Our third entry in this Rolling Review has more than patching in its bag of tricks.
BigFix is unique in our testing thus far in that its core patching functionality is an integrated part of a larger framework focused on all aspects of endpoint security and management. This framework, the BigFix Enterprise Suite, can include IT policy management and BigFix's own antivirus product, as well as the patching functionality tested. That makes for a more complex user interface than we've seen in pure patch managers. It took us some time to get a handle on BigFix's modus operandi, but once we did, we found the interface and operations fairly straightforward.
BigFix is a complete endpoint management system that can be used to patch and control all aspects of your heterogeneous network.
BigFix is the first product we've tested that can go beyond patch management. Like most rivals, it does require agents, but we were pleased with its cross-platform support. We've previously reviewed Shavlik, which, while polished, focuses only on Windows, and the cross-platform but pricey Lumension PatchLink.
For large enterprise organizations, BigFix can really deliver on keeping Unix, Linux, and Windows systems patched, whether in a physical or virtual environment. The suite can also extend to other security and management functions.
BixFix relies on "sites" for each type of technology you're managing--for example, Solaris or Windows. Sites are bundled into Solution Packs grouped to support the various roles BigFix can play. While each pack comes with a number of sites, you can install only the sites necessary for a particular environment, limiting the resources needed for downloading and storing patching information.
Each site contains "fixlets," BigFix's term for the packages containing the patches, applications, or policies it can deploy. Most of the functionality BigFix Enterprise Suite provides is tied to fixlets, and the term is nearly ubiquitous.
BigFix's structure is entirely agent-based, similar to most enterprise patch management products we've seen. Deployment of agents can be easily automated to Windows systems through a client installation program provided. Happily, packages provided by BigFix for installation on non-Windows systems were also simple to install and well documented. Installed agents can even scan their local networks for devices without agents installed and attempt to deploy agents to those clients.
One area where BigFix stands out is in administrative features. We were able to create baselines of patches that can be assigned to user-created groups, individually specified clients, or groups of clients based on information retrieved by BigFix, such as subnet or OS. Using properly configured baselines can significantly reduce the amount of administrative time needed for patch management.
For Windows shops, the default patch setting is "no reboot," even if the patch vendor has specified that a reboot is needed. This is useful for servers that can be restarted only during a maintenance window. We could set up a scheduled task to reboot any clients in the pending reboot state during a designated time frame.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
2017 State of IT ReportIn today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.