BigFix vs. SCCM

As of April 2019, BigFix is ranked 1st in Configuration Management with 39 reviews vs SCCM which is ranked 2nd in Configuration Management with 8 reviews. The top reviewer of BigFix writes "Provides a single pane view into the entire environment". The top reviewer of SCCM writes "Enables us to set up schedules, according to security needs, to automate server and desktop patching". BigFix is most compared with SCCM, Ansible and Tanium. SCCM is most compared with BigFix, Ansible and Quest KACE Systems Management. See our BigFix vs. SCCM report.
You must select at least 2 products to compare!
BigFix Logo
24,692 views|12,454 comparisons
Read 8 SCCM reviews.
33,439 views|20,653 comparisons
Most Helpful Review
Find out what your peers are saying about BigFix vs. SCCM and other solutions. Updated: March 2019.
333,928 professionals have used our research since 2012.
Quotes From Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

It's enabled us to have a highly successful endpoint patching program for the past decade. It's been enormously successful there. It's also become a core part of many of our business processes, from compliance monitoring of endpoints, encryption management, key escrow, and local administrator password escrow. It's built into our inventory. It's very much everywhere.Servers are patched more consistently than they have been previously.Being able to intelligently create reports, gather data, export CSVs and give that to the leadership of some of the client groups that my team supports has helped my organization.We are able to use BigFix through API connections to automate and reduce resources and time. The product's been great for us. It's increased the security posture ten-fold and it's increased our visibility across our endpoints enormously.BigFix has drastically reduced the maintenance window period to patch and reboot servers.Prior to BigFix we used Altiris, which was distributed. We had to manage multiple servers, and duplicate the tasks that we did on each server. BigFix tremendously reduced the amount of work that we had to do on each server in a centralized manner. We could minimize the work that we had to do, and we had a lot more control over the tasks and what machines they ran on.It allows us to quickly deploy capabilities that we need, whether it be security or non-security. We use it to keep systems up to date, deploy new drivers, find the information we need in the case of security incidents. The capability allows us to gather a lot of information very quickly and it also allows us to have a centralized reporting feature and a centralized deployment capability which is nice.Before we had BigFix, we had problems with some malware. BigFix allows us to immediately patch all instances of endpoints that were vulnerable to antivirus and initiate scans. That's key.

Read more »

It is a good choice for deployment that performs very well.It saves a lot of money when you can install things automatically and they are installed the exact same way on every computer.There is a faster time to rollout. If we get a new PC, it can be ready for productivity right away.With the SCCM inventory, we found a lot of rogue applications. We were able to identify them, find out who was running them, and either put them on our application list or remove them.It gives us the ability to set up schedules, according to what our security requirements are, to automate the patching of our servers and desktops.What's valuable is the basic management of the systems, being able to control who can access the systems.You can remote control or RDP. That has been the most valuable because we can go into one console and can get to anything we want. Instead of going to all these different consoles, we centralized everything.With the right administrator, application deployment can do wonders.

Read more »

Around the scalability concern, I would like to see the ability to run teamed, clustered, or hierarchical root servers, in order to provide a more robust, high availability system. The single monolithic root server model does somewhat bother me.I would like to see the integration of user security between the different products to be improved. There's separate security for compliance, separate security for web reports, and the console, and you have to manage those things separately.The stability is generally pretty good. The one thing that we came across is the battle between load on endpoints and load on our servers and relays versus how quickly, effectively and reliably actions can be taken. I'd like to not have to take an action on a system while I'm working with someone and then have to say whether something will happen between five seconds or thirty minutes from that point.I would like to see API connectivity, built-in API connectors to the standard toolsets, whether it's for your ServiceNow or your Qualys. More API connectivity to make it easier to integrate to other tools.I would like to see a web UI SDK so we could take what is provided currently and be able to build our own customized web UI for particular customers that want to sell service.I would like to see for it to be a little easier for new users to be able to learn and create relevant statements. In my opinion, that's the hardest part for bringing on new people that haven't had BigFix experience. Being able to have easier ways to build relevance in ActionScript would be the biggest improvement I'd like to see.The scalability of the web UI product doesn't scale to the size that we need for our implementation so it needs to expand. I would also like to see the capability to develop on the back of the web UI capability. There are lots of web features and integrations that we could do with web UI that it would be nice to be able to put on top of what's already there, rather than waiting for IBM to develop what we need.I want to see a solution for being able to deploy automated software to a Mac running OS X 10.13, something that's going to deal with kernel exceptions and answering prompts for user permissions for data folders and whatnot. They need to really streamline and automate the Mac software deployment.

Read more »

The setup was complex and I faced a lot of problems initially because I was new to the solution.Our company would prefer not rebooting computers while people are using them. There seems to be no strategy behind it.Marketing: Our management doesn't understand that there is a piece of software which helps them automate and manage the entire network, as far as operating systems on computers.Troubleshooting in general needs improvement. There's just a ton of logs to go through, and so finding the error log that corresponds with that you're doing can sometimes be difficult.There is a reboot issue with the patching. Sometimes, if patching runs into any issue whatsoever, it doesn't reboot but it doesn't tell you it errored out. It just sits there and we don't find out until the next day whether it patched or not. That was a big issue for us. We're working through that. They added some stuff in there now where you can actually tell reboot is pending. But we still need some kind of notification that if something fails or is pending, we know. We shouldn't have to go in and look. They don't have anything for that right now.Their compliance reporting is not accurate, and they admitted it on the phone when we had a call with them. We were trying to understand why their numbers didn't match on our compliance reports. It is not accurate and you cannot depend on the compliance reports. The numbers just don't match, and we can't figure out why. We called Microsoft and they said, "Yeah, that's a known issue." But there is no word that they're working on it.There's no way to say, "I want this maintenance window to be on the second Tuesday of the month." It's strict. This window is this and that's it. You can't fluctuate.As far as load balancing across, they don't have that support yet, so that you can actually build multiple primaries and have it load balance across. They don't have any of that functionality yet. That would be a nice feature, to scale that way.

Read more »

Pricing and Cost Advice
Compliance, inventory, and licensing are really pricey. They should lower the price. It discourages users from getting onboard.The product is less costly when compared to other solutions, and this is a good solid solution for what we have paid.I would stay with the Managed Virtual Server license model, which is a 1-to-1 license per OS whether it is virtual or physical.When purchasing, buying with other IBM tools provided us with a very good discount in pricing.I can estimate the reduced cost of servers maintenance to approximatively $500,000.

Read more »

SCCM comes with its own version of SQL Server. If you use that SQL Server with SCCM and don't use it for another applications than you get an SQL Server for free.Overall, I think it's fine. It's pretty much in-line because there are ways to offset it with the Office 365 licensing.Pricing and licensing are a downside of SCCM. It's expensive. I'd have to confirm this, but I think they changed the licensing to core-based instead of socket-based. It's not cheap, because you have to buy the software, you have to buy SQL. Another thing we learned from talking to Microsoft is that they provide you a license for SQL if you run it on the same box as the primary server. If you run it outside that box, you have to buy SQL. Microsoft does recommend you running it on the same box because of performance. But then, in order to run SQL, SCCM, and everything on the same box, you better have some resources. It's an expensive solution. There's no doubt about it.Pricing and licensing are horrible. You have to not look at dollar value to use SCCM. It's super-duper expensive but it works. The acquisition cost is expensive, it's labor-intensive. But it works.

Read more »

Use our free recommendation engine to learn which Configuration Management solutions are best for your needs.
333,928 professionals have used our research since 2012.
Answers from the Community
Rhea Rapps
Onyegbule UcheConsultant

SCCM is good for managing windows endpoints but it uses WMI which is a headache and has slower reporting. it also has limited support(in most cases none) for Unix/Linux based OS, and third-party vendor applications.

if you're a very large environment, SCCM becomes a headache when you try to scale over 10,000 endpoints

The upside is that if you're a heavy windows environment, SCCM can be the ideal way to go, but if you plan on introducing different OS, you should consider BigFix.

SCCM can be free with the enterprise version of windows,

With IBM BigFix, you have support for over 90 different Operating systems, and over 9000 application vendors and over 250,000 third-party applications. and can roll out patches and achieve compliance in minutes and hours.

BigFix uses an intelligent agent(with local inspectors) and a relevance language for making sure that only the correct patches are applied to an endpoint and complete granular visibility into an endpoint (e.g applications installed, processes running, hardware information, etc)

With BigFix setting up distribution points has become much simpler and it can be done simply from the console. no extensive configuration is necessary.

When it comes to scalability, a single BgFix server can manage up to 250,000 endpoints.

The downside to IBM BigFix is the learning curve to it, its a bit high.

23 March 18

I am going to talk about IBM BigFix and Microsoft SCCM.

SCCM is a Windows dedicated platform for OS Confguration Management. It is powerful for managing Windows environments but very limited for managing UNIX environments (in particular OS provisioning, patch management, audit, compliance, remote control, etc.). It doesn’t integrate well with mixed Windows -Linux/ Unix setups and .

IBM BigFix, formerly Tivoli Endpoint Manager (TEM), is powerful for managing all OS (Windows, UNIX, VMware ESX, Linux, OSX) and for daily tasks and activities (remote control, patch management, software distribution, OS deployment, compliance, audit, reporting, network access and protection)

Both of them have their own inventory database and use Master-slave architecture (agent should be installed for both of SCCM and BigFix managed nodes).

If you are going to manage more Windows than UNIX systems, so it is better to use SCCM. If your main focus is to manage different OS using GUI and command line, I would recommend to use BigFix. It is flexible and offers many features and functionalities that help administrators automate and orchestrate infrastructure with few clicks rather than do it manually and lose more much time fixing and fixing issues.

Talking Licensing model, SCCM is more expensive than BigFix.

For those who are interested, there are also other tools that manage infrastructure and OS (Ansible, Puppet, OO, SA, etc.).

21 March 18
Martin CarnegieConsultant

As a couple people have mentioned, understanding your requirements would help to point you in the right direction.

One person above made the comment "SCCM isn't just for patching like BigFix". Just to be very clear BigFix does all of the same stuff as SCCM, but the usual entry for BigFix is the Patch Management. BigFix does have inventory, software distribution, OS deployment for Windows and Linux, Compliance (very extensive).

If you were just interested in Windows OS deployment, I might point you to SCCM, but the OS deployment from BigFix has improved quite a bit, so it is a good product also.

For setup, I can 100% tell you that BigFix is way easier. Getting an infrastructure up and running with the BigFix server and say 200 clients is about a 4 hour job. By the end of the 4 hours, BigFix can show you the patch status for any systems checking in and this is not just Windows. With the client deploy tool, I can easily deploy hundreds of clients in a few minutes.

Adding infrastructure for scalability (relays) is also very easy and only takes a few minutes to add. If you want to service Internet connected devices, then you add a relay in the DMZ (and firewall rules) and you are able to connect to a device pretty much like they are on the LAN. This does not require a different infrastructure to make it work.

When I was first introduced to BigFix back when IBM bought them, I downloaded the trial version and attempted an installation without reading documentation. For my home lab, I was able to install the server and 5 clients in about 1 hour. I was also able to see the patch info and deploy patches to these systems. I mainly did this just to see how hard it would be to set up. Once set up, I started to read the documentation.

I know people that use SCCM, BigFix and Dell Kace that they really like the simplicity, scalability and power of BigFix over the others.

My current site that I am at, we have BigFix Patch only as we were mainly interested in the patch status for servers (Windows, AIX, RedHat, Oracle Linux and Solaris) as there was no simple way to get this information and consolidate it in a common view. Even though we only have Patch, we can still create custom content to deploy software like Symantec Endpoint Protection, SCOM agents and others. We can also use it to collect custom data like, currently logged on users, SCOM agent configuration, hardware information and a lot more. Some of this is in-house developed from scratch, others are built using samples from the BigFix community.

Hope that helps a bit.

06 April 18
Caio PiernoReal User

Concerning in a multi-tenant scenario, multi-OS, complex network environments, BigFix can fully attend all or most of your requirements. For specific situations, you can use SCCM since you do not have complex requirements.

BigFix will attend better on using Security Checklists like CIS, PCI-DSS, DISA; or when you need to reach large network organizations and want to have a centralized management configuring remote “caches”; when you have complex network topology and restricted network security policies and many network segments, you can manage it well using BigFix.

25 March 18
Caio PiernoReal User

Concerning in a multi-tenant scenario, multi-OS, complex network environments, BigFix can fully attend all or most of your requirements. For specific situations, you can use SCCM since you do not have complex requirement.
BigFix will attend better on using Security Checklists like CIS, PCI-DSS, DISA; or when you need to reach large network organizations and want to have a centralized management configuring remote “caches”; when you have complex network topology and restricted network security policies and many network segments, you can manage it well using BigFix;

22 March 18
Average Words per Review
Avg. Rating
Average Words per Review
Avg. Rating
Top Comparisons
Compared 55% of the time.
Compared 8% of the time.
Compared 6% of the time.
Compared 36% of the time.
Compared 15% of the time.
Also Known As
Tivoli Endpoint ManagerSystem Center Configuration Manager

IBM BigFix provides complete visibility and control into all endpoints through a single, unified platform. Enterprises can now bridge the bridge the gap between threat detection and response, drastically reducing remediation times and costs by consolidating best-in-class EDR, enterprise asset discovery, endpoint interrogation, rich threat intelligence, multi-platform patch management (90+ OS) and software distribution. Security and operations teams can see, understand and act on all endpoint threats while proactively reducing the attack surface. • SEE: Discover and audit every endpoint, on or off the corporate network—and rapidly detect evasive attacks using behavioral analytics that understand how attackers compromise your endpoints. • UNDERSTAND: Guided investigation enables security analysts to understand the full context and scope of an attack based on real-time endpoint information, not just historical data. • ACT: Respond with purpose. BigFix provides the capability to deliver targeted remediation—not only on patient zero but enterprise-wide—in minutes or hours.

With System Center Configuration Manager, you can manage PCs and servers, keeping software up-to-date, setting configuration and security policies, and monitoring system status while giving your employees access to corporate applications on the devices that they choose.
Learn more about BigFix
Learn more about SCCM
Sample Customers
US Foods, Penn State, St Vincent's Health US Foods, Sabadell Bank, SunTrust, Australia Sydney, Stemac, Capgemini, WNS Global Services, Jebsen & Jessen, CenterBeam, Strauss, Christian Hospital Centre, Brit Insurance, Career Education CorporationBank Alfalah Ltd., Wªrth Handelsges.m.b.H, Dimension Data, Japan Business Systems, St. Lucie County Public Schools, MISC Berhad
Top Industries
Healthcare Company17%
Hospitality Company7%
Financial Services Firm25%
Manufacturing Company7%
Financial Services Firm17%
Comms Service Provider13%
Transportation Company12%
Company Size
Small Business16%
Midsize Enterprise9%
Large Enterprise75%
Small Business6%
Midsize Enterprise14%
Large Enterprise80%
Small Business36%
Midsize Enterprise36%
Large Enterprise27%
Find out what your peers are saying about BigFix vs. SCCM and other solutions. Updated: March 2019.
333,928 professionals have used our research since 2012.
We monitor all Configuration Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.

Sign Up with Email