelity in reporting, more fidelity in accuracy, and more fidelity in security. 

It's a night and day difference between BigFix and SCCM. Anyone who's used SCCM before knows that BigFix provides a far better product in scalability, reporting, and the accuracy of patching.

What other advice do I have?

I would rate it a ten out of ten. It's worked for what we wanted. It's provided one screen to look across different OSs. It's also provided speed and flexibility. We're able to integrate it to all of our tools, do things to other servers and automate things that aren't done on one platform.

My advice to someone considering this solution would be to find a tool that can span as many OSs as possible. If you're using three different patching tools to approach three different OSs, you're probably lost. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest
Sign Up with Email