BigFix Enterprise Suite v7.2
Strengths: Not missing a thing. Compliance, audit, accountability and management in an easy-to-use, web-based interface.
Weaknesses: Nothing operationally, bit on the pricier side for both products.
Verdict: Great enterprise solution; It may be pricey for smaller organizations.
SummaryBigFix Enterprise Suite v7.2 provides security configuration and vulnerability management and allows for broad policy enforcement in the enterprise, with real-time visibility and control of policies enabled from a central management console. BigFix provides real-time granular assessment of endpoint state, enforcement of policies against that state, and the ability to remediate and confirm remediation of devices that are out of compliance with policies.
BigFix allows for continuous distributed scanning for discovery of IP-enabled devices on the network so that they can be brought under BigFix management as necessary. Once the agent is deployed, the devices are managed, whether on or off the corporate network.
Management capabilities include asset discovery and inventory, patch management, power management, security configuration management, endpoint protection and more.
BigFix does deploy agents to the managed endpoints. It's a single agent and is designed to be very light, in a worst case scenario using up to two percent of the CPU. The agents can be configured to run as relays, which adds to the scalability of the platform and allows for regular scan updates for vulnerability and inventory information. This is a nice feature.
Scanning thousands of endpoints across multiple VLANs in an enterprise can be very time-consuming. This capability, although it may add some overhead to the relay endpoints, can greatly reduce the time necessary to keep up-to-date vulnerability data on every system.
The hardware and software inventories were very detailed. There were various policy templates available for managing compliance. These templates could be easily customized as required for your specific requirements. Email alerting for policy violations was available.
Reporting was very strong with nice executive level overview-style display and complete drilldown to the technical level details. Support for most operating systems, features and ease of use make this a nice solution for endpoint management.