We just raised a $30M Series A: Read our story

BigFix OverviewUNIXBusinessApplication

BigFix is the #4 ranked solution in our list of top Configuration Management tools. It is most often compared to Microsoft Endpoint Configuration Manager: BigFix vs Microsoft Endpoint Configuration Manager

What is BigFix?

HCL BigFix provides complete visibility and control into all endpoints through a single, collaborative endpoint management platform that enables IT/Security Operations to fully automate discovery, management and remediation of endpoints, whether they are on-prem or in the cloud, regardless of location or connectivity. BigFix bridges the gap between IT and Security Operations, drastically reducing remediation times and costs. With BigFix, enterprises can protect endpoints running Windows, UNIX, Linux, and macOS by achieving greater than 98% first-pass patch success rates and enabling continuous endpoint compliance. Unlike complex tools that cover a subset of endpoints and take days or weeks to remediate, BigFix can find and fix endpoints fast.

BigFix is also known as Tivoli Endpoint Manager.

BigFix Buyer's Guide

Download the BigFix Buyer's Guide including reviews and more. Updated: October 2021

BigFix Customers

US Foods, Penn State, St Vincent's Health US Foods, Sabadell Bank, SunTrust, Australia Sydney, Stemac, Capgemini, WNS Global Services, Jebsen & Jessen, CenterBeam, Strauss, Christian Hospital Centre, Brit Insurance, Career Education Corporation

BigFix Video

Archived BigFix Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
MF
Senior Solutions Architect at Siwel Consulting
Real User
Works well with endpoints, it does what it says it's supposed to do

Pros and Cons

  • "The older version of the tools that I use also included the connectivity aspect, and the fact that the tool now has it separate from the collection of usage data makes the deployment of these tools much easier."
  • "I self-taught for this online, so the initial setup was a little difficult to pick up at first. I had to create a couple of testing environments and destroy them in order to learn how to use it. There was a lot of trial and error, a lot of reading of the manuals."

What is our primary use case?

I primarily consult with other companies for their software asset management purposes. I use BigFix to help deploy the IBM license metric tool and BigFix inventory.

How has it helped my organization?

The older version of the tools that I use also included the connectivity aspect, and the fact that the tool now has it separate from the collection of usage data makes the deployment of these tools much easier.

What is most valuable?

The fact that it works with endpoints so well is the most valuable feature. A big part of the collection of IBM License Metric Tool data is from the endpoint so it really helps.

For how long have I used the solution?

3 years

What do I think about the stability of the solution?

Even at a very large number of endpoints, it's very stable.

How are customer service and technical support?

Their technical support is very good. The PMRs I have had to open with IBM are answered pretty well. I have nothing but praise for these people.

How was the initial setup?

I self-taught for this online, so the initial setup was a little difficult to pick up at first. I had to create a couple of testing environments and destroy them in order to learn how to use it. There was a lot of trial and error, a lot of reading of the manuals. 

What other advice do I have?

I would rate this solution a ten out of ten. I'd give it an eleven but it's off the scale. It does what it says it's supposed to do. Once you get over the learning curve, it is pretty easy to use. Plugging in the endpoints is pretty simple.

I would advise someone considering this solution to hands down use it. 

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
IF
Infrastructure Specialist at Altshuler Shaham
Real User
Provides assistance with compliance and the remote management of assets

Pros and Cons

  • "The most valuable feature is patch management, a must have, even for Linux and iOS."
  • "I would like to see the Self Service section made more user-friendly."

What is our primary use case?

We use this solution to successfully manage and control approximately thirty-five hundred machines in multiple, complex environments.

How has it helped my organization?

  1. I can manage all of my assets from one place, no matter where they are in the world.
  2. Manage deployments and authorized software assets.
  3. Manage IMAGES for the entire organization from one place, and do it fast!
  4. Patch management is no longer a problem.

What is most valuable?

The most valuable feature is patch management, a must have, even for Linux and iOS.

We have a strict standard for compliance, and this solution has simplified this. 

What needs improvement?

I would like to see the Self Service section made more user-friendly.

With respect to OSD, I would like to control the task sequence competently from the BigFix console.

For how long have I used the solution?

Between three and four years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Learn what your peers think about BigFix. Get advice and tips from experienced pros sharing their opinions. Updated: October 2021.
542,823 professionals have used our research since 2012.
JT
Information Security Systems Specialist at a university with 10,001+ employees
Real User
Enabled us to have a highly successful endpoint patching program for the past decade

Pros and Cons

  • "It's enabled us to have a highly successful endpoint patching program for the past decade. It's been enormously successful there. It's also become a core part of many of our business processes, from compliance monitoring of endpoints, encryption management, key escrow, and local administrator password escrow. It's built into our inventory. It's very much everywhere."
  • "Around the scalability concern, I would like to see the ability to run teamed, clustered, or hierarchical root servers, in order to provide a more robust, high availability system. The single monolithic root server model does somewhat bother me."

What is our primary use case?

My primary use case of this solution is for information security-related functions, like patching and threat detection.

How has it helped my organization?

BigFix has enabled us to have a highly successful endpoint patching program for the past decade. It's been enormously successful there. It's also become a core part of many of our business processes, from compliance monitoring of endpoints, encryption management, key escrow, and local administrator password escrow. It's built into our inventory. It's very much everywhere.

We do use BigFix as a system of investigation in the instance of lost and stolen devices to get an idea of what sort of data was possibly on it. It is an integral part of our compliance management system. Using BigFix to report on our encryption stance has been extraordinarily impactful in terms of avoiding fines for HIPAA violations and in terms of lost and stolen devices. We're definitely talking millions of dollars per year. We've got two hospitals, and probably lose a laptop a day. The scale is such that it's a huge number of machines wandering off. Now that we have good encryption coverage and good reporting on that coverage, in a lot of instances, we can acknowledge and verify that the device was lost but that it was verifiably encrypted, there were no records released, and we can then close an investigation. That's huge.

What is most valuable?

The custom content flexibility is the most important feature. Its ubiquity is also valuable. We've got very good adoption and it helps that it's one of the few tools that we have everywhere.

What needs improvement?

Network traffic is one of our current pain points. BigFix's high performance and high availability in our environment easily overwhelms our high-performance firewalls. Every time we push out patches to our entire population, it makes the firewalls very unhappy for about an hour and slows down some of our core enterprise apps. We're working to identify ways to fix that. We think that BigFix provides mechanisms for spreading out that load over time. We're going to be deploying that soon which will hopefully take care of the problem. Bandwidth is never a problem for us, we have enormous bandwidth. The number of sessions gets overwhelming when you have tens of thousands of machines all getting patched simultaneously. We're just going to spread that out over time and BigFix does offer that capability.

Around the scalability concern, I would like to see the ability to run teamed, clustered, or hierarchical root servers in order to provide a more robust, high availability system. The single monolithic root server model does somewhat bother me.

What do I think about the stability of the solution?

Until our most recent information security system that we stood up, which is unrelated to BigFix, BigFix was our most solid system, in terms of how much engineering effort it requires to keep up and running, relative to the number of servers involved. It's a pretty solid system. We do run into bugs and interesting functional quirks, usually around how the endpoint agent reports into the relays. It mostly just takes care of itself, for the most part. We do have to do a little care and feeding, but it's mostly self-sufficient.

What do I think about the scalability of the solution?

We manage about 75,000 systems, most of them in a single instance and we have not run into serious performance issues at that scale. I have some concerns around the root server and the number of relays checking into it. We may be running into some performance issues there, but they're not impacting the functionality at this time.

How are customer service and technical support?

Technical support has gone through its ups and downs, especially under IBM. The IBM support mechanism is clunky and somewhat challenging. They have made improvements recently. One thing that I really value about this organization is that we have a dedicated customer advocate, who is on the development team, and who is able to escalate serious issues as necessary, when the standard channels aren't working well. They've maintained that personal touch that has really improved our confidence in the support.

Which other solutions did I evaluate?

SCCM is not particularly effective as a cross-platform solution, so that alone makes it less of a contender. Also, BigFix is a lot more flexible, in terms of the types of content you can deploy, the types of reporting you can do, and the types of customizations you can do. We used to do a lot with the integration of the data from BigFix into many other systems, and so the customization is critical and SCCM doesn't offer anything like that.

What other advice do I have?

I would rate it a solid eight out of ten. It's definitely not better than that, because it has a lot of Legacy code, a lot of early design decisions that it's still limping along with. On the other hand, I haven't found anything better out there. There are other competing products in this space, but nothing has convinced me that there is any compelling reason to switch. A lot of the value that we've gotten comes from the people that we're involved with, and the relationships that we've built with the community and vendor over time. I haven't found something that has a better security design. I'm a security guy, and a lot of the decisions that were made very early on in the BigFix product translate to enforcing good security practice, which I have not seen in other vendor solutions.

I would advise organizations looking at BigFix to not try to do everything all at once, but to get one process in place really solidly, and then move on to the next, all the while working on increasing coverage, and getting it on all of the systems. Both of those things take a long time. Don't try to build everything all simultaneously, because you will fail and it will probably take several iterations to get it right so make sure to take a very measured approach.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
BO
IT Engineer at a pharma/biotech company with 1,001-5,000 employees
Real User
Servers are patched more consistently than they have been previously but there should be improved integration of user security between different products

Pros and Cons

  • "Servers are patched more consistently than they have been previously."
  • "I would like to see the integration of user security between the different products to be improved. There's separate security for compliance, separate security for web reports, and the console, and you have to manage those things separately."

What is our primary use case?

Our primary use case of this solution is for automated server patching. It integrates with our change management tool. It replaced SCCM for Windows. 

How has it helped my organization?

Servers are patched more consistently than they have been previously.

What is most valuable?

Some of the most valuable features are the development of the patches, the fixlets, and not having to bundle things ourselves. 

What needs improvement?

I would like to see integration of user security between the different products to be improved. There's separate security for compliance, separate security for web reports, and the console, and you have to manage those things separately. 

What do I think about the stability of the solution?

It's very stable.

What do I think about the scalability of the solution?

It's very scalable. It handles it effortlessly for our needs. 

How are customer service and technical support?

The first level two support was a little spotty a year ago. It's improved. I get a B, B plus from them. The knowledge of the first line of support seemed to be limited. 

How was the initial setup?

Once you've done the setup once, it's not that complex. Initially, it can be a little bit complex to get your head around, but now that I've done it a couple of times, I don't deem it to be overly complex.

What about the implementation team?

We used IBM Professional Services and it was a good experience. 

What other advice do I have?

I would rate BigFix an eight out of ten. It's powerful, has low administrative overhead, it's reliable, and not too expensive. Not a ten because there's always room for improvement. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
SM
Technical Lead at a university with 1-10 employees
Real User
Helps collect information on endpoints to assist my team in troubleshooting break/fix tickets but stability isn't always consistent

Pros and Cons

  • "Being able to intelligently create reports, gather data, export CSVs and give that to the leadership of some of the client groups that my team supports has helped my organization."
  • "The stability is generally pretty good. The one thing that we came across is the battle between load on endpoints and load on our servers and relays versus how quickly, effectively and reliably actions can be taken. I'd like to not have to take an action on a system while I'm working with someone and then have to say whether something will happen between five seconds or thirty minutes from that point."

What is our primary use case?

I use BigFix to help collect information on endpoints to assist my team in troubleshooting break/fix tickets. I also use it to proactively create solutions for problems that come up and to help with patching of individual applications as well as for checking for compliance on an operating system level.

How has it helped my organization?

Being able to intelligently create reports, gather data, export CSVs and give that to the leadership of some of the client groups that my team supports has been a benefit to my organization. 

There are instances where we have been able to utilize BigFix to reduce help desk calls by automating certain things. Along with the concept of savings calls for the help desk it's saving individual help desk tickets that get navigated to our group by automating things which save us man-hours.

What is most valuable?

The most valuable feature is the ability to create my own properties and analyses to collect information so that folks who might only have access to web reports, but not the console, can gather information and I can create reports to give to the leadership of my client groups.

What do I think about the stability of the solution?

The stability is generally pretty good. The one thing that we came across is the battle between load on endpoints and load on our servers and relays versus how quickly, effectively and reliably actions can be taken. I'd like to not have to take an action on a system while I'm working with someone and then have to say whether something will happen between five seconds or thirty minutes from that point. 

Which solution did I use previously and why did I switch?

I haven't messed with SCCM too much. There's a lot of things that are desirable in SCCM regarding scalability. There are lots of workflows that exist that SCCM is pretty universally used and can make things happen instantly. It can also help with a lot of the zero configuration, zero-touch computerization things but we get to get a little more specific with BigFix. We can employ a lot of things from all kinds of different sources to help tailor our solutions and we have better functionality with Mac and Lenox.

What other advice do I have?

My experience is that you can get really deep and detailed with this solution and the sky is the limit in terms of how complicated you can get if you're willing to dig in and spend the time to learn how BigFix works and invent some of your own processes.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Daniel-Mitchell
Senior Server Systems Enigineer at a healthcare company with 501-1,000 employees
Real User
Enabled us to reduce compliance reporting from about 100 hours per server to less than six

Pros and Cons

  • "We are able to use BigFix through API connections to automate and reduce resources and time. The product's been great for us. It's increased the security posture ten-fold and it's increased our visibility across our endpoints enormously."
  • "I would like to see API connectivity, built-in API connectors to the standard toolsets, whether it's for your ServiceNow or your Qualys. More API connectivity to make it easier to integrate to other tools."

What is our primary use case?

We use BigFix as our primary automation platform. We use it to tie in disparate tasks and services that we need to apply to our servers. We use it for patching, reporting, and compliance.

How has it helped my organization?

We are able to use BigFix through API connections to automate and reduce resources and time. The product's been great for us. It's increased the security posture ten-fold and it's increased our visibility across our endpoints enormously.

It has helped us to reduce network traffic when it comes to downloading patches. We don't have a million machines reach out in the middle of the night to get devices. We have BigFix on our cruise lines in which satellite connectivity is limited. We had to pay per byte that goes across the wire. 

We use BigFix to compare our past and present patch cycles. We use it to report on the success of patching and what patches are available. It lets us do postmortems to find out when a patch was first available, first supplied, and if it had any issues.

Using BigFix and the automation we built we've been able to reduce patch time from three hours and 37 minutes on average to less than twenty minutes per server. 

Through using our automation we've seen a reduction in failures, critical patch failures, probably by about three or four percent.

What is most valuable?

The most valuable feature would be its flexibility. It's one product that works across multiple OSs. We have one agent that will sit on six to seven different OSs in our environment. I can use one console to push a patch to six or seven different OSs in one view. I don't have to jump from screen to screen or remote log-in.

I don't like the peer to peer file transfers feature. Security wise, it's a bad format and it's not useful. 

What needs improvement?

I would like to see API connectivity, built-in API connectors to the standard toolsets, whether it's for ServiceNow or Qualys. More API connectivity to make it easier to integrate to other tools.

What do I think about the stability of the solution?

It's very stable. We haven't had any major issues from it. Most times, we have false positives. Our people tell us that BigFix is doing something and we go back and look and it doesn't.

What do I think about the scalability of the solution?

It's been scalable for us. We've taken it from physical to virtual, from virtual to cloud, from on-prem to off-prem seamlessly.

How are customer service and technical support?

Their technical support is above average. Sometimes, because there are different modules, we'd get bounced to different help desks. It's frustrating that we don't have a one-stop shop. Overall, when we do get the right person, it's quick and easy. 

How was the initial setup?

We rebuilt it three years ago from the ground up and the setup wasn't complex.

What was our ROI?

We've seen ROI time-wise. We reduced compliance reporting from about 100 hours per server to less than six. We reduced patch time from three hours and a half to less than twenty, and we've reduced the patch man-hours from about five to six people per eight-hour shift. 

Which other solutions did I evaluate?

We also considered Red Hat and Microsoft. We chose BigFix because we saw more fidelity in reporting, more fidelity in accuracy, and more fidelity in security. 

It's a night and day difference between BigFix and SCCM. Anyone who's used SCCM before knows that BigFix provides a far better product in scalability, reporting, and the accuracy of patching.

What other advice do I have?

I would rate it a ten out of ten. It's worked for what we wanted. It's provided one screen to look across different OSs. It's also provided speed and flexibility. We're able to integrate it to all of our tools, do things to other servers and automate things that aren't done on one platform.

My advice to someone considering this solution would be to find a tool that can span as many OSs as possible. If you're using three different patching tools to approach three different OSs, you're probably lost. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
BG
Engineer with 10,001+ employees
Real User
Drastically reduced the maintenance window period to patch and reboot servers

Pros and Cons

  • "BigFix has drastically reduced the maintenance window period to patch and reboot servers."
  • "I would like to see a web UI SDK so we could take what is provided currently and be able to build our own customized web UI for particular customers that want to sell service."

What is our primary use case?

Our primary use case is for the automation of patch compliance.

How has it helped my organization?

BigFix has drastically reduced the maintenance window period to patch and reboot servers.

It has helped to reduce network traffic when it comes to downloading patches. There's a single download to the primary BigFix server which is then replicated and cached on the Relays for all data center connected servers.

Due to the automation, we've been able to prevent a lot of human errors with BigFix so it's reduced our help desk calls by 50%.

Finally, it has helped us to compress patch cycles by around 75%.

What is most valuable?

The power is in the Platform!

What needs improvement?

I would like to see a WebUI SDK so we could take what is provided currently and be able to build our own customized web UI for particular customers that want to sell service.

What do I think about the stability of the solution?

It's extremely stable. 

What do I think about the scalability of the solution?

It's very scalable. 

How are customer service and technical support?

Their technical support is excellent. 

Which solution did I use previously and why did I switch?

We've used BigFix in the past with other companies so we knew BigFix was a superior tool. Ten years prior, the current tool we were using had a lot of overhead, was time-consuming, used a lot of resources, and time spent on it. We knew there were better tools out there. 

It's far superior and there's no comparison to SCCM. It is so easy to navigate in the console. Everything's in a single view within a fixlet or a task. You can tell what actions are taking place versus having to go through separate menus in your console to figure it out. Just that alone and knowing instantly what your environment looks like based off of content makes BigFix superior. 

How was the initial setup?

The initial setup was very straightforward. It's simple infrastructure to set up in comparison to other tools, like BladeLogic or SCCM, very simple infrastructure to set up.

What about the implementation team?

We implemented ourselves. 

What other advice do I have?

I would rate it a ten out of ten. It hasn't changed much since it's inception, so it's a superior product and it's just going to get better with the expansion of the API endpoint security and WebUI.

If you're considering BigFix, you should look deeper than just what's on the retail box of patch and compliance and software distribution. Look at the platform, what it can do on the back, and the relevance language, and the reporting capabilities. There's a lot more to this that you can use in your DevOps org to accomplish automation tasks.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
JS
Technical Engineer at a individual & family service with 10,001+ employees
Real User
Tremendously reduced the amount of work that we had to do on each server in a centralized manner

Pros and Cons

  • "Prior to BigFix we used Altiris, which was distributed. We had to manage multiple servers, and duplicate the tasks that we did on each server. BigFix tremendously reduced the amount of work that we had to do on each server in a centralized manner. We could minimize the work that we had to do, and we had a lot more control over the tasks and what machines they ran on."
  • "I would like to see for it to be a little easier for new users to be able to learn and create relevant statements. In my opinion, that's the hardest part for bringing on new people that haven't had BigFix experience. Being able to have easier ways to build relevance in ActionScript would be the biggest improvement I'd like to see."

What is our primary use case?

Our primary use case of this solution is for endpoint management. 

How has it helped my organization?

Prior to BigFix we used Altiris, which was distributed. We had to manage multiple servers, and duplicate the tasks that we did on each server. BigFix tremendously reduced the amount of work that we had to do on each server in a centralized manner. We could minimize the work that we had to do, and we had a lot more control over the tasks and what machines they ran on.

It has helped to reduce help desk calls by 60-70%. Using the self-service portal allows our users a lot of access to fix their own problems as far as errors, as well as policies that auto-resolve issues as they come up without the user even knowing.

Finally, it has helped us to avoid compliance fines in the tens of thousands of dollars, if not more. We've used it for software audits numerous times and saved significant amounts of money with being able to clearly identify what machines have what software, then verify that we're licensed for the software that we have.

What is most valuable?

Power to query anything on the machine servers and problem resolution is where we find a lot of value in being able to turn around and find a fix, and identify machines that are having an issue, and being able to resolve that.

I believe that the peer to peer file transfers feature will speed up the time to get files to individual machines. I haven't used it myself, but I think that as far as clients go, instead of having to use one server for that, being able to get that data from their clients will be a lot faster and more efficient.

What needs improvement?

I would like to see for it to be a little easier for new users to be able to learn and create relevant statements. In my opinion, that's the hardest part for bringing on new people that haven't had BigFix experience. Being able to have easier ways to build relevance in ActionScript would be the biggest improvement I'd like to see.

What do I think about the stability of the solution?

It's very stable. There's minimal maintenance on the server infrastructure itself.

What do I think about the scalability of the solution?

It's very scalable. We've had mergers that have come in and put a relay out there, and immediately get the information back for their clients. It's very scalable, we don't have to worry about putting too much burden on our other servers.

How are customer service and technical support?

Their technical support is very good. 

Which solution did I use previously and why did I switch?

We switched to BigFix mainly because of scalability and for centralizing the work that we did, rather than being distributed. From what I know of SCCM, and the little that I've used it, the granularity that relevance an ActionScript allows you over the endpoint, and the information coming back from the endpoint is fairly significant compared to the work that you would have to do to script all that out in SCCM to get that information back.

What other advice do I have?

I would rate it an eight out of ten. Not a ten because of the training aspect of getting new users up and going on the technology. That would be the only downfall because it does take quite a bit of time to train new users. As far as the power, it's by far the best.

If you're considering BigFix look at the power that it allows you to have visibility into your system. If you don't have visibility into your systems, it takes a lot longer to get something resolved. Whereas if you can instantly get that information back from your client that's having a problem, being able to know that that issue needs to get fixed on that client's machine and being able to fix it instantly, could save you hundreds of hours.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
RS
Product Line Manager at a tech company with 10,001+ employees
Real User
Enables us to keep systems up to date, deploy new drivers, and find the information we need in the case of security incidents

Pros and Cons

  • "It allows us to quickly deploy capabilities that we need, whether it be security or non-security. We use it to keep systems up to date, deploy new drivers, find the information we need in the case of security incidents. The capability allows us to gather a lot of information very quickly and it also allows us to have a centralized reporting feature and a centralized deployment capability which is nice."
  • "The scalability of the web UI product doesn't scale to the size that we need for our implementation so it needs to expand. I would also like to see the capability to develop on the back of the web UI capability. There are lots of web features and integrations that we could do with web UI that it would be nice to be able to put on top of what's already there, rather than waiting for IBM to develop what we need."

What is our primary use case?

Our primary use of this solution is for compliance management, patching, and security configuration management.

How has it helped my organization?

It allows us to quickly deploy capabilities that we need, whether it be security or non-security. We use it to keep systems up to date, deploy new drivers, and find the information we need in the case of security incidents. The capability allows us to gather a lot of information very quickly and it also allows us to have a centralized reporting feature and a centralized deployment capability, which is nice.

It has helped to reduce network traffic when it comes to downloading patches with the relay structure. Talking from the corporate server down to the relays and then to the endpoints, it has helped from that perspective. It still causes impacts, not because of the capability itself but because of the content that's being provided by Microsoft and other vendors is just so large that it starts having impacts whether you want it to or not, no matter what kind of infrastructure you put in place.

What is most valuable?

The flexibility of the capability of being able to use the out-of-the-box content that we get from the vendor as well as develop our own capabilities on top of the core capability is the most valuable feature. 

What needs improvement?

The scalability of the web UI product doesn't scale to the size that we need for our implementation so it needs to expand. I would also like to see the capability to develop on the back of the web UI capability. There are lots of web features and integrations that we could do with web UI that it would be nice to be able to put on top of what's already there, rather than waiting for IBM to develop what we need.

What do I think about the stability of the solution?

The core capability is very strong and hasn't changed a lot. Sometimes it is harder than others to get to some of the newer features, mostly just because we have a very large install base, and so having the time to roll out new capabilities is hard. Overall the stability and the upper trend of the capability is very good.

What do I think about the scalability of the solution?

Scalability is good. 

How are customer service and technical support?

Overall, technical support is very good. Sometimes you have to figure out a different way to get to what you want and you have to escalate through multiple layers to get to the right solution. We've been using the tool for long enough that we don't need the easy help, we need the hard help. Sometimes that's really hard to get to and then the turnaround cycle between when we report an issue and when we hear back and being able to get data to the right people at the right time, we end up having to re-open tickets over and over again because we don't have the data that they need. Sometimes they ask for something and we have to go ask somebody else for it and get it back to them and by then the SLA has run out, so that's not good.

What about the implementation team?

We implemented internally. We've worked with IBM professional services for new capability and assistance with improving our overall capability but we didn't use them directly to implement. We've been using the tool for a really long time.

Which other solutions did I evaluate?

It's better than SCCM, it's more flexible. 

What other advice do I have?

I would rate it a seven or eight out of ten. The pain points that we have are particular to us just because of the size of our implementation, the number of endpoints, etc. Overall, I think it's a great product and a product that most people would really get a lot of benefit out of. The things that we struggle with are things that are particular to our organization.

If you're considering this solution, get involved with the user community early, make relationships with the development organizations, learn how you can advocate for yourself. User group kind of things are the best way to learn. Learning from other people who have been using the tool for a long time is probably the easiest way to see the most effective implementation and best use of your resources using the tool.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
BG
Security Engineer at a university with 1-10 employees
Real User
Enables us to immediately patch all instances of endpoints that are vulnerable to antivirus and initiate scans

Pros and Cons

  • "Before we had BigFix, we had problems with some malware. BigFix allows us to immediately patch all instances of endpoints that were vulnerable to antivirus and initiate scans. That's key."
  • "I want to see a solution for being able to deploy automated software to a Mac running OS X 10.13, something that's going to deal with kernel exceptions and answering prompts for user permissions for data folders and whatnot. They need to really streamline and automate the Mac software deployment."

What is our primary use case?

Our primary use of this solution is for endpoint patching and to deply operating system level patches to seventy-five thousand plus Mac and Windows endpoints.

How has it helped my organization?

Before we had BigFix, we had problems with some malware. BigFix allows us to immediately patch all instances of endpoints that are vulnerable to antivirus and initiate scans. That's key.

It helps us to compress our patch cycles. With our patches, I can make sure 80% of the community has got their endpoint patching up to current standards, which is a current patch cycle within a week and a half.

Finally, it has helped us to avoid compliance issues, potentially by millions. We use it for device compliance. It's key that endpoints with a certain type of data, if they were to get lost and not encrypted, would need to be reported and those would need to be reported to a federal agency. This can mean associated fines in the hundreds of thousands if not millions. We have lost endpoints with data on there, but because we can confirm with BigFix that they were verifiably encrypted, we are protected and don't have to make those sorts of reports. It has saved us maybe millions in funds.

What is most valuable?

One of the most valuable features is the ability to be able to check relevance. You can see what's applicable for what patches and deploy only the required patches to those individual endpoints.

The peer to peer file transfers feature is scary to me. I'm a security engineer, so thinking about sending updates or any sort of infrastructure level software communications coming from an endpoint that I didn't build or maybe don't trust is a bit scary.

What needs improvement?

I want to see a solution for being able to deploy automated software to a Mac running OS X 10.13, something that's going to deal with kernel exceptions and answering prompts for user permissions for data folders and whatnot. They need to really streamline and automate the Mac software deployment.

What do I think about the stability of the solution?

Stability is totally safe. We've been using it for years and years and it hasn't done us wrong.

What do I think about the scalability of the solution?

Scalability is awesome. We've gone from twenty thousand machines to seventy thousand machines and there's plenty of room for lots more.

How are customer service and technical support?

Any time I've had to call or take it up with the support at BigFix, I've had nothing but the best support. The engineers get what it is we're trying to do. We've had an outstanding relationship with them, and some of them even know us on a first name basis. Very good support.

How was the initial setup?

The initial setup was pretty straightforward, but that was 2006, 2007. A lot has changed. It would be a little bit more intense right now.

Which other solutions did I evaluate?

We also looked at Altiris but BigFix came in because of its unique capabilities. It was Mac and PC compliant and worked with our endpoints. At the time, the price was right for us. There was local support and we had a very personal relationship with BigFix.

SCCM will do most of the Mac stuff I want but doesn't give you the highly targeted capabilities I have in deploying anything I want to endpoints in any configuration that I choose.

What other advice do I have?

I would rate BigFix a ten out of ten. It has saved me so much time in patching alone. The capabilities it gives me for very granular targeting of endpoints based on whatever criteria that I can come up with is great. It is very simply a tool that can do just about anything. There is always room for improvement. I want to see better capability in Mac software deployments. Apple changed some of their policies, so I'd like to see BigFix get up to speed with that. 

I would advise someone considering this solution to jump heavily into the community features. The BigFix forums are fantastic, we have an amazing user community that has been so helpful for me and it's a great learning resource for folks who are new to BigFix. It's a great community for people who are more experienced, people share that and help each other out. The community is fantastic.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
AK
System Administrator at a university with 10,001+ employees
Real User
Enables us to make sure that we're not leaving ourselves vulnerable to exploits

Pros and Cons

  • "From a security standpoint, it allows us to make sure that we're not leaving ourselves vulnerable to exploits and things like that. That's the biggest advantage that we see to the product from a security standpoint."
  • "I would like to see more custom content."

What is our primary use case?

Our primary use case of this solution is for security patching and application patching.

How has it helped my organization?

From a security standpoint, it allows us to make sure that we're not leaving ourselves vulnerable to exploits and things like that. That's the biggest advantage that we see to the product from a security standpoint. 

We use it to compare current and past patch cycles. We usually roll the baselines into every patch cycle. We do some recording on previous patch cycles and stuff like that, and how effective each baseline is.

It has helped to compress our patch cycles from a long time ago. We were patching individually each day, then we were able to compress them all into a month.

I'm not sure by what percentage but it has helped to reduce help desk calls, in terms of security vulnerabilities, but it has reduced the amount of vulnerabilities and the security notifications we get. Also, self-service lets us install notifications, not like sending a front line support personnel.

What is most valuable?

Some of the most valuable features would be: 

  • The custom content 
  • Baselines
  • Inventory
  • Application usage

What needs improvement?

I would like to see: 

  • More custom content
  • Better content for Mac 
  • Automated patching. They have this but I'm looking for improvements.
  • Automated baselines for patching.

What do I think about the stability of the solution?

Stability is good. It works well. When it works, it works great. It's pretty quick to respond.

What do I think about the scalability of the solution?

Scalability is good. From my other experience using the relays and things like that, it scales pretty widely. We have a pretty good amount of endpoints and it works well for us.

How are customer service and technical support?

Technical support is good. We have a close relationship with people who work in the company. We are fortunate where we get direct communication with them, so it's good.

Which solution did I use previously and why did I switch?

We weren't previously using a solution, so we knew we had to invest in one. We brought in a bunch of different solutions and BigFix was the one that won out. 

How was the initial setup?

The initial setup was was complex because it was new. The help that they gave us and the documents that they gave us were really straightforward. The first time I set it up there was a learning curve, but the second time it was real easy.

Which other solutions did I evaluate?

We also looked at Microsoft SCCM. We chose BigFix because it's more inclusive, it's centered towards Microsoft and Windows. There's a lot more content and things like that so, it's much more in-depth and widespread than SCCM.

What other advice do I have?

I would rate BigFix an eight or nine. We've been using it for a really long time and we're happy customers. 

I would advise someone considering BigFix to split it up and compare it to what you're looking at. You'll see that it can do more than other competitors. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
CH
BigFix Admin at a university with 10,001+ employees
Real User
We went from patching thousands of machines by twenty to thirty people to one person

Pros and Cons

  • "We are able to go from patching thousands of machines by twenty to thirty people to one person."
  • "I would like better support on the backend."

What is our primary use case?

The primary use case of this solution is for patch management, software distribution, inventory, and power management.

How has it helped my organization?

BigFix has helped us to compress our patch cycles. We typically do one release a month. Where we really benefited from this solution is that we now have one to two people whereas previously we would need thirty to forty people taking care of it. That's where we benefited from BigFix the most. We've never had central patching before, so BigFix has improved things quite a bit.

It has helped to reduce software spend. We do have the inventory component, but it's not fully implemented yet. We know that the software does take out certain data and so now we have better data.

What is most valuable?

We are able to go from patching thousands of machines by twenty to thirty people to one person. 

What needs improvement?

I would like better support on the backend.

What do I think about the stability of the solution?

It's stable. We occasionally run into hic-ups here and there. We've been working with BigFix for eight-plus years and occasionally things happen. 

What do I think about the scalability of the solution?

We're in the tens of thousands and we're under twenty thousand endpoints. It's been pretty easy to maintain.

How are customer service and technical support?

Their technical support can be helpful. We send a PMR and they are pretty helpful. I would give them, on a scale from one to five, with five being the best, around a four.

How was the initial setup?

The initial setup was straightforward on the BigFix side. We had some internal stuff that caused some issues but otherwise it's pretty straightforward. 

What about the implementation team?

We implemented in-house. 

Which other solutions did I evaluate?

We were looking for something that could run Mac and Windows. At the time SCCM didn't do anything with the backend side. We tried to set SCCM up but it seems to be more complicated than it needs to be. BigFix has one central database and is easier. 

What other advice do I have?

I would rate it an 8.5 out of ten. BigFix has a great community, there's a lot of people that believe in it, it's whatever they advertise, and they listen to customers' feedback. We are heavily on-prem and with BigFix we have that option of staying on-prem. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
MM
BigFix Admin / Win SysAdmin at Costco Wholesale
Real User
We can grant access via role base depending on department status from a single console

Pros and Cons

  • "Between the user groups, the community, the AVP support, the direct access via technical route and the PMR support, half the time I don't even need to do a formal PMR because the solutions from the community resolve whatever issues we're having. It's the best community and support based system I've ever used."
  • "I'd like to see better integration, with the different applications within BigFix. Instead of sometimes feeling like four or five different applications, they need to be integrated a little better within themselves."

What is our primary use case?

Our primary use of this solution is for the server side patching and compliance remediation. We use it for all of Windows server patching, remediation, vulnerability scanning, and inventory management of IBM licensing.

How has it helped my organization?

We're able to single console manage all departmental Windows, Linux, AIX servers, and from a single console, we can grant access via role base depending on department status and access. It's just easy to get a big picture on a single screen.

It reduces network traffic when it comes to downloading patches. It's a single patch repository on the root server, all patches start on the root server, and then they are disseminated via relevance as required, up above a chain and a single connection via the relays up until it gets to the bottom of the last relay and then it disburses to the client. Storage and network wise, it makes the smallest download possible down to the last band and then disseminates from there, so you can take your relays as far down as possible to make a small download chain size wise. 

We use it to compare current and past patch cycles. We do monthly compliance verification and we use external vulnerability scanning, and we compare that to the BigFix compliance results and make a mesh of the two for our monthly reports for executives. We do that on a monthly basis.

It has helped us to compress our patch cycles. It's been condensed 100 percent. Our patch cycle is now under 10 days for everything that we patch, and we get no complaints from our compliance people about that. They've given us requests and we recondense it. Depending on how much urgency we put on it we can take it down as much as possible.

Finally, it has helped to reduce help desk calls. We actually know if there's an issue before the help desk finds out. We'll report a server down sometimes before the server owner knows, and we'll let them know that there may be an issue and then we can actually roll back a patch via BigFix before the server owner knows that there's an issue. Altogether, help desk calls have been reduced by around 50%.  

What is most valuable?

Some of the most valuable features are its: 

  • Ease of use
  • The fact that it's a single port access across the board. There's only one firewall to be required.
  • The user community is great, very helpful. 
  • There's not a lot of overhead to the client. There's a bit of set up to do but it's pretty simple once it gets running to maintain it. It basically maintains itself. As such for as big of a system, it only requires a little manpower. There's only a couple of people that have to manage it.

My impressions of peer to peer file transfer in relation to BigFix, is that it's a relay structure that goes up and down the chain, as servers check in they check into their relays, the relays pass up and down the chain. It has tight security. They say it heals itself. It doesn't put a load on the system and doesn't give our guys any headaches or anything. It just seems to work pretty well and it's easy to maintain.

What needs improvement?

I'd like to see:

  • More visibility
  • Better reporting
  • I'd like for it to be more futuristic, for it to be less plain Windows looking with a little more pizazz. 
  • Better integration, with the different applications within BigFix. Instead of sometimes feeling like four or five different applications, they need to be integrated a little better within themselves. 
  • Better folder structure internally.

What do I think about the stability of the solution?

I've been admining the system for two and a half years now and other than server side issues we have never had stability problems. My core system is four servers and they're not maxed out. We've never had any performance issues.

What do I think about the scalability of the solution?

Scalability is amazing. We have over 10,000 systems and could easily add to that without a performance hit. We'd have to increase our relay structure to keep it manageable but I don't think we'd have any problems.

How are customer service and technical support?

Between the user groups, the community, the AVP support, the direct access via technical route and the PMR support, half the time I don't even need to do a formal PMR because the solutions from the community resolve whatever issues we're having. It's the best community and support based system I've ever used.

What about the implementation team?

We implemented in-house. 

Which other solutions did I evaluate?

The main reason why we chose BigFix is because at the time we were looking for a single solution for multiple OS, and SCCM at the time couldn't handle a Windows, Linux, and AIX coverage as BigFix does. I haven't directly managed SCCM myself, but I do feel that BigFix is a much simpler set up, simpler configuration. It's better accepted by our marketing solutions, to get into some of the restricted VLANs, we have a much easier time connecting to restricted LANs than they do. BigFix has better reporting, they're just better integration. The one part where I think SCCM is better is in the remote control. The BigFix solution remote control is a little dated. 

What other advice do I have?

I would rate it an eight out of ten. An eight because of the stability and the ease of use. Not a ten because I'm looking for more modernization, but I do have to give the BigFix community credit because they seem to listen to us.

I would advise someone considering this solution to talk to the community. Talk to the BigFix users, ask their honest opinion on what they think is good and bad about it. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Fernando Martinez
Systems Administrator at a tech services company with 1,001-5,000 employees
Real User
Helped us to identify the compliance of devices and has also improved the way that we manage our software inventory

Pros and Cons

  • "BigFix helped us to identify the compliance of devices and has also improved the way that we manage our software inventory for reporting to vendors."
  • "I would like to see improvements in the Web UI program and also a BigFix console for Mac OS."

What is our primary use case?

We use BigFix to manage Windows and Mac OS. We also use it for deploying patches and software across the company.

How has it helped my organization?

BigFix helped us to identify the compliance of devices and has also improved the way that we manage our software inventory for reporting to vendors.

It has helped to reduce network traffic when it comes to downloading patches. It helps a lot because we have the ability to customize the uses of the bandwidth in our company, and it helps us to reach every region no matter the size of the link that we have in the network. We use patch management for deploying Microsoft patches and compliance to deploy security policy across the environment.

Finally, it has helped to compress the patch cycles. It has helped us to reduce the time that we need to use for patch management by at least 50 percent.

What is most valuable?

The scalability and the ability to manage different operating systems are the two most valuable features. 

What needs improvement?

I would like to see improvements in the web UI program and also a BigFix console for Mac OS.

What do I think about the scalability of the solution?

Scalability is really great because we have the ability to scale the solution no matter how many endpoints we have. The last updates came with a lot of improvements regarding the scalability.

How are customer service and technical support?

Their technical support needs some improvement. We have had some cases where we didn't get enough support from the support team but I think it's improving now.

Which solution did I use previously and why did I switch?

We switched to BigFix because of the scalability and because it can be used across multiple platforms.

How was the initial setup?

The implementation is really straightforward and it's easy to implement with the environment.

What other advice do I have?

SCCM is a complex solution that needs a lot of licenses which means a lot of money. It only supports Windows and BigFix can be deployed across Linux and Microsoft operating systems.

I would rate BigFix a nine out of ten. Not a ten because there are some improvements that can be done to the product and the support that we get from the vendor needs improvement.
BigFix can do almost anything. You should know how to use it based on your specific requirements, but it can do almost anything.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
JH
Senior Security Consultant at Tech Data Corporation
Consultant
We went from manually patching machines to being able to "set it and forget it" and get good results on first-pass patching

Pros and Cons

  • "It has improved my organization because we can automate a lot of tasks. We went from manually patching machines or doing our best and having very little visibility into it to us being able to set it and forget it and getting really good results on first-pass patching."
  • "I would eventually like to see a SaaS offering, a cloud-hosted BigFix instance where we only have to put a relay in our environment."

What is our primary use case?

I'm a long time user for endpoint management and now I do consulting so I design solutions for end customers.

How has it helped my organization?

It has improved my organization because we can automate a lot of tasks. We went from manually patching machines or doing our best and having very little visibility into it to us being able to "set it and forget it" and getting really good results on first-pass patching.

In addition, it has also helped us to reduce network traffic when it comes to downloading patches. It's very easy to throttle the network traffic, Instead of us taking down the network, downloading hundreds of patches, we're able to set a throttle, and then also spread it out over a period of time, which helps a lot.

It has helped to compress our patch cycles. In some cases, a hundred percent because in some areas, patching wasn't happening. We went from not patching to just automating it.

Finally, help desk calls have been reduced. We were able to look at help desk calls and find out which ones were most common and start automating that with BigFix. For some various organization, a quarter to half of our help desk calls were knocked out.

What is most valuable?

It's incredibly powerful and it's very extensible. Meaning, it's very easy for us to customize the platform to solve a number of different tasks for us.
We enjoy using peer-to-peer file transfers as a peering system for files. It provides built-in redundancy and we can control it all from the console, which is nice.

What needs improvement?

I would eventually like to see a SaaS offering, a cloud-hosted BigFix instance where we only have to put a relay in our environment. 

What do I think about the stability of the solution?

Stability is incredible. A lot of times people will let it run forever without touching it because it just keeps going. Once you stand up the solution, there's very little that you have to do. Just the occasional update and that's it.

What do I think about the scalability of the solution?

Scalability is awesome. For one, it supports around a quarter of a million endpoints, which is a lot. It's also very easy to stand up relays anywhere in the world. It's incredibly scalable.

How are customer service and technical support?

Technical support is pretty good. I have never had any issues with support. Primarily, though, I go to the BigFix community which has been super helpful.

Which solution did I use previously and why did I switch?

We initially switched because we had different solutions for all different platforms. We had one for MAC OS, we had one for Windows, and we weren't really using them that much so we were able to use it to manage all of them with a single tool instead of a bunch of different ones.

How was the initial setup?

The initial setup is very easy. 

What other advice do I have?

BigFix is way better than SCCM. SCCM doesn't do MAC OS or Linux. It takes a lot of time to manage, it's a lot of work, there are all kinds of ports that you need to open, and it's just a pain to manage.

I would rate BigFix a nine out of ten because I really enjoy the tool but there's always room for improvement and there's always something to add. I've been really happy. There's a close-knit community. It's super easy to get help. They're always adding new features. I'm very happy with it.

I would advise someone considering this solution to try it out. Set up a demo, give it a shot, turn on some auto-patching, and then just watch as your organization self-heals.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
Tanyalynnette Grimes
CEO/ Chief Strategist at GreenWave Tech Corp
Real User
We're able to make sure that our endpoints are secure, regardless of the location on or off network

Pros and Cons

  • "DOWNLOADING-PATCHES; It has also helped to reduce network traffic when it comes to downloading patches. By only having to download the patch once to the central location and then utilizing the relay structure to then download the patch to a specific site and then everything gathering at local, it greatly reduces the bandwidth of multiple endpoints."
  • "We're a partner, so we deliver technical support to customers. When we need to talk to the product support, traditionally, with the product over the last five years, I would not say support has been supportive. I hope that changes."

What is our primary use case?

We help our customers and ourselves do vulnerability and compliance implementations, licensing compliance, and patch management solutions.

How has it helped my organization?

I've worked with the product a very long time, almost eight and a half years now, and for my own company, we're able to make sure that our endpoints are secure, regardless of the location on or off network. Also, for a lot of our customers, a big benefit is being able to give with accuracy, the reporting of compliancies based on NIST or STIGs, compliance reporting tools and being able to know that what they're doing.

It has also helped to reduce network traffic when it comes to downloading patches. By only having to download the patch once to the central location and then utilizing the relay structure to then download the patch to a specific site and then everything gathering at local, it greatly reduces the bandwidth of multiple endpoints.

We use it to compare current and old patches. I don't necessarily want to deploy a roll-up patch, but we have to because that's how the vendors are producing them. By being able to evaluate whether the new patching is as successful as the old way, we're able to compare the different content of the patches and not just that the patch has been delivered, but that the vulnerability that the patch is supposed to fix no longer exists.

Before we started using this solution, patching was done per endpoint. What we're able to do now is, we can test the patches, deploy them, with certainty that they're not breaking anything else, and then large scale deploy the amount. I've seen customers reduce their patch cycle times from a 60-day turnaround window to a 15-day turnaround window.

Finally, it has helped reduce software spend. By having to look at the licensed tools and what's being utilized and not utilized, we're able to make informed decisions about software license levels. This product falls a little short as far as the licensing compliance capabilities. I would like to see some development surrounding that so that I could input ELA agreements, regardless of vendor, and be able to pull those compliance-based reports.

What is most valuable?

The ease of use is the most valuable feature. Underlying that is the truth that the information that's being derived from the endpoints is accurate. There's no gray matter, and we don't have to interpret the results.

What needs improvement?

I would like to see file consistency and sizing, and I would like to see more robust reporting in the power management features. Energy use and consumption has become a cry within IT development. It's an underserved piece of the product that has implications that could allow security and green IT and sustainability to be married better.

What do I think about the stability of the solution?

The stability is paramount. It has definitely reduced the need for multiple products down at the endpoint, it's reduced the number of agents needed at the endpoint, and overall because the product was created so many years ago when networks were not nearly as robust as they are now, the improvement of the product over time along with the improvement of the stability of large networks, has coincided. It is as stable today as when you could only transfer 15 bits across the line.

How are customer service and technical support?

We're a partner, so we deliver technical support to customers. When we need to talk to the product support, traditionally, with the product over the last five years, I would not say support has been supportive. I hope that changes.

How was the initial setup?

Our initial setup was very complex because we not only have it set up for our internal use, but we also have a managed service platform in which we service multiple clients. We have a cloud-based solution with it as well. We're called in for a lot of the crazy deployments that are out there in the customer world where they have massive amounts of endpoints and really complex network systems.

What was our ROI?

If you utilize the tool to the maximum capacity available to you, your ROI is significantly five to seven-fold over cost.

What other advice do I have?

SCCM was a product that was originally designed to deploy Microsoft Office and to patch some of the underlying structures of the Microsoft operating system. It was never designed to be a large-scale security compliance or endpoint management tool. So when you look at it from those foundations, it doesn't compare. SCCM is a free product that's offered as part of an ELA agreement that can do those functions and features, but it's not designed to do it.

I would rate BigFix a nine out of ten. It is a world leader in the patch management, vulnerability management, and security compliance space. Not a ten because the product still has room for growth and maturity to be a full-scale platform for agnostic management.

I would advise someone considering this solution to start with the simplest thing that you need to be fixed, whether that's patch management or that's software-inventory, and learn how the product works. If you can conceptually understand that it's an agnostic platform, then what I would do for patching is the same thing that I would do for inventory, which is the same thing that I would do for compliance management. Then converting over those features until into a holistic environment is easy. If you're trying to eat the elephant all at once, it gets very overwhelming very quickly.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
John Livinston
CEO at Verve
Reseller
Allows for visibility into the OT that didn't exist before and has helped our network tracking when it comes to downloading patches

Pros and Cons

  • "It allows for visibility into the OT, the industrial environments, that didn't exist before which is a big piece and has benefited my organization. Second, the speed at which people can patch is night and day versus SCCM scan or another similar solution."
  • "I would like to see different types of reporting and the ability to integrate closer with the cloud."

What is our primary use case?

Our primary use for BigFix is in the industrial environment, we put BigFix into industrial facilities.

How has it helped my organization?

It allows for visibility into the OT, the industrial environments, that didn't exist before which is a big piece and has benefited my organization. Second, the speed at which people can patch is night and day versus SCCM or another similar solution.

When it comes to downloading patches it has helped our network tracking. Our networks are very low bandwidth and very sensitive. For instance, we're running a power plant and that power plant has to be up 99.99% of the time. That network that it's running on was built 35 or 40 years ago, without all the modern technologies, so we can't do it without BigFix.

Many of our clients have compliance requirements that they have to patch within a certain window and so we have to be able to give them data of when the cycle happened and if they complete the patches.

It has also helped to compress our client's patch cycles. For our clients, what was normally a full 30 days of work is now down to a couple of days to get the data in and actually get out and patch the thing. We tuned the BigFix console to enable that a little bit easier so it's a 75 to 80% reduction.

What is most valuable?

The ability for the agent to be customized, to both, run the fix list and the relevant language, but also to be able to be designed so that it only allows for outbound ports rather than inbound is the most valuable feature. We work in a lot of environments where there are segmented networks and we have to have an agent and a communication where we don't have any inbound ports into that environment. Having that agent be really small, and the ability to not have to have any open inbound ports into that environment is wonderful.

What needs improvement?

I would like to see different types of reporting and the ability to integrate closer with the cloud. 

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

It's very stable.

How are customer service and technical support?

Their technical support is very good. The BigFix community is the best part. The support is nice, but the fact that we've got all those other practitioners out there, that's the best part.

What was our ROI?

Our clients have definitely seen ROI from using BigFix. 

What other advice do I have?

I would rate it a nine out of ten. Not a ten because the reporting side of things could be improved and I'd like to see how they're going to fit it in with the cloud. 

I would advise someone considering BigFix to look at it and try it. It's really easy to say SCCM is free so you'll just use it but you don't know what you're missing until you actually give BigFix a shot and try it. It's dramatically easier. It significantly reduces the time and effort that it takes to do things and it's more certain. You know what you've got rather than getting in there and guessing each time.

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
SS
Senior Developer at Jack in the Box
Real User
Improved reliability upon the delivery of software and has helped reduce software expenses

Pros and Cons

  • "It has improved reliability upon delivery of software and has also helped reduce software expenses. The extensibility of BigFix helps to create custom solutions where we may have considered purchasing something instead."
  • "I would like to see much better web reporting because as it is now, it's convoluted, basic, it's not modern, and there are limitations to it."

What is our primary use case?

Our primary use case of this solution is to develop custom content to deliver to restaurants.

How has it helped my organization?

It has improved reliability upon delivery of software and has also helped reduce software expenses. The extensibility of BigFix helps to create custom solutions where we may have considered purchasing something instead. 

We use it for PCI compliance and checking to see if endpoints are in a state where they need to be patched or not up to a certain level so it has helped us avoid compliance fees. 

What is most valuable?

Being able to report directly on aspects of the system is the most valuable feature for us. Meaning, instead of reporting on just an error code or something, you can inspect actual files, properties, registry keys, etc.

What needs improvement?

I would like to see much better web reporting because as it is now, it's convoluted, basic, it's not modern, and there are limitations to it.

What do I think about the stability of the solution?

The stability is excellent. I haven't had issues with BigFix crashing unexpectedly or anything like that.

What do I think about the scalability of the solution?

The scalability seems solid. We're a smaller customer. We have about 16,000 endpoints, whereas other companies have hundreds of thousands.

How are customer service and technical support?

Technical support is excellent, as far as the forum support. As far as new product needs, it's mixed. Sometimes if you are asked to submit an official request they go into a black hole.

What about the implementation team?

We implemented in-house. 

What other advice do I have?

I would rate it a seven out of ten. You can see all of the code of the custom content that is created for you. That's huge. With a lot of proprietary solutions, it's a black box where you can't see what they're doing and when it messes up you're on your own. With BigFix that was huge because if something goes wrong then you can create your own copy and start troubleshooting it.

I would advise someone considering this solution to have a developer on staff to fully leverage the features of it.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Andrew Laurence
Systems Analyst at a university with 10,001+ employees
Real User
Enables us to to build custom content and scale to additional endpoints without increasing staff time

Pros and Cons

  • "It enables us to patch our systems quickly and within expectations and to increase our volume as needed. It has also helped us compress our patch sites. We used to do it monthly but now we do it weekly."
  • "I'd definitely like to see additional feature parody in the web UI versus the console. There are certain things that you can only do in the console and they're very cumbersome to do, like secure parameters, for example. That's definitely something that has a wide degree of utility but it needs to be easier to surface. At this particular juncture between the transition, between the legacy console and the web UI, it's hard to justify dealing with the cumbersome aspects of the legacy console when theoretically everything's been through the web UI."

What is our primary use case?

Our primary use of this solution is for patching all of our systems and maintaining their security compliance.

How has it helped my organization?

It enables us to patch our systems quickly and within expectations and to increase our volume as needed. It has also helped us compress our patch sites. We used to do it monthly but now we do it weekly.

Compared to SCCM, I always feel like I'm fighting the tool. I do not feel that way with BigFix.

What is most valuable?

The ability to build custom content and scale to additional endpoints without increasing staff time is the most valuable feature. 

What needs improvement?

I'd definitely like to see additional feature parody in the web UI versus the console. There are certain things that you can only do in the console and they're very cumbersome to do, like secure parameters, for example. That's definitely something that has a wide degree of utility but it needs to be easier to surface. At this particular juncture between the transition, between the Legacy console and the web UI, it's hard to justify dealing with the cumbersome aspects of the Legacy console when theoretically everything's been through the web UI.

What do I think about the stability of the solution?

Stability is very good. We have no issues with it.

How are customer service and technical support?

Technical support has always been useful and they have always ultimately provided a solution.

How was the initial setup?

The initial set up was very simple, single server. We've since grown to a server plus an array of relays and we even use relays to get into some difficult to reach network areas. It's been pretty useful.

What about the implementation team?

We implemented in-house. 

What other advice do I have?

I would rate it an eight out of ten and I'd advise someone considering this solution to start with one relay. Remember that it is a root shell robot. If you can do it on the shell you can do it with BigFix.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Ben Cotton
Founder at CyFIR
Real User
Increases our efficiencies on the remediation phase of our engagements and enables us to spend fewer consulting hours

Pros and Cons

  • "We rely on BigFix as part of our consulting engagements. It's more efficient from a visibility and discovery standpoint on the initial phase, the consulting engagement. It also increases our efficiencies on the remediation phase of our engagements."
  • "I'd like to see better API integration with BigFix. We have some tremendous API capability inside of CyFIR and the ability to take textual search results, for example, and bring that back into the BigFix dashboard. This would be of extreme interest to us and our customers."

What is our primary use case?

We rely on BigFix to provide patch remediations in conjunction with instant response engagements that we have. Once CyFIR finds a problem, we tend to leverage BigFix to automate the solution across the entire environment.

How has it helped my organization?

We rely on BigFix as part of our consulting engagements. It's more efficient from a visibility and discovery standpoint on the initial phase, the consulting engagement. It also increases our efficiencies on the remediation phase of our engagements. 

We use it to compare the current state of patch and diff that with where it should be and to also push CVE patches and things out that are specific to a problem we have found. 

The combination of CyFIR and BigFix has allowed one of our major customers, one of the top Fortune 50 financial firms in the world, to reduce their forensic investigator count by about 4 FTE with the combination of CyFIR and BigFix.

Compared to SCCM it's much more robust, much more capable, and you can be much more targeted with SCCM. The challenge with SCCM is it doesn't have much of a discovery module so if we're going in blind to a network, we really want to know what's there, not what they think is there. BigFix provides us that picture.

What is most valuable?

With BigFix, the ability to do device discovery and the installation of our CyFIR agent across the environment is a very autonomous, automatic-type function that is a very significant feature for us. We combine CyFIR and BigFix to provide a total cybersecurity solution, including computer forensics disk imaging, memory analysis imaging. As part of that, we tend to leverage BigFix from the remediation side and from the installation side. 

The peer to peer file transfers as a solution are fine. 

What needs improvement?

I'd like to see better API integration with BigFix. We have some tremendous API capability inside of CyFIR and the ability to take textual search results, for example, and bring that back into the BigFix dashboard. This would be of extreme interest to us and our customers. 

What do I think about the stability of the solution?

It's very stable. 

What do I think about the scalability of the solution?

Scalability is very good. 

How are customer service and technical support?

Their technical support is very responsive. 

Which solution did I use previously and why did I switch?

We're always looking for innovation and the most efficient and effective way to serve our client base. BigFix came up on our radar as part of that continual enhancement search.

How was the initial setup?

From our perspective, it's pretty easy engagement. It's not just for our network, we use this for our engagements with our clients so the complexity is typically not introduced by BigFix but by the customer client networks and their specific requirements.

What about the implementation team?

We implemented it ourselves. 

What was our ROI?

The fewer consulting hours that we spend is ROI for us. BigFix enables us to produce maximum results.

What other advice do I have?

I would rate it a 9.5 out of ten. It's pretty close to being perfect. It's stellar.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
JM
Endpoint Management Engineer at a retailer with 1,001-5,000 employees
Real User
The ability to customize the content to do what we need it to do is very powerful

Pros and Cons

  • "Having higher visibility on patching level, on patching successful, and non-successful has been a way that BigFix has improved my organization. Also, the ability to customize the content to do what we need it to do is very powerful and very flexible for us. Finally, in the area of custom interfaces like REST API really gives us the ability to provide for our external customers."
  • "License management isn't quite as easy as it should be to deal with the licensing. You need to take the server down to import the new licenses which I find to be annoying."

What is our primary use case?

We use this solution to import management across all of our stores, desktops and server infrastructures.

How has it helped my organization?

Having higher visibility on patching level, on patching successful, and non-successful has been a way that BigFix has improved my organization. Also, the ability to customize the content to do what we need it to do is very powerful and very flexible for us. Finally, in the area of custom interfaces, like REST API, really gives us the ability to provide for our external customers.

It has immensely helped to reduce network traffic when it comes to downloading patches. Downloading once and distributing to all endpoints applicable greatly reduces bandwidth.

What is most valuable?

The most valuable feature is the ability to make the platform do almost anything you want it to do. Out-of-the-box features are very powerful, but with creativity you can make the platform do almost anything you want it to do.

What needs improvement?

I would like to see more flexibility on how queries are run through the API. We've got some of our desktop customers that use the API to query a lot, and that actually impacts our server automation plan sometimes. On a day when they might be heavily querying and it hits a web report server, that messes with our server automation plans and the reporting for it. The server automation should be hitting the actual BigFix database versus the web reports.

I would also like to see improvement on configuring where the logs go. It's been annoying for both of our desktop teams. Even on the Linux side, we should be able to set the property to have the logs go to a different location. It's annoying because sometimes if you need to clear out the best data you end up losing all the logs. You can try to save it off but it's an extra step. If you try to move those logs ahead of time with the client property it shouldn't be an issue, install the BigFix agent into a nonstandard location. It's important for some of our UNIX endpoints who don't give enough space. It should be supported from the install, out of the box.

What do I think about the scalability of the solution?

It'll scale almost as big as you need it. You just throw hardware at it.

How are customer service and technical support?

In regards to technical support, level 2 is very helpful, but when things need to get more visibility you can get their core developers to help which is really helpful.

How was the initial setup?

The initial setup was complex. There are a lot of steps to set it up, at least on the Linux side.

What's my experience with pricing, setup cost, and licensing?

License management isn't quite as easy as it should be to deal with the licensing. You need to take the server down to import the new licenses which I find to be annoying. 

What other advice do I have?

I would rate it a nine out of ten. It's incredibly flexible. I've managed and worked with several endpoint management solutions like ITMS, or ZENworks. I haven't worked with SCCM, but it's like if SCCM was a Ferrari, BixFix is an incredibly tweak-able, tunable, indie car. It can do a lot of cool stuff but you have to tweak it, and you have to know how to use it. 

I would advise someone considering this solution to throw out all of your expectation on how you think things need to work. Throw out how you did things before. Don't try to shoehorn what you did before into a product you might move to because it's probably going to do things better than you did before. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
MP
System Analysis at a healthcare company with 10,001+ employees
Real User
Our upgrades are much more refined than the manual processes we did before

Pros and Cons

  • "The most valuable feature for us is the ability to manage TWS, the relevance is really what sets it apart. Also, using it as a software deployment tool is the key for us."
  • "I'm looking for them to make big web UI improvements."

What is our primary use case?

We use it for patching our AIX servers and we also use it for deploying and up keeping our Tivoli workload scheduler application.

How has it helped my organization?

We've been able to fully automate our TWS installs, to the point where a user requests it and we don't do anything. Also, our upgrades are much more refined than the manual processes we did before.

What is most valuable?

The most valuable feature for us is the ability to manage TWS, the relevance is really what sets it apart. Also, using it as a software deployment tool is the key for us.

What needs improvement?

I'm looking for them to make big web UI improvements.

What do I think about the stability of the solution?

Stability is very good. We've had very little downtime.

What do I think about the scalability of the solution?

Scalability is very good. We're a smaller client in the BigFix realm. We're 4,500 clients around just the servers but it's very good for us.

How are customer service and technical support?

Technical support has been good. When IBM first took over it was kind of rocky but in the last few years, it's definitely improved.

How was the initial setup?

The initial setup was very straight forward and very easy to set up.

What other advice do I have?

I would rate it a ten out of ten. It's very useful, very powerful, and you can do a lot with it. 

I would tell a colleague who's considering this solution to check it out, it's great.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
NU
Technology Engineer at a retailer with 1,001-5,000 employees
Real User
The stability is good overall and provides real-time insight of the endpoints

Pros and Cons

  • "The use of fast query has been extremely valuable providing insight in real time of the endpoints."
  • "The self-service application seems to need some work to replace the client UI. There are a lot of pop-ups if you use a baseline as the object that you're setting to a workstation. Unless you're using web UI, the message is not customizable in the user notification."

What is our primary use case?

Our primary use case is for content automation and application delivery.

How has it helped my organization?

The use of fast query has been extremely valuable providing insight in real time of the endpoints.

What is most valuable?

Reliability of the agent and the ability to troubleshoot actions after they've been taken are the most valuable features. 

What needs improvement?

The self-service application seems to need some work to replace the client UI. There are a lot of pop-ups if you use a baseline as the object that you're setting to a workstation. Unless you're using web UI, the message is not customizable in the user notification.

What do I think about the stability of the solution?

The stability is good overall. 

What do I think about the scalability of the solution?

The scalability seems to be fine. 

How are customer service and technical support?

I have to contact technical support infrequently, which is good. When I have to use them, I do get responses in a relatively timely manner.

Which solution did I use previously and why did I switch?

Our previous solution was extremely unstable. We had a lot of downtime and the inability to reach clients. We ended up choosing BigFix because it was already in an aspect of our organization, and so it was easy to adopt for our endpoints.

What other advice do I have?

I would rate it an eight out of ten. The applications are stable, although at times a little dated on how they display information or how they chunk through information. It's stable and it functions.

The best advice I can give is to reach out to the user community when you're running into trouble. You'll find a lot of the answers have already been asked and answered for you on the forums.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
SL
Security
Real User
Our patch cycles are much faster, they usually happen within a few days or less

Pros and Cons

  • "The most valuable feature is the patching."
  • "I would like to see more emphasis on using the web console, to have the same power as the full fat client console that they do they now. It's a lighter way to log in and it would be faster for our operators to do their work. The console tends to take a long time for a large number of clients."

What is our primary use case?

Our primary use case is for endpoint configuration management.

How has it helped my organization?

Our patch cycles are much faster. They usually all happen within a few days or less.

What is most valuable?

The most valuable feature is the patching. 

It's much more flexible than SCCM. There are more things we can do and especially the cross-platform support is better. 

What needs improvement?

It actually increased network traffic. Microsoft and Apple have incredibly large downloads, so when you're downloading to thousands of machines it's huge.

I would like to see more emphasis on using the web console, to have the same power as the full fat client console that they do they now. It's a lighter way to log in and it would be faster for our operators to do their work. The console tends to take a long time for a large number of clients.

What do I think about the stability of the solution?

It's stable. I've been running it for more than ten years and it's generally pretty good. 

What do I think about the scalability of the solution?

Scalability is very good. It's scaled to our current needs.

How are customer service and technical support?

Their technical support is decent. 

How was the initial setup?

The initial setup was straightforward. 

What about the implementation team?

We implement in-house. 

What other advice do I have?

I would rate it an eight out of ten. 

I would advise a colleague considering this solution to definitely understand what your needs are and see if the product meets those needs. Don't try to shoehorn your needs into a tool.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
 Connie Lamicela
CTO at ESM Technology
Real User
Incredibly fast and accurate in patching, reporting, and remediation

Pros and Cons

  • "BigFix is incredibly fast and accurate in patching, reporting, and remediation."
  • "I would like to see more integration with external data."

What is our primary use case?

Primarily my clients use it for being able to not only patch but also to be able to detect and remediate vulnerabilities in their environment. In addition, to be able to provide an accurate inventory of both the hardware and software of what they currently have deployed.

How has it helped my organization?

Some of my clients have gone from it taking months to be able to get through a patch cycle or to discover what's out there, down to days. A lot of it's been over a 90% improvement.

What is most valuable?

BigFix is incredibly fast and accurate in patching, reporting, and remediation.

What needs improvement?

  • More integration with external data
  • Extending the reporting capabilities
  • Integration with some of the service ticket providers

What do I think about the stability of the solution?

The solution is extremely stable and it communicates very well.

How are customer service and technical support?

Their support is very good. 

How was the initial setup?

We had one of our clients with over 30,000 endpoints, and within two days all of those 30,000 endpoints were installed and reporting back, and they were ready to patch. Installation is fairly simple.

What's my experience with pricing, setup cost, and licensing?

We always were able to get our client the best cost from the vendor, so pricing was not really an issue.

Which other solutions did I evaluate?

We also evaluated Microsoft. BigFix was more accurate in the reporting, the patching, and overall functionality.

What other advice do I have?

I would rate it ten out of ten for reliability, dependability, and being able to get the job done the first time around. 

Try it in a test run, you'll be really satisfied with the results.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
Onyegbule Uche
Technical Consultant at Activedge Technologies
Consultant
Easy to use, cheaper than the value, and there is tons of support from the BigFix community

Pros and Cons

  • "I would advise someone considering this product to go for it. It's easy to use, cheaper than the value, and there is tons and tons of support from the BigFix community. With almost every challenge we have someone who has encountered it, and you will have a solution right away."
  • "To make it a ten they should improve the licensing. Second, if they could have one environment for everything it would be nice. For you to install compliance you need to install the server, and then you add the modules. For you to install inventory you install the server and then you add the modules. It's not easy to do. When I was doing it before I learned it, it was not straight forward."

What is our primary use case?

We use this solution for patch management and software distribution.

How has it helped my organization?

Initially, for the customers that we consult for,  their IT Security and IT Operations units were working in silos, especially with regards to patch management and vulnerability and compliance reporting. BigFix effectively bridged the gap between both teams while providing a single robust reporting interface for both teams.

What is most valuable?

Compliance is the most valuable feature. It allows you to build custom policy checklist while leveraging recommended industry security compliance checklists e.g DISA-STIG, CIS, PCI-DSS

What needs improvement?

Upgrading from an Evaluation license to a production license is not error free. Managed endpoints still gets stuck with the evaluation masthead and as such would not let you execute actions outside the BigFix management client maintenance actions. This needs to be improved

For how long have I used the solution?

One to three years.

What do I think about the scalability of the solution?

It's very scalable. The highest I did was between 9000 to 11,000 networks and I didn't lose any performance with that.

Which solution did I use previously and why did I switch?

I initially onboarded with Microsoft SCCM. The user interface leaves a lot to be desired, performance impact as you go above 10,000 endpoints and also maintenance tasks like setting up of distribution points are not available at the click of a button.

How was the initial setup?

The initial setup is straight forward. I deployed it in around three weeks. I started with installing the servers and the primary relay, then I installed 2 relays per subnet,  made the relays deployment points and then installed the BigFix clients locally from the deployment points.

What's my experience with pricing, setup cost, and licensing?

Compliance, and lifestyle are a bit pricey especially to customers that get SCCM included as part of their ELA. It's makes convincing harder.

What other advice do I have?

I would advise someone considering this product to go for it. It's easy to use, cheaper than the value, and there is tons and tons of support from the BigFix community. With almost every challenge we have someone who has encountered it, and we will have a solution right away. 

I would rate it an eight out of ten. To make it a ten they should improve on the issues stated above

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
Shalva Narayan
Project Lead at a tech services company with 201-500 employees
Real User
Enables us to build a robust infrastructure but isn't user-friendly

Pros and Cons

  • "My company provides support services to a lot of customers and companies. We have reduced a huge amount of man-effort. Along with the man-effort, we have reduced the timeline to fix the compliance and security gaps. We have an unbroken record. The documentation clearly says that we have done the patching of newly released patches, including Microsoft and third-party patches, in up to 80% of the computers, within 72 hours of the release of the production. That was a very massive benefit that we have seen. When I talk about the 80% endpoints, it is 100 or 200. I am talking about 25,000 endpoints."
  • "I would request them to build a robots, or an easier way for integration with the other tools, like ITSM tools."

What is our primary use case?

I have various use cases for this solution. It has many varieties of infrastructure. For example, if you have a very high bandwidth in your network infrastructure, it will work very well. If it doesn't have an internet connection, it also works very well. If you have a lower bandwidth within your offices, it will also work very well. This is lacking in many other tools. 

How has it helped my organization?

My company provides support services to a lot of customers and companies. We have reduced a huge amount of man-effort. Along with the man-effort, we have reduced the timeline to fix the compliance and security gaps. We have an unbroken record. The documentation clearly says that we have done the patching of newly released patches, including Microsoft and third-party patches, in up to 80% of the computers, within 72 hours of the release of the production. That was a very massive benefit that we have seen. When I talk about the 80% endpoints, it is 100 or 200. I am talking about 25,000 endpoints.

What is most valuable?

There are 250,000 endpoint scans that can be handled by one single server. We can build a robust infrastructure within BigFix, which is a feature that other tools are lacking. Second, you can customize the tool. We can use the tool according to how we need it. By using IBM BigFix, we can get whatever we need done. All tools will have limitations but when compared to other solutions, BigFix has significantly fewer limitation. In terms of scalability, the limitations are in the data transfer from the main server to the regional servers, or regional endpoints, or the end users. It provides various aspects to what is endpoint protection management.

What needs improvement?

The first and foremost thing that I would like to see improved is the insight into the right-click menu context itself. The second thing is that IBM has sold IBM BigFix to another company. That's negative feedback that we can give them. For the next quarter, BigFix will not be a part of IBM. That's another drawback that we are going to see. 

I would request them to build robots, or an easier way for integration with other tools, like ITSM tools.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

When it comes to stability, it is very stable and it has a robust infrastructure.

How are customer service and technical support?

I have a good grip on this solution so I don't need to contact technical support for anything. 

Which solution did I use previously and why did I switch?

When considering a solution the criteria we consider are the features, whether the specific tool provided by that vendor will cater to our services or our requirements. Second, we look into the credibility of the OEM. Third, is the cost.

How was the initial setup?

The initial setup depends on the network infrastructure. Sometimes it will be very easy to implement, and sometimes it may become complex. I did the entire solution implementation in four hours but I took almost four months with another implementation because of the complexity. Sometimes it's straightforward, sometimes it's complex.

What other advice do I have?

I would rate it an eight out of 10. It has great scalability and customization. It also has one console that can be used for many endpoint management tasks. I deducted two points because BigFix is not a brand that you can just use. It is not very user-friendly. You need to have some training before you use the tool.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
UK
Information Security Analyst at Cleveland Clinic
User
Patch management makes it easy for out-of-band and in-band patching

What is our primary use case?

  • A central engine for endpoint posture improvements
  • Excellent compliance reporting with customizable dashboards
  • Scalability and expandability support any heterogeneous environment.

How has it helped my organization?

BigFix has helped us in improving the overall endpoint posture and lifecycle management of the workstations as well as applications.

What is most valuable?

  • Compliance reporting is the best.
  • Patch management makes it easy for out-of-band and in-band patching.
  • Inventory correlation with third-party tools.

What needs improvement?

  • Complex design and administration
  • Offline management
  • Remote support on unsupported platforms
  • A large infrastructure required to implement for a medium-sized organization
  • Also, I would like to see if BigFix could be application aware for more in-depth compliance and reporting.

For how long have I used the solution?

One to three years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Nirmal  Kumar
Talent Acquisition Executive at a consultancy with 1,001-5,000 employees
MSP
It helps us manage over 25,000 workers at our work stations. Sometimes there is a lag time for this product.

What is our primary use case?

My primary use case for this solution is for department management. It helps us manage about 25,000 individual workers, who are all at work stations.

How has it helped my organization?

The product is less costly when compared to other solutions, and this is a good solid solution for what we have paid.

What is most valuable?

It is very flexible, and very user-friendly.

What needs improvement?

I would like to see a system to erase a virus and then create an analysis to find a virus. This would be a nice additional feature for the product. In addition, sometimes there is a lag time for our users.

For how long have I used the solution?

More than five years.

How is customer service and technical support?

The technical support was pretty…

What is our primary use case?

My primary use case for this solution is for department management. It helps us manage about 25,000 individual workers, who are all at work stations.

How has it helped my organization?

The product is less costly when compared to other solutions, and this is a good solid solution for what we have paid.

What is most valuable?

It is very flexible, and very user-friendly.

What needs improvement?

I would like to see a system to erase a virus and then create an analysis to find a virus. This would be a nice additional feature for the product.

In addition, sometimes there is a lag time for our users.

For how long have I used the solution?

More than five years.

How is customer service and technical support?

The technical support was pretty good. The response time was good.

How was the initial setup?

I did not find anything difficult in the implementation process.

What about the implementation team?

When selecting a vendor, I think it is important to consider whether the product is going to be a long-term product. And, we also need to provide the best solution for the department.

What's my experience with pricing, setup cost, and licensing?

It is cheaper than other solutions on the market.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
YB
AVP, aPaaS Engineer at a financial services firm with 10,001+ employees
Real User
The product is complicated to use, but the plugin development options are great
It has plugins development options, which are great. However, the product is quite buggy and complicated to use.

It has plugins development options, which are great. However, the product is quite buggy and complicated to use.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Ravi Khanchandani
Founder Director at Techsa Services Pvt Ltd
Reseller
Top 5Leaderboard
A single tool for patch compliance, security compliance & software compliance of an entire compute infrastructure

Pros and Cons

  • "Patch Management for a variety of operating systems makes it valuable as we can rely on a single tool for obtaining patch compliance of the entire compute infrastructure."
  • "Relay selection and availability needs improvement as an incorrect relay selected can cause network chokes."

What is our primary use case?

How has it helped my organization?

Patch compliance has improved. Using software distribution, the software distributed in the environment has been standardized. With the same software versions across the environment, compatibility issues have come down with a reduction in helpdesk tickets arising out of different software versions. There is also a check on software assets by means of implementing the software inventory module and a great deal of software compliance has been achieved.

What is most valuable?

Patch Management for a variety of operating systems makes it valuable as we can rely on a single tool for obtaining patch compliance of the entire compute infrastructure. This also ensures that we do not need to have different skills for different OS patch requirements.

What needs improvement?

  • Relay selection and availability needs improvement as an incorrect relay selected can cause network chokes.
  • Client reporting to the console is a minor issue but definitely needs improvement.
  • Reporting needs to be enhanced with maybe a simple GUI based report generator with drag and drop features to create a custom report. The current mechanism is a bit clunky by use of filters.  

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

It is very stable.

What do I think about the scalability of the solution?

No scalability issues. We have customers ranging from 250 endpoints to over 100,000 endpoints.

How are customer service and technical support?

Customer support is excellent, but involving customer support and crossing the initial hurdles of getting past the first level of support personnel sometimes takes a while. But once it lands with the right support people the support is excellent. Level 1 support from IBM definitely needs improvement. 

Which solution did I use previously and why did I switch?

No other tools were used.

How was the initial setup?

The setup is pretty straightforward provided you have planned well for the deployment. Know the environment well prior to deployment: The architecture needs to be drawn up prior to deployment. Plan the deployment of main server, database server, BigFix application(s), relays, console, and finally the deployment of clients.

What about the implementation team?

We are a BigFix vendor. We rate ourselves as excellent subject matter experts. Given the exposure and experience of handling fairly large deployments on Bigfix, we have gathered vast knowledge in the Patch, Security & Software compliance space.

What was our ROI?

ROI is pretty quick if you consider Security & Software Compliance as your primary use cases as Patch Management and Software Inventory Management. It has worked out to be under six months in many of our deployments. You may not be able to directly attach a ROI for security, but given the fact that Bigfix has been able to address many vulnerabilities that arise out of non patching makes Bigfix a compelling investment

What's my experience with pricing, setup cost, and licensing?

Plan well to ensure you have a stable and scaleable deployment. If you have a need for many use cases: Patch Management, Software Distribution, Remote Control, OS Deployment, Software Asset Management, Vulnerability Management, Security Compliance, and Server Automation, make sure you prioritize your requirements before deployment. You should go about meeting the requirements in phases, not try and burn the entire ocean.  

Which other solutions did I evaluate?

No other products evaluated.

What other advice do I have?

Get started with BigFix.

Disclosure: My company has a business relationship with this vendor other than being a customer:
SrinivasMurthy
IT Operations Manager at a tech services company with 10,001+ employees
Consultant
Patch compliance reached 100%, but needs to improve Internet-based client management

Pros and Cons

  • "Patch management, because it very much improved the patch compliance and has the capability to manage Windows and non-Windows clients."
  • "Needs to improve Network Access Protection (NAP) technologies to prevent computers with vulnerabilities from gaining access to networks."

What is our primary use case?

Server management patch management and software deployment, where we have multiple platforms, such as Windows Servers, Linux, Unix, etc.

How has it helped my organization?

  • Patch compliance reached 100%.
  • Patch management, because it significantly improved the patch compliance.

What is most valuable?

Patch management, because it very much improved the patch compliance and has the capability to manage Windows and non-Windows clients.

What needs improvement?

  • OSD and other features listed in SCCM, like desired configuration management
  • Internet-based client management
  • Offline patching of virtual machines
  • Network Access Protection (NAP) technologies to prevent computers with vulnerabilities from gaining access to networks.

For how long have I used the solution?

One to three years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user763842
Manager of Outsourcing Projects Department & ISO20000, ISO27001, ISO22301 Management Representative at a tech services company with 501-1,000 employees
MSP
Software deployment in distributed environments, as it provides control over compliance and saves time

Pros and Cons

  • "Vulnerability scanning and patch automation."
  • "There is no support for patch management on SLES on IBM pSeries (only the Intel platform is supported)."

What is most valuable?

Vulnerability scanning and patch automation.

Also, software deployment in distributed environments, as it provides control over compliance and saves us a lot of time.

How has it helped my organization?

Before an internal IT team performed all these activities manually, which took time and did not guaranteed full control over compliance. These activities required access to a corporate network via LAN, because VPN often generated errors. 

Now, the process is centrally controlled, reported, and has an independently formed location (also over Internet).

What needs improvement?

There is no support for patch management on SLES on IBM pSeries (only the Intel platform is supported). This should be improved as soon as possible. It is a stopper for us to roll-out BigFix to all datacenter servers (500+).

For how long have I used the solution?

About three years for PCs and one year for servers.

What do I think about the stability of the solution?

No issues.

What do I think about the scalability of the solution?

No issues.

How are customer service and technical support?

There was a technology consultant available in Poland, who was very helpful, but recently he has left and no one has replaced him.

Which solution did I use previously and why did I switch?

Yes, Itelligence Germany uses HP automation and we had a pilot implementation.

How was the initial setup?

We have complex requirements.

What's my experience with pricing, setup cost, and licensing?

We offer BigFix as a service for our datacenter hosting customers.

Disclosure: My company has a business relationship with this vendor other than being a customer: IBM partner.
it_user765258
Rational Architect, BigFix & MobileFirst Protect Technical Presales at a tech services company with 1,001-5,000 employees
Reseller
The architecture for patching and the 100% correct reporting makes it stand apart from other solutions

Pros and Cons

  • "The architecture for patching and the 100% correct reporting makes BigFix stand apart from other solutions."
  • "The new EDR (Endpoint Detection and Response) feature, Detect, is new and still needs a few updates."

What is most valuable?

Patch is a given and it is the flagship feature since the late 1990s. The architecture for patching and the 100% correct reporting makes BigFix stand apart from other solutions. Software Distribution is another powerful and strong feature that automates deploying software and saves a ton of time. The BigFix framework also gives you the ability to remove software and updates files, like configuration.

How has it helped my organization?

Patching is completed usually within a day or two. 98% of the endpoints are patched in the first pass no matter if they are all the corporate or traveling.

What needs improvement?

The new EDR (Endpoint Detection and Response) feature, Detect, is new and still needs a few updates. This is close to being a great addition to help when an attack has occurred.

For how long have I used the solution?

Five years.

What do I think about the stability of the solution?

No stability issues. If relays are not configured correctly, then this can cause a performance issue. An occasional health check is needed to ensure the solution is running at peak performance.

What do I think about the scalability of the solution?

BigFix can scale up to 250,000 endpoints on one server.

How are customer service and technical support?

The deep technical resources are very good and can isolate an issue very quickly.

Which solution did I use previously and why did I switch?

We started with SCCM and decided to switch because of inaccurate reporting, limited OS support, and we were unable to patch remote endpoints.

How was the initial setup?

Initial setup is very simple. With the Web User Interface, it makes the learning curve very short.

What's my experience with pricing, setup cost, and licensing?

I would stay with the Managed Virtual Server license model, which is a 1-to-1 license per OS whether it is virtual or physical.

Which other solutions did I evaluate?

Yes. SCCM, LANDESK, Altiris, and Tanium.

What other advice do I have?

You will not be impressed with the looks of the reports, but they are accurate. The BigFix.me forum is a great place to learn from others.

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
it_user765255
Senior Desktop Engineer at a tech services company with 501-1,000 employees
MSP
Allowed us to proactively seek out issues as well as quickly react to issues and target only computers which needed fixes

Pros and Cons

  • "Ability to run custom reports and custom relevance."
  • "We need a much better multi-tenant option."

What is most valuable?

Ability to run custom reports and custom relevance.

How has it helped my organization?

It allowed us to proactively seek out issues as well as quickly react to issues and target only computers which needed fixes. It was very easy to streamline down to what was needed.

What needs improvement?

We need a much better multi-tenant option. 

We had 60 plus divisions and there was no real way to effectively give those people the help at the division sufficient rights within the console to see just their responsibilities. We wanted Bob at one of our divisions to have console access and only be able to manage his computers. We were not able to find a way to effectively do this. They had a web console that did not really handle our needs. 

My current company is a consulting firm. If they had a better way to have multi-tenant access, this could be a product that could potentially do great good for us. As it was, when I last used it, it would not work for us without setting up a new instance for every customer we manage. Not really effective for our needs.

For how long have I used the solution?

I have used it for about four years.

What do I think about the stability of the solution?

Yes, occasionally we did.

What do I think about the scalability of the solution?

Yes, we did find some “quirks” and had to get creative, but we were able to work within the solution to streamline transfer speeds to not saturate networks between sites when synchronizing enormous install packages to our relays scattered around the country. Also, we could not easily scale the management to multiple tenants as we hoped and as we were able to do with other products in the past.

How is customer service and technical support?

I didn’t have to deal with them much. Others did. We frequently found that we were bringing solutions to them.

How was the initial setup?

I did not do the initial setup.

What's my experience with pricing, setup cost, and licensing?

This was not my responsibility.

Which other solutions did I evaluate?

I was not the decision-maker here.

What other advice do I have?

It is a great product. Spend some time really learning about the capabilities and how things are organized within the product. Then, spend some time really planning your structure and how the organizational groups should play out. It will make things a lot easier down the road when you need to send something to just one area of your business. Unfortunately, it is usually after a product is implemented that we truly understand how to best implement for our environment.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user676362
Senior Consultant at a tech services company with 10,001+ employees
Consultant
Provides a single pane view into the entire environment.

Pros and Cons

  • "Pre-packaged support for many third-party applications such as Adobe, Google, Mozilla, Sun (Java), WinZip, and others."
  • "IBM has not focused on the Web Reports capabilities."

What is most valuable?

  • Patching support: IBM BigFix supports most of the major OSs with natively packages patches. This includes Windows, MacOSX, Oracle Linux, Solaris, AIX, RedHat, Ubuntu and others.
  • Pre-packaged support for many third-party applications such as Adobe, Google, Mozilla, Sun (Java), WinZip, and others.
  • Near real-time view of the environment. Most systems will report their current patch state within 15 minutes.
  • The IBM BigFix console provides a single pane view into the entire environment. This also provides a common interface for taking actions, such as patching, to any operating system with a similar look and feel.
  • Ease of installation, maintenance and troubleshooting. IBM BigFix is one of the easiest tools to install for an Endpoint Management tool, especially compared to IBM’s predecessors and Microsoft’s SCCM. As an example, the first time installing IBM BigFix in my lab with about 10 systems took approximately one hour from start of installation to applying OS patches. IBM BigFix is also very easy to scale by adding new relays. The design is flexible enough to be able to “add as you go” without having to perform a major architectural review.
  • For troubleshooting, the log file structure is very simple, as most files are in the same place and have a standard format.
  • Adding new components such as IBM BigFix Compliance or IBM BigFix Inventory does not require new agents to be installed. By enabling the content, by clicking on a hyperlink in the License Management Dashboard, and taking action with a couple packages, the infrastructure is ready to start gathering more information.
  • Reporting capabilities: With the IBM BigFix console, I am able to quickly provide information to any group. With the use of the IBM BigFix Web Reports, I am able to design reports that I can save and provide to users to execute when they desire. These reports can also be scheduled to run and email the users.

How has it helped my organization?

Our primary use for IBM BigFix is around patching and reporting on Microsoft Windows servers. We are also using the reporting capabilities for patching state on AIX, Solaris, and Red Hat Linux. These reports are being presented to the Safeguards groups and are being used to report MSA compliance for our server environment.

IBM BigFix has provided our Windows server team more flexibility for scheduling the deployment of patches in their environment which has caused them a lot of issues in the past. Also with the near realtime reporting, the server teams know the state of their environment right away. We have also been able to see where patches are failing to install on systems that previously were assumed to have been installed. This has identified many systems that were thought to be in compliance, that were not.

Some other useful information that we are able to gather with IBM BigFix:

  • Currently logged on user(s)
  • Servers in pending restart state
  • Hardware and software information
  • Symantec Endpoint Protection state (client version, signature version, etc.)
  • Installed MSSQL databases

We gather a lot of other information too. Although all of this information is available in other sources, with IBM BigFix, we are able to bring all of this into one console view which can be used for filtering and reporting.

We have also linked IBM BigFix into ServiceNow’s CMDB to “brand” systems with CMDB data. This is also useful for filtering, grouping, and reporting.

We have used IBM BigFix to develop software packages to deploy new versions of Symantec Endpoint Protection, Microsoft SCOM agents, Flexera agents, and others.

The most recent task that came up was the deployment of the MS17-010 patch to address the “WannaCry” malware. With IBM BigFix, we were able to quickly identify out of compliance systems and remediate them and validate the successful completion of the installation.

What needs improvement?

IBM has been heavily focused on adding and improving features to the tool, especially with new components like IBM BigFix Detect. While all these new features are great and provide useful information, IBM has not focused on the Web Reports capabilities. This is not to say that the Web Reports is bad, but at this time, it is currently the weakest part to me. IBM has also introduced the BigFix Web UI, which is a start to addressing the web based reporting. I believe that this is going to be the direction to modernize the web reporting capabilities along with providing a web based console.

For how long have I used the solution?

We have used this for seven years.

What was my experience with deployment of the solution?

No. Deployment of the server, relays and endpoints is very simple especially compared to other products that I have worked with.

What do I think about the stability of the solution?

I have not had any issues that were due to the product itself. I have had issues that are user related, such as admins using incorrect installer in DMZ, and other external issues that impacted IBM BigFix, but not the product itself.

The installer for the BigFix agent is comprised of an MSI and a file called masthead.afxm, which is the file that contains configuration information such as the BigFix Server host name and a key. With only these two files, the agent has to be able to communicate with the BigFix Server on port 52311. If the agent cannot communicate over this port, it will fail to register and will never connect to the BigFix Server. In order to get around this, a file called clientsettings.cfg is included to configure the agent to talk to a different BigFix server called a relay. This relay would have the ports open to allow communication between the agent and the BigFix server. This is a very standard practice for devices in secured networks. So even though I have provided this install method and the users have been provided documentation, it still seems to get missed once in a while. Here is an article on this http://www-01.ibm.com/support/docview.wss?uid=swg21505838

At a site I worked at a while back, the user insisted that every support tech, help desk person and server admin be allowed to have console access to the BigFix infrastructure. This ended up being about 350 users which is way more than they had in other tools and it was strongly recommended that they do not do this and we only give it to people who were trained and would actually use it. This leads to issues with people not using the tool correctly (lack of training) and not understanding the tool. As part of the administrators for the tool, there was no way for us to provide training to the 350 users. This again is not a tool issue, but a process issue.

Couple other external issues we have seen that impacted BigFix

- Proxy issues stopped content from being downloaded to BigFix server

- SAN issues caused performance problems. BigFix can be very I/O intensive, so degradation in I/O can really bottleneck transactions and console performance.

I am sure I could think of a couple more, but usually these are not tool issues, just user/process problems.


What do I think about the scalability of the solution?

There were no issues with scalability. When we added more systems then originally scoped, all that was needed was a new relay. Since our IBM BigFix server is on a VM, we also added two CPUs and more RAM (currently at 16GB).

How are customer service and technical support?

IBM Support has been pretty good. For the most part, solutions are provided quickly (couple days), but I have had one that required more analysis and it took a couple weeks. I also find that using the user forum (forum.bigfix.com) is also very useful as some of the IBM BigFix support people are there along with very knowledgeable users.

Which solution did I use previously and why did I switch?

At the current site, they were using WSUS to patch the Windows servers and native tools for the AIX, Red Hat, and Solaris environments. Although these tools were “doing the job”, there was no easy reporting capabilities out of any of them. SCCM was also used in the Windows server environment at one point, but due to a major issue that was caused, it was removed from the servers.

For the extra data that IBM BigFix collects, there are other tools that provide the information, but required logging into the different tool consoles to gather and then manual consolidation.

How was the initial setup?

IBM BigFix is one of the easiest client management tools to install. Once the operating system and database are installed and configured, installing the IBM BigFix server takes about 30 minutes to complete. After that, enabling content (Windows, AIX, etc., patching) takes a couple minutes. Once this is ready, deploying the agents can be done with a client deployment tool provided by IBM. This tool is capable of deploying to Windows and non-Windows systems. To deploy to one system will take about two minutes, but the tool is capable of parallel deployment, so deploying to 20 systems would take about five minutes. We were able to deploy about 400 Windows agents in a morning.

What about the implementation team?

This was implemented in-house.

What was our ROI?

We estimate the ROI to be about 6 months, possibly less. The reason for this is the standardized reporting for all the platforms that we support. Each OS tool had capabilities to report on the patch compliance, but none were the same and some were very manual. We were also able to produce more timely reports as the process was simpler in BigFix. We used to only provide annual reports which could take a couple weeks to get all the data into a similar format. Once we standardized on the format, we now have reports that can be generated at any time within a few minutes.

Also our patching process is fairly standard across the various OSs. Once setup, the methods to deploy a patch is very similar for each OS.

With our new process, we have also reduced the number of "manually" patched servers as we have more flexibility for scheduling.

What's my experience with pricing, setup cost, and licensing?

IBM BigFix comes with many different packages depending on the functions that are required. IBM BigFix Patch is the most basic package which provides the ability to patch almost any operating system with many third-party applications. It also provides the capability to create custom content such as software packages (called Fixlets), inventory scans (called Analysis) and create custom reports. All of the other IBM BigFix packages also provide patches.

When purchasing, buying with other IBM tools provided us with a very good discount in pricing. Also since we were deploying to a highly virtualized environment, the use of RVU (Resource Value License) was very beneficial for us.

Which other solutions did I evaluate?

We evaluated SCCM. This was already in-house, but not desirable by the Windows team. It also did not support the non-Windows platform (at least not to the extent that BigFix does).

What other advice do I have?

IBM BigFix is simple to implement and can quickly provide insight into the environment. By looking for “pain points” that the various groups have, IBM BigFix can be used to quickly assist.

As an example, the Windows server team would at times leave themselves logged into a server which would cause account lockouts. They did have PowerShell scripts to detect this, but they took a while to report back and if the system was behind a firewall, they would not see it.

By using IBM BigFix, we were able to collect this information (default data collection) and present it in the console. Another example was identifying systems in a “Pending Restart state”.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user763848
Project Engineer at a tech services company with 10,001+ employees
Consultant
This tool offers the capability to bundle a script ahead of patching, so maintenance and the corresponding patching is a click of a button

Pros and Cons

  • "In terms of vulnerability management, it gives tough competition by providing a single management console with multiple benefits."
  • "The tool should be more friendly in terms of Web UI and should be having better vulnerability scanning mechanisms so a third-party application is not required to fulfill that aspect."

What is most valuable?

I have been using the patch management and server automation feature of this product. In terms of vulnerability management, it gives tough competition by providing a single management console with multiple benefits. Customization as per the requirements is one of of best it offers and almost any form of scripts and any OS can be supported for those customization.

How has it helped my organization?

The automation aspect has surely reduced the manual efforts leading to diverting those into other productive areas. Instead of manually bringing down any application prior to maintenance, this tool offers the capability to bundle a script ahead of patching, so maintenance and the corresponding patching is just a click of a button.

What needs improvement?

The tool should be more friendly in terms of Web UI and should be having better vulnerability scanning mechanisms so a third-party application is not required to fulfill that aspect.

For how long have I used the solution?

I have been using the product for almost five years and have explored quite a lot with respect to its utilization and benefits.

What do I think about the stability of the solution?

The tool has been quite stable. It has improvements within each version, which have made it become better and more powerful.

What do I think about the scalability of the solution?

No issues. It can well support clients, even if it is more than 100,000, easily and efficiently.

How are customer service and technical support?

The support from IBM is good. It sometimes takes them a while to identify and come up with a workaround which can impact the environment.

Which solution did I use previously and why did I switch?

Not really, I have been using multiple tools like BigFix/SCCM/Tanium for vulnerability remediation/inventory management. I never really switched from any other tool, but used them in parallel for different projects.

How was the initial setup?

The setup is pretty straightforward, if you have a good knowledge about the geographical spread of your clients, so the relays are appropriately mapped.

What's my experience with pricing, setup cost, and licensing?

Understand the requirements and the amount of use before choosing it. If you are just managing Windows machines with the regular MS released updates, than WSUS might be a cheaper and more viable solution. If you are looking forward to a single tool with third-party vulnerability remediation and in-house customization, then this is product is good to go.

Which other solutions did I evaluate?

SCCM was an option at one point, but we zeroed in on BigFix due to the customization possible.

What other advice do I have?

It is a niche tool with good exposure to required customization and automation, but still requires quite a lot of expertise to handle in comparison to its competitive tools.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user687204
BigFix Solution Manager at a manufacturing company with 10,001+ employees
Vendor
Software distribution and patch management are the most valuable. Patch management is the native first usage of this product.

Pros and Cons

  • "Software distribution and patch management are the most valuable."
  • "The console interface is not friendly, and requires training before using it in production."

What is most valuable?

Software distribution and patch management are the most valuable. Patch management is the native first usage of this product. Bulletin and Security Update are ready to use. Software deployment is fast and the product can be tuned for poor bandwidth network.

How has it helped my organization?

This product has massively reduced the wasted time for a technician to deploy or upgrade a security patch or a software version. With only one technician, you can deploy a large application in less 24 hours (Office, SAP, AutoCAD) in all your computers worldwide. We have used this product to upgrade Office 2000 to 2010 and now Office 365, for 80,000 users.

What needs improvement?

The console interface is not friendly, and requires training before using it in production. The levels of permissions are too complex to share the product with other teams. The technician must have all permissions to work easily. There is no web interface.

For how long have I used the solution?

I have been using BigFix for three years.

What do I think about the stability of the solution?

We had problems with stability from the first use. There was network bandwidth outage when we deployed a huge application or a lot of security patches. This problem was solved by specific client settings and their management, and some changes to the architecture of the product.

How are customer service and technical support?

Customer service and technical support people have a high level of knowledge. The forum and knowledge database are very interesting and up to date.

Which solution did I use previously and why did I switch?

I previously used Symantec Altiris v6.5. We stopped using this product because the maintenance cost of the hardware infrastructure was too high. This solution requires high numbers of servers, as opposed to IBM BigFix.

How was the initial setup?

The initial setup was straightforward. Installation was easy and a basic configuration is enough to start to work locally in the same network. But it is more complex when you need to deploy it worldwide.

What about the implementation team?

Our implementation was done through a vendor partner team. My advice: choose a partner with real experience on this product. The settings and design of this product are not complex but require a great deal of experience to adapt it to your IT ecosystem.

What was our ROI?

I cannot reply about ROI.

What's my experience with pricing, setup cost, and licensing?

I can estimate the reduced cost of servers maintenance to approximatively $500,000.

What other advice do I have?

During deployment and design of this product you must involve the services that will use the product. You have to change the mindset (concept) of your team if you used another product in the past.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user634896
Senior Systems Engineer at a tech vendor with 1,001-5,000 employees
Vendor
Being able to see inside every asset that we have and finding those assets are valuable features.

What is most valuable?

  • Being able to see inside every asset that we have
  • Finding those assets
  • Being able to deep dive and pull reports of any kind that we want
  • Customizable

If we're looking for some data that is not there natively, we can make it appear in our reports.

How has it helped my organization?

We get audited quite a bit because of PCI compliance. There are a lot of requirements that we have to meet on our endpoints to reach that certification for the compliance. BigFix allows us to see the data and remediate those vulnerabilities quickly and easily.

What needs improvement?

Providing information about areas with room for improvement is tough. I recently attended a roadmap session, and they're pretty much addressing a lot of the stuff we have.

I would like to see more automation, and that's the name of the game. That's our world: automation. I would like to see a way in which we could simplify things even further, so it would be almost like automation on top of automation. It's kind of a funny idea.

But if you have a solution to patch things, then we're going to automate the patching. That makes sense. Then we're going to automate the automation. That's pretty impressive.

When you look at the console of the tool, it is very basic. But basic can be good, too. Too much information is just going to convolute anything. It is just all text-based and it's kind of ugly, but you don't need it to be pretty either.

What do I think about the stability of the solution?

The stability is great. Any product that can basically run itself, requires minimal intervention, and is self-healing is a great tool.

What do I think about the scalability of the solution?

The scalability is even better because all you have to do is just whip up another server, and boom, you can support another thousand clients. And that takes a whole five minutes.

How are customer service and technical support?

It's been a few years since we used technical support, but we got direct contact from an engineer right away. He was not just a sales guy, but an actual engineer who came in and worked with us. That was good.

Which solution did I use previously and why did I switch?

Currently, we have our solution and we put in the BigFix solution. It was all because of the PCI compliance. We got a new security team in and they were completely focused on PCI. The previous solution didn't quite meet the requirements that made it easy. Now with BigFix, it's a lot more straightforward.

How was the initial setup?

The first setup was complex. The second time was much simpler, when we knew what we were doing.

The first setup was kind of wedged in and we had a very small time frame. It was a brand new tool that we didn't know much about. We also didn't know that we had engagement support available to us. That is why the second setup went smoother.

What other advice do I have?

You've got to do a proof of concept and a proof of technology. Get it in there and see what it can do. But more importantly, as you're putting it in, see how quickly you can do it and then see how easy it is to remediate those vulnerabilities. You'll be amazed.

When it comes to selecting a vendor, it's got to be brand. You have the big names: Microsoft, Oracle, IBM, and all that good stuff. But price has to be considered as well. If you can get a great product at a good price, it's very important.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user634935
Infrastructure Solutions Architect at a healthcare company with 10,001+ employees
Vendor
We use it to automate Windows and on AIX boxes to automate patch installation and OS upgrades.

What is most valuable?

It eases automation. We have been using it to automate Windows. We are currently using it on our AIX boxes to deploy patches; basically, to automate patch installation and OS upgrades.

How has it helped my organization?

It saves time and reduces human error. We are still experimenting with more of its features, such as how we can roll back some of the patches that we have already installed and so on. It definitely looks good.

What needs improvement?

We use it on the AIX. I think it worked fine. I work on the AIX and we are still in the testing period, so it would be interesting to see, if there's an issue with it. But, the team that does most of the automation thinks that it should work fine. Because they didn't see any issues with Linux, they don't see any issues with the AIX either.

Maybe, if they could provide a better GUI, it would be a nice thing to have.

What do I think about the stability of the solution?

Stability is good.

What do I think about the scalability of the solution?

We're using it on Windows and have used it on Linux. It worked well on Linux and now, we are actively moving to test it on the AIX.

Which solution did I use previously and why did I switch?

We were using HPE Server Automation, which we were formerly using to automate most of the Linux patching. We were using HPE SA for our automation. It automates but it doesn't have the feature as to where we can back out the patches that were pushed and BigFix offers that to us.

In my opinion, trust and reputation are the most important criteria when selecting a vendor. IBM is known for that.

What other advice do I have?

Definitely, without any hesitation, I would recommend that you should implement and use it. Try it out!

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user634920
System Engineer at a wireless company with 5,001-10,000 employees
Vendor
Provides consistency and hits all of our endpoints.

What is most valuable?

Being able to hit all of our endpoints is the most beneficial feature of this solution. It mainly gives us a lot of consistency. For example, with the previous product that we were using for endpoint management, we were getting like 70-80% completion on most tasks. With BigFix, it has moved past that and we're now achieving 98-99% completion.

How has it helped my organization?

It just streamlined the whole process, because it allows us to manage everything from one endpoint solution. It's reliable. So, we never had to spend time with the senior technicians for circling back to remediate all the ones that it missed.

What needs improvement?

Probably, there is need to just expand the WebUI and make it a full management console and really deprecate the Windows-based command console. They should definitely update the web reports to make it up to the executive level, something I'd actually want to show them, i.e., instead of having to rebuild everything outside in Excel.

In brief, it needs to expand the WebUI, get more granular permissions and then just getting web reports, that are on par with the year we're in.

What do I think about the stability of the solution?

We just ran into something, during the last update of version 9.5.3. We're still trying to figure out, if it was the update or not. But, we've had a couple of issues recently with some different things and as to how it's running, as far as the permissions go. Other than that, it has been great.

Which solution did I use previously and why did I switch?

It goes back to reliability. I was in this company before they started using BigFix. We broke it over and over on our old endpoint system and it was just getting to the point where it wasn't even saving us time anymore. That's how we knew we had to invest in a new solution.

How was the initial setup?

For us, initial setup wasn't complex because we are a fully owned subsidiary of a company that already had it all built out. Basically, they just added us in. For us, it was super straightforward, just like a simple click.

Which other solutions did I evaluate?

We looked really heavily at LANDesk; they offer a similar product. We ultimately ended up going with BigFix, because of its pricing. Being a subsidiary, we were able to jump on our parent company's license and get a volume license for the enterprise, versus having to going out and get our own solution.

There are so many things that I look at before selecting a vendor. The biggest ones are just honesty and a proven concept. We don't like to spend a lot of time sitting around the table, talking about what it can do, rather I want to see it, do it. So, those hands-on demos are a live proof of concept in our environment and that is what we always try to strive for.

What other advice do I have?

Be careful. It's a super powerful tool. It can be unforgiving, i.e., if you do some of the things wrong, it can be a nightmare. There are a couple of things that we've learned in our environment, especially with the APIs and some of those things that can be devastating, if they're done wrong.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user634818
IT Security Analyst at a tech services company with 10,001+ employees
Consultant
The most valuable feature for me is being able to reach all systems at once

How has it helped my organization?

I'd probably say it's a great asset for inventory management. You don't know, especially in our environment, where everything is and it just appears. Then you can track down what belongs to whom, for inventory purposes.

There is some complexity, a learning curve, but overall it's a great product. I have and will recommend it to anybody.

What is most valuable?

The most valuable feature for me is being able to reach all systems at once.

What needs improvement?

I would probably just say the user interface and the web portal option. They came up with a GUI interface to use on the web, so it's very user-friendly. It's good for your lower level operators. Maybe a little more up-to-date interface would be better. It still has an older interface on the console.

What do I think about the stability of the solution?

Stability is great.

What do I think about the scalability of the solution?

With regards to scalability, it's come a long way. I've only been working with it for about two years, and in those two years, it's evolved so much.

How are customer service and technical support?

The technical support is always good.

How was the initial setup?

I wasn't involved in the initial setup for this company.

Which other solutions did I evaluate?

Price and support were the most important factors we considered. I wasn't actually involved in this setup so I don't know which other professional endpoint security companies were on the shortlist.

What other advice do I have?

It's great if you're looking for an all-in-one inventory management, patch management and security tool. Now they have also added Detect, which is an awesome response tool. It's almost getting to a one-stop shop solution for inventory and patch management and automation.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
ITManagebec3
IT Manager at a hospitality company with 10,001+ employees
Real User
We use it for planning a lot of distributions.

What is most valuable?

The most valuable feature of this solution is real-time recording.

How has it helped my organization?

We use it for planning a lot of distributions and we get results immediately, so as to see when it's being deployed.

What needs improvement?

We would like to see enhancement of the web UI.

What do I think about the stability of the solution?

The stability is great.

What do I think about the scalability of the solution?

It scales well, this is a great product.

How are customer service and technical support?

We have used technical support, we went through all of that. They're wonderful and have been really helpful. We're good now because of them.

Which solution did I use previously and why did I switch?

We did a proof of concept, looked at the other competitors and after scaling all of them on a matrix, IBM ended up being the best option for us.

The most important criteria while selecting a vendor are the product's stability, relationship with the support team, salesperson and technicians.

How was the initial setup?

The setup was very complex. It was very bumpy and we had network issues. But, they worked with us and we are happy now.

What other advice do I have?

Talk to us, see what are your challenges and go for it!

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user634893
Senior System Admin at a tech vendor with 1,001-5,000 employees
Vendor
The solution has improved our compliance levels overall.

What is most valuable?

Near world PCI compliance and patch. We share the modules that we own for BigFix. So, those are the most important.

How has it helped my organization?

Our compliance levels - i.e. our compliance percentage has improved.

What needs improvement?

Simulators could be introduced.

None that I can think of. It does what we purchased it for. So, there isn't really anything that I can think of to add to it.

What do I think about the stability of the solution?

It is very stable. Streaming, of course, will do it.

What do I think about the scalability of the solution?

I manage and control the relays and everything, so it's easy to put new relays up and configure them.

How are customer service and technical support?

The technical support is usually pretty good. However, I had a ticket that stayed open for a couple of weeks which I didn't get a response to. Then when we got the response it wasn't really good. So they could have told me sooner than two weeks.

Which solution did I use previously and why did I switch?

We did an audit. A PCI audit. We were looking for reliability. Also cost and support were considerations.

How was the initial setup?

I did the initial setup, it's fairly straightforward.

Which other solutions did I evaluate?

I wasn't part of the evaluation of other products.

What other advice do I have?

Definitely look at BigFix to consider it as a solution.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user634902
Assistant VP at a tech vendor with 10,001+ employees
Vendor
The most valuable feature for me is patching, because it's helped me to make sure I am always compliant.

What is most valuable?

The most valuable feature for me is patching, because it's helped me to make sure I am always compliant. It's completely transparent. I can take care of what I need to do because BigFix is doing the patching by itself.

How has it helped my organization?

It is always taking me to the right level of security compliance.

What needs improvement?

Maybe they could introduce a preview of what is going to happen next, because generally what the project is doing is just asking you to execute some actions. I'd like to see a pop-up which says you are expected to do this or that and then I can decide if I have to do that today.

What do I think about the stability of the solution?

I never had problems, so I think it's highly stable.

What do I think about the scalability of the solution?

I don't know about scalability because I'm not using it for a larger scale.

How is customer service and technical support?

I haven't used the technical support.

How was the initial setup?

I was not involved in the initial setup.

Which other solutions did I evaluate?

For me, the perception that I can see in the market about stability, quality and all those kinds of things is important when selecting a vendor. Cost is definitely also a criteria.

What other advice do I have?

I would advise them to just do it.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
ITCS user
Senior Implementation Analyst at a tech vendor with 1,001-5,000 employees
Vendor
The most valuable feature of this solution is its ease of use.

What is most valuable?

The most valuable feature of this solution is its ease of use.

How has it helped my organization?

It improves the productivity of our organization, by helping the technical guys in our team.

What needs improvement?

We would like to see more of the extended reporting feature. It would help the technical teams, so as to drill down into the reports further.

What do I think about the stability of the solution?

The stability is good.

What do I think about the scalability of the solution?

Scalability is also good.

What other advice do I have?

This solution is giving us the results that it's meant for. You should definitely take a look at it. The most important criteria while selecting a vendor are the reliability, cost and technical support.

What is most valuable?

The most valuable feature of this solution is its ease of use.

How has it helped my organization?

It improves the productivity of our organization, by helping the technical guys in our team.

What needs improvement?

We would like to see more of the extended reporting feature. It would help the technical teams, so as to drill down into the reports further.

What do I think about the stability of the solution?

The stability is good.

What do I think about the scalability of the solution?

Scalability is also good.

What other advice do I have?

This solution is giving us the results that it's meant for.

You should definitely take a look at it.

The most important criteria while selecting a vendor are the reliability, cost and technical support.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user634929
It Compliance Specialist at a leisure / travel company with 10,001+ employees
Vendor
The endpoint management capabilities provide vulnerability assessment, compliance, and make sure that they are up to date on multiple platforms.

What is most valuable?

The most valuable features are the endpoint management capabilities of what you can actually control on your endpoints, as far as vulnerability assessment, compliance, and making sure that they are up to date on multiple platforms. One single-user-stop-shop is really awesome.

How has it helped my organization?

A benefit is being able to do it from a single place; whether it's Windows, Linux or Solaris, the user interaction doesn't change for the operators. We can teach one on Windows and one on Solaris to do the same thing. For them it's very simple, because it all looks the same. That why I dig it.

What needs improvement?

Scalability is big for us. To be able to scale faster and quicker, with more people coming in. Probably, more of a cloud initiative presence would be good, possibly as a SaaS, that would be amazing. Yeah, I think that's what we are looking for.

What do I think about the stability of the solution?

Stability is solid. Very, very solid. We rarely have issues and if there are, it was usually due to old architecture issues, but we've taken care of that and since then, we really haven't had any.

What do I think about the scalability of the solution?

Scalability could be better. I know they're improving it. They are talking about it. They preached about it a lot at a recent IBM conference, specifically. We are kind of looking forward to that.

How are customer service and technical support?

Technical support is getting better. About five years ago, it was horrible. Over the last couple of years, it's gotten better; more engagement and more knowledge transfer, it seems like, to the first-tier level support for IBM.

Which solution did I use previously and why did I switch?

I came into the company and it was already there. So, I'm not sure about previous solutions.

How was the initial setup?

I was not involved in the initial setup.

What other advice do I have?

It is a highly effective tool if you're cross-platform. It really gets the job done simply.

I really do dig it. I had worked with it previously, got a different job, not using it. After a little bit I came back and just looked for a job that was still using the BigFix tool. I sought out jobs specifically looking for it.

Knowledge of the tool is important when selecting a vendor. Anyone can come and take you out to lunch, or wine and dine you. That's fine, they all do it. But to be able to have someone walk up to you and know how the tool actually functions is most important to me. I don't know which vendors were evaluated.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user634833
Admin at a tech services company with 10,001+ employees
Consultant
It has one central location to manage all the different platforms that we have.

What is most valuable?

It's easy to manage. It gives me great power over the devices that I manage with very little effort, compared to other products. With other products, it takes a lot more effort just to do the same kind of work.

How has it helped my organization?

It has one central location to manage all the different platforms that we have such as desktop, Windows Servers, Linux Server, Solaris, AIX and zLinux. It's great to be able to manage them all from one central location.

What needs improvement?

The feature that I would like them to implement is for the command line and I know this is probably against the design. We come from the command line and sometimes, you want to talk to the agent in real time. Seems like now with the new BigFix CLI, it's heading in that direction. It's something that we've been craving for, because sometimes you want to just talk to this agent and not have to wait. You just want to discuss things with them and get the result back. That will be great. Still, you have to dance around and probably do some voodoo in order to get that data back. We come from the old framework, in which you send a command and get your return back. This kind of power is gone in BigFix, but we love all the other stuff.

What do I think about the stability of the solution?

Usually after upgrades, you have some hiccups but they're manageable. It's kind of common between products, after upgrades; either it is a learning curve or it could be a bug and then it's fixed in subsequent patches. So, nothing out of the ordinary, but it scales well.

What do I think about the scalability of the solution?

This solution scales well.

How are customer service and technical support?

I use the technical support for stubborn kind of issues, that won't go away. However, not as much as for the other products. They're very knowledgeable and it sounds like a different breed with the IBM support.

Which solution did I use previously and why did I switch?

Actually, we had all the tools and we pulled them out, after which we went to BigFix. The reason why we chose this solution is because the government paid for it.

How was the initial setup?

The setup is very easy. I usually have to tell them how hard it is, but then I can do it within a day. So, this is also a very big feature.

What other advice do I have?

This product is extremely easy. If you've never implemented this type of three-tier architecture tool, then you don't know it. But, for anybody who has carried out such an implementation before, it is very straightforward.

Support is the most crucial criteria while selecting a vendor, because when things hit the wall and everybody's heated and trying to finger-point, you want someone that have the backbone to say, "We'll take care of it." IBM can do that. They never try to say, "No." They take the heat really well and they control it. Big corporations are looking for that kind of security that the company can provide and they're going to put as much resources as needed, so as to get the problem solved.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user634815
IT Specialist with 5,001-10,000 employees
MSP
Enables us to handle data from other vendors with the scale for our servers.

What is most valuable?

For me, BigFix is my virtual operator, and the capabilities BigFix actually brings to our servers to do everything. I don't need a personal operator. I can reach out to our partners for the solution.

How has it helped my organization?

BigFix enables us to handle data from many vendors with the scale for our servers, improving our performance.

What needs improvement?

We are looking for better images for third-party operations like article databases, for example, other article application servers, and the SAP applications. We appreciate that BigFix can produce a better image for everything on a single product.

Also, the web console could be improved as we need to use it more than the desktop console.

What do I think about the stability of the solution?

I believe the solution is very stable and we have never had an outage of the solution. Communication with our agents is always well-synchronized. Stability is very nice.

What do I think about the scalability of the solution?

It is scalable. We have, for example, 7000 servers communicating with only three or four structured servers on the BigFix environment and it responds very quickly for everything we do.

How is customer service and technical support?

We usually use the technical support for some troubleshooting when we have a specific problem with agents because in an environment with 7000 servers, we have a certain rate of problems which are specific problems, not general problems. Every time, the support attends to us quickly and the success factor is high.

What other advice do I have?

See if the solution has good capabilities for them and if the solution can communicate well. Integration with many vendors is necessary.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user634923
Infrastructure Security Ops Manager at The Walt Disney company
Vendor
The most valuable feature for me is the multi platform which is customizable so we're able to do API integration throughout our entire network.

What is most valuable?

The most valuable feature for me is BigFix's multi platform. It's customizable and we're able to do API integration throughout our entire network.

How has it helped my organization?

We're able to to implement automation and reduce touch labor for level one technicalities so we're able to free up more manpower to take on more difficult tasks.

What needs improvement?

  • I would like to see it go to the cloud. I want to see it as a management service.
  • For us, we basically generate our own API documentation. So I think more API integration would also help.

What do I think about the stability of the solution?

We've had no problems, it's a very stable solution. It's very well supported and has a big forum of users. So you always have a resource to reach out to.

We've actually fixed the patching by improving our patch application by almost 60%. We went from applying 6,000 patches manually to 34,000 on average a month.

What do I think about the scalability of the solution?

It's very scalable. Extremely scalable. Customization is always a big issue for us so we're always able to grow with it.

How is customer service and technical support?

We've used technical support many times. They have great support. We've had international support. We've been on calls with Poland, Ireland, Germany and all our technical experts in the USA.

How was the initial setup?

I wasn't involved in the installation process.

Which other solutions did I evaluate?

When choosing a vendor we think that knowledge of our market place is key. The Walt Disney Company is unique in the environment so we need someone who understands that we work in different ways than a lot of other companies. This also applies with regard to product scalability. We need growth, I don't need to be working with one product in a silo.

What other advice do I have?

I would really encourage them to look into it and take a look at its abilities and think of it as a platform and not just a patching mechanism. Some people think BigFix is just patching. It's a lot more than that so I would ask them to look at the bigger modules.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user634926
Senior IT Manager at Technology Brands
Real User
The most valuable features for us are scalability and reliability.

What is most valuable?

The most valuable features for us are scalability and reliability. Hands down.

How has it helped my organization?

My organization came from a product that was not nearly as reliable. It was causing failures across our infrastructure and across our enterprise. Switching to BixFix has alleviated that to a great degree.

The other part is it's now allowing our company to think ahead how we can incorporate other pieces of BigFix that other solutions don't have integrated natively. So we can get five or six product sets out of BigFix as opposed to just a single product set on a solution that didn't even work to begin with.

What needs improvement?

IBM dropped what's called BigFix Detect on us here at Interconnect this year. That blew our socks off because we had just completed signing a contract with a software that does almost the exact same thing called Carbon Black. So we came here and noticed that they're putting a Carbon Black type solution into BigFix. I will be curious about how that particular application develops over time and into the future. I'd like to see them continue to scale that out.

A major feature that I think they need to add to Detect is application whitelisting. That will be incredibly important. If they can get that I might be able to convince my company to start using that.

What do I think about the stability of the solution?

Stability is excellent. It doesn't crash, it can handle whatever we throw at it. It does a good job with that. Other solutions that we've had haven't panned out that way.

What do I think about the scalability of the solution?

Scalability is excellent. There are people here who are using BigFix in much larger deployments than what we have. We're not small by any means but we're also not the largest out there. We know we can trust with confidence that we'll scale up well over time.

How are customer service and technical support?

We haven't had to use the technical support at all.

Which solution did I use previously and why did I switch?

We were using a different solution before this and we outgrew it. My company has gone through a period of hypergrowth and we went from handling just a few years ago 60 stores with maybe 500 endpoints in them, to 1600 stores now with tens of thousands of endpoints. So we knew we needed a new solution because the one we had just kept breaking, over and over.

How was the initial setup?

I was not involved in the initial installation.

Which other solutions did I evaluate?

For myself as a manager who makes business decisions like selecting a vendor, there needs to be a level of trust and a level of partnership where I can go back to this vendor and actually get support and help if we need it, when we need it. Interconnect has been a great resource for that. So there's got to be that trust level there, absolutely.

I will never push a product I don't believe in. So I have to see that it works. I would argue the same is the case for anyone above me in our business or enterprise. We don't want to work with vendors whose products are half-baked. They have got to work.

So we ended up with IBM because we are partnered with GameStop and they were already using the product and saw that it worked. So we didn't formulate a shortlist off the bat. We said let's try GameStop's product and see how well that works for us, and then if it's not working we will go out and make a shortlist. So we didn't have to do that, fortunately.

What other advice do I have?

The advice I would give is not to be turned off from the learning curve. There is a little bit of a learning curve to it. But that learning curve is there for a reason and the talent that goes into actually using BigFix properly takes a little while to tune, but that is what makes BigFix so powerful. That being said, as a result of that you're going to get reliability and scalability and a much faster response time than probably most products out there.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Tony Trama
Director of Security Solutions at a tech services company with 51-200 employees
Real User
It allows for a thin infrastructure that can be exploited by the customer for multiple purposes.

What is most valuable?

The most valuable features of the BigFix solution are integration with a single agent and that the customer can deploy the Inventory module, the Lifecycle Management module, or the newly announced BigFix Detect Security module. That's really valuable because it allows for a very thin infrastructure on the end point, that the customer can exploit for multiple purposes.

How has it helped my organization?

It represents to a customer a very strong and quick ROI, so the investment and value becomes very positive early on. There is a higher level of security and awareness, along with a very high level of control at the end points.

What needs improvement?

The one feature that I would have like to see included (I know it is coming in the next release), is the block function of the newly announced BigFix Detect module.

In my opinion, the products are on the right track and we've had great success with them.

What do I think about the stability of the solution?

Stability has not been an issue at all.

What do I think about the scalability of the solution?

There have been no scalability issues.

Which solution did I use previously and why did I switch?

The most important factor while choosing a vendor is how much profit we can make after selling the solution. Secondly, how successful could I make the solution in the marketplace. The third factor would be the level of support from the provider.

What other advice do I have?

Just do it!

Disclosure: I am a real user, and this review is based on my own experience and opinions.
DataSecu4c81
Data Security Officer at a healthcare company with 10,001+ employees
Real User
It helps maintain our environment, so all of our systems are patched and up to date.

What is most valuable?

I believe that the agent on the endpoint is very powerful. It can do a lot. It can patch, it can get information on the asset, and it's just a very powerful tool.

How has it helped my organization?

It helps maintain our environment, so all of our systems are patched and up to date. It also helps provide security settings to the endpoints as well. We can also push out applications and different settings.

What needs improvement?

They're actually adding some of the features that I wanted, such as detecting, which allows us to fix things remotely. If there's a security issue, we could actually stop the security issue in its tracks. I think they need to polish up a little bit, and it seems like IBM is now finally starting to invest money into the solution. I think that's going to help its brand name.

What do I think about the scalability of the solution?

The product is very scalable, but it can also be very complex. If you don't set things up right then you could have problems. You just need to know what you're doing.

How are customer service and technical support?

Technical support has sometimes been very good, and sometimes it's been not so good. It just depends. I would say that in tier one sometimes they know, sometimes they don't, but then once you go up to tier two or tier three they're definitely experts in their field.

Which solution did I use previously and why did I switch?

Previously we were using the Microsoft solution, Windows Software Update Services. That's a very all or none solution which is not as granular. Regarding BigFix, I like that I can push out updates to systems within their patch window and make sure that they're complete and done within that patch window.

How was the initial setup?

The setup could be simple or it could be complex. It depends on your environment.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
DM
Server Systems Engineer
Real User
It's easy to use, gives you great visibility into your environment, customization of your reports, and the community of users that you can pull experience and knowledge from.

What is most valuable?

I like the overall usage of it. It's easy to use, gives you great visibility into your envionment, customization of your reports, and the community of users that you can pull experience and knowledge from. So that's one of the main advantages for using BigFix.

How has it helped my organization?

It has definitely improved our patch process, being able to create compliance reports and hand those to management, executives and so on, and making the overall procedure of managing assets, managing end points, patching endpoints, etc. It has just made everything pretty easy.

What needs improvement?

It's not perfect, but it's close. There are some things here or there, for instance if you get down to the small details, such as if you could deploy and action it a different way, or you selected multiple endpoints and then from there, selected a right-click and deployed something from it, instead of the normal way etc.

If you could select one particular endpoint, look in the applicable fixlets, and then deploy an action from there, it would be helpful.

Of course there are many ways to achieve these aims, and you can't satisfy every possible little change here or there for everybody, these are just things that we've talked about or thrown out there in our environment.

For how long have I used the solution?

I have been using the solution for almost two years already.

What do I think about the stability of the solution?

We haven't encountered any issues with stability.

What do I think about the scalability of the solution?

We haven't encountered any issues with scalability.

How are customer service and technical support?

I've used technical support quite often at times, when either having a small issue, or just trying to set something up new and different, and I've always had great experiences with support. They always either call me back, or email me back, or set up a WebEx to work through an issue. So I've had great experiences with support.

Which solution did I use previously and why did I switch?

I haven't used a previous solution as such. I worked at a previous company, moved to the current company I am employed at now, and saw the process and how different it was.

Coming from a company that utilized BigFix, I knew that there was a better way here, and I pushed hard to get BigFix implemented. They went on my recommendation, spent the money, and we have it in place. It's been in place for almost two years now.

How was the initial setup?

Regarding installation, I needed help from either support or our actual business partner or vendor. As I was just an operator previously, I never had to set it up from scratch. Actually it was pretty easy. Of course I had help, I had support, but it was nothing that was too difficult to do. Everything went seamlessly, went smoothly, and like I say we have been thoroughly enjoying it for the time we've had it.

What other advice do I have?

Just do it.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
MS
Leads Systems Analyst at a transportation company with 10,001+ employees
Real User
Its extensibility is valuable

How has it helped my organization?

Patch management: We've gone from hideous to amazing.

What is most valuable?

The most valuable feature is the extensibility of the tool. We're able to implement solutions through available APIs and custom solutions. We're able to provide services quickly. We're able to provide services completely.

What needs improvement?

A lot of my suggestions have already been submitted through RFEs; some of them involve inspector enhancements in the end point. We've got enhancement requests on the BigFix Inventory side. I know that it's not quite as mature a product as BigFix is.

What do I think about the stability of the solution?

I think the current tool is fairly robust. We have ways of breaking it, though.

What do I think about the scalability of the solution?

We're pushing the limits of the tool. We've got over 250,000 devices in our environment; probably one of the larger customers. There are a few that are larger. But we're also doing a lot with the tool that I think other customers aren't. We're doing software distribution as well as patch management. We're also doing inventory and software usage analysis. I don't know of too many other customers that are doing that.

How are customer service and technical support?

Technical support depends on who you get. I deal with some amazing support folks, and then I've dealt with some less-than-amazing support folks.

Which solution did I use previously and why did I switch?

Our previous tool was the predecessor to BigFix, Tivoli Configuration Manager. We were entitled to migrate from TCM to BigFix, so it was kind of a no-brainer.

How was the initial setup?

I was involved in the initial setup. It was very straightforward. The implementation was pretty easy.

Which other solutions did I evaluate?

BigFix was on our short list before they were IBM. We decided against them because they were a small company, even though their solution was better than some of their competitors. Management knew it was too much of a risk to go with BigFix. When they finally became IBM, again, it was a no-brainer because they were on the top of our list of vendors satisfying the feature requirements and now they had the backing of IBM, so it made sense.

We looked at Alteryx. We looked at Microsoft SCCM. SCCM was a big competitor.

I don’t have that many criteria when selecting a vendor.

What other advice do I have?

The advice that I would give depends on the problem that you are trying to solve. I spoke with a number of people at an IBM conference (users looking for a high-end endpoint security software who were potentially going to install BigFix), and they had nothing but good things to say about the tool and the people supporting it.

It's a well-developed tool, supported by people who are passionate about it.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user634956
Lead Compliance Architect
Vendor
The most valuable feature is its flexibility and the fact that there's one agent that allows you to do different things.

How has it helped my organization?

It gives us one tool that allows us to patch our systems, so we don't have multiple tools to patch our systems. We have one tool that allows us to patch multiple platforms, as well as inventory and provide insights on all of those different platforms. Also, we're currently using it for automation, so it's helping us innovate in all of those platforms, for us to look for new things and also address problems in real time. We're using it more as a platform more than we are as a tool.

What is most valuable?

I think the most valuable feature is its flexibility and the fact that there's one agent that allows you to do a lot of different things. We use it for compliance, primarily patching. Also, it becomes our master source collector for most of our information. We take that information and feed dashboards. It also helps us make decisions, so some of that has to do with compliance, as what our targets are; what we need to address, such as vulnerability leaks and that type of thing.

We also use it for inventory, like our source data. It feeds a lot of our dashboards. We actually take data from all over our company from other source systems and combine that with our BigFix data. It gives us insights on different areas that we need to target and challenges that we have that we wouldn't normally see just with one tool. We basically use it as our master source and then, from that, it helps us provide a source of truth.

What needs improvement?

I would like to see more multithreading, which I understand comes, clustering and we may end up doing some container-related work with Bluemix and lead some of that effort to allow us to scale on demand. Because there are times when you have a zero day and with our size and scale – we have a very large relay environment – it'd be nice to be able to scale on demand but as an enterprise, see it as one relay instead of several hundred. We'd like to be able to see everything be more integrated in the universe of BigFix with other tools. It seems like that's the direction it's going, in their original vision of having a single-agent type of approach, but we'd also like to remove some of the complexity by having more clustering and DR capabilities built in to the tool.

What do I think about the scalability of the solution?

We have had scalability issues because we bend the laws of the physics for the tool. For some of our reporting needs, we've had to go and take our databases and put it in big data, only because we have so many different environments that we don't have one single pane of glass way of taking all of our environments and comparing it all together. We have to take the data outside and then still leverage the tool inside to give us all of the feeds, so that we can have one enterprise view across all of our different instances. That's just because of the number of machines that we have. It doesn't allow us to just take advantage of one environment.

How are customer service and technical support?

I have used technical support. In fact, I at one point managed the technical side for the same customer. I was part of the strategic outsourcing, so I was with the customer, then I supported the customer on the IBM side and then I came back to the customer's side to help them innovate using that same tool and the same support team I used to manage. So, it was full circle.

I am happy with the support team. Actually, there are some challenges from time to time, only because our needs are a little bit more complex because of how complex an organization and how large we are. Our needs are a little bit more than the average company. We've been able to work through those challenges and become more on the innovative leader side of the tool, which also helps us to get better support because now we're going from the bleeding edge of trying to get our organization to address problems to leading the industry charge, hopefully. Maybe next year with what we're trying to do with BigFix, we might be able to present some of our findings.

How was the initial setup?

I was not actually involved in the initial setup because we've had it for over ten years, but I've helped transform it from being a tool into a platform. The technical part of that transformation was not very complex. It was more of the internal challenges, getting support, and more the political side was a little more difficult than the technical side.

What other advice do I have?

Understand where your focus is going to be. Then, based on your focus, start moving in that direction and then, don't get so myopic with your focus that you don't see the capabilities it can provide, where it can become a universal tool to help you solve a lot of problems and potential endpoint security risks. You don't want to compete in your organization with other tools that provide the same capabilities. Consolidate your efforts into BigFix and get rid of those competing tools. Put the money into the support, the services and the innovation it provides.

Openness and honesty are the most important criteria I look for in a vendor. What are the shortcomings of the tool? What are some of the challenges that others have had with the tool and how have you been able to overcome those challenges?

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user634917
Systems Engineering at a retailer with 10,001+ employees
Vendor
With Inventory Services, the speed is key.

What is most valuable?

For me, Inventory Services is heavily used in our environment. The patch management suite, I would say is the second, and very important for us to ensure that we are maintaining our PCI and SOX compliance for the company I work with. In addition to that, we have server automation that we use, security and compliance module, lifecycle management, and OSD. So all of those things are really important for us.

How has it helped my organization?

Clearly, with Inventory Services, the speed is really key. In retail, we need answers very, very quickly. Other competitor products (which we do have in house) just don't compare.

What needs improvement?

Web reports. The interface for web reports is still pretty basic, and really hasn't changed in the seven years that we've had the product, so that would be one thing that would be really nice.

I really don't know that there's really much more that can be added that's already not currently in the pipeline, or currently exists.

What do I think about the stability of the solution?

It's been stable. I've used the product for seven years and I haven't had an issue that has brought things down. So it's been very stable.

What do I think about the scalability of the solution?

Scalability is also really great. We have a very small client base in comparison to what we could potentially do, so scalability is wonderful.

How is customer service and technical support?

In the seven years, I think I've submitted maybe four to five problems. That's it. Response time has always been good.

Which other solutions did I evaluate?

When we're selecting a solution, we want a vendor that we can trust, that is on top of it, on point, and thorough.

What other advice do I have?

I would say I would give it a nine. Only because as I stated earlier, web reports, if that were to improve, I'd give it a ten. There's always room for improvement.

Really understand what your environment is like. Make sure that your network team is engaged with all of that.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user631689
Systems Engineer at Carolinas Healthcare System
Vendor
Every PC that we have has to come in, and this product records it, adds software to it and also inventories it.

What is most valuable?

The most valuable feature of BigFix is the ability to manage all the clients that we have in our environment. So, every PC that we have has to come in and BigFix aids in all that so that we can record it, add software to it and also inventory it. So, just having that ability to see everything and inventory everything helps everybody from the technical aspect, to know what's on the PC; especially when it needs to be reimaged.

How has it helped my organization?

One of the improvements is the patching process and being able to get security patches out. We have 50,000 PCs in our environment and are able to patch those PCs in a relatively quick timeline.

What needs improvement?

Dynamic messaging needs improvement because one of the things that we deal with a lot is the messaging when pushing releases out. I know that there is a message we can display, but it's post-installation. On the post-installation, we have to either check on the PC or reboot the PC. We just want to be able to have a static message and to be able to take an action at any time, as well.

Documentation is always key. I like simple documents and also being on a team with a small amount of people. There is a lot that can be done with the product, and it needs good documentation to where you can see how the different pieces of the product interact with each other and what they can and can't do; but on a layman’s level.

What do I think about the stability of the solution?

It is very stable. We haven't had any issues on any downtime that inhibits our ability to get things out, so it's been pretty stable.

What do I think about the scalability of the solution?

It seems to be very scalable. We went from roughly 24-25,000 assets to 50,000 PCs in five years. So, we're looking to grow and it seems like it's very capable to handle what we have in store.

How are customer service and technical support?

Support is very awesome. Every time we have needed something from technical support, they have been on top of everything with a very quick turnaround in the issues that we've had with the product.

Which solution did I use previously and why did I switch?

We were using an old IBM solution framework solution and some custom scripts that we had built around the framework solution to do our software distribution. When BigFix came along, we went right into the BigFix framework.

When choosing a vendor, one thing that is always critical is, how much does it cost? It needs to be cost effective. Support is also one of the things that we look for. We have a small team so when we are looking at vendors, we want to know if they provide any training. Also, can any kind of training dollars be rolled into the product or can experts come on site to train? We also want to hear customer feedback about how the company or the product are doing at another company's site that is similar to ours.

How was the initial setup?

I was not involved in the initial setup. A coworker of mine actually set it up and got it going, and I came in on the back end. Right now, I'm actually going to be taking that over.

The setup was straightforward. I don't think it was too complex. I know that we have some complexities with the way some things are set up in our environment, but the product itself is pretty straightforward.

What other advice do I have?

If they are able to get it into the environment and run some type of proof of concept and be able to kick the tires a little bit, that would be the best way go with any product.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user573
Tech Support Staff at a non-tech company with 501-1,000 employees
Vendor
Great for deploying software packages or computer configurations

Valuable Features:

Easy to use. Dynamic to the needs of the company.

Room for Improvement:

There is limited support or assistance when creating new deployment tasks.

Other Advice:

New tasks require significant time investment; however, once the tasks are in place it makes upgrading or installing software extremely easy. The software is dynamic enough that there is very little that you cannot manage remotely.

Valuable Features:

Easy to use. Dynamic to the needs of the company.

Room for Improvement:

There is limited support or assistance when creating new deployment tasks.

Other Advice:

New tasks require significant time investment; however, once the tasks are in place it makes upgrading or installing software extremely easy. The software is dynamic enough that there is very little that you cannot manage remotely.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free BigFix Report and get advice and tips from experienced pros sharing their opinions.