BigFix Security Configuration Management

Pros: Easy to set up policies, robust capabilities

Cons: Agent approach to network monitoring

Price: $23 per seat per year

Performance: A

Features: A-

Ease of use: A-

Value: A-

|GCN Lab Reviewer's Choice|

Like Altiris SecurityExpressions, Security Configuration Management by BigFix is simple to install and use. BigFix claims that with Security Configuration Management, a staff of only two could administer a network of 50,000 computers. With this reduction in labor costs, BigFix could create big savings, particularly in mid-size agencies that are struggling to secure and finance their networks. After using BigFix for a couple of months, we believe those savings are possible.

BigFix offers all the trimmings of a complete vulnerability management tool ' discovery and assessment, software distribution and deployment, antivirus, antispyware, network access control, license and inventory, and best-practice standards.

Unlike Altiris, which works best as an agent-less platform, BigFix has to be installed on every computer you want it to administer. This adds a layer of complexity not necessary with Altiris. However, fortunately, BigFix installation is quick and relatively painless. Once installed, the user interface is fairly clean and simple to learn. Unlike Altiris, in which multiple windows guide the user through the steps of operation, BigFix has one window that controls most of the functions.

To BigFix's credit, the navigation is still straightforward, mostly because you use mouse clicks to drill down and select courses of action. As a result, we never got lost using Security Configuration Management, and we were able to audit, monitor and establish robust vulnerability protocols across our network.

BigFix's software is a wizard-intensive solution with as many as 13 different wizards for modifying and creating templates, as well as initiating compliance with common government standards. We actually found the wizard model less intuitive and more difficult than Altiris' approach.

One of BigFix's best features, though, is its Application Usage Information. With this feature, an administrator can monitor the usage and history of any software on any machine on the network with impressive detail and accuracy. An admin could even track the application usage as far back as 52 weeks. Altiris has a crude version of this feature that we didn't think provided sufficient information and was harder to use than BigFix's.

We also liked BigFix's reporting features better than any other suite we tested. BigFix offers automated color charts and graphs that make very clear the results of all scans and actions.

Another high mark for Security Configuration Management is the BES Development Overview. This simple-to-activate feature acts as a 35,000-foot view, or dashboard, of the condition of the network.

BigFix quotes North American per-seat subscription pricing beginning at $23 per-seat per-year, with discounts available for enterprise-scale deployments. These low prices plus the high level of performance and quality is what makes Security Configuration Manager one of the best suites in this roundup, especially for an agency with a tight budget.

BigFix Inc., Emeryville, Calif., (510) 652-6700,

inside gcn

  • IFTTT data access program

    IFTTT digs into government data

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group