BigFix is unique in our testing thus far in that its core patching functionality is an integrated part of a larger framework focused on all aspects of endpoint security and management. This framework, the BigFix Enterprise Suite, can include IT policy management and BigFix's own antivirus product, as well as the patching functionality tested. That makes for a more complex user interface than we've seen in pure patch managers. It took us some time to get a handle on BigFix's modus operandi, but once we did, we found the interface and operations fairly straightforward.
Each site contains "fixlets," BigFix's term for the packages containing the patches, applications, or policies it can deploy. Most of the functionality BigFix Enterprise Suite provides is tied to fixlets, and the term is nearly ubiquitous.
BigFix's structure is entirely agent-based, similar to most enterprise patch management products we've seen. Deployment of agents can be easily automated to Windows systems through a client installation program provided. Happily, packages provided by BigFix for installation on non-Windows systems were also simple to install and well documented. Installed agents can even scan their local networks for devices without agents installed and attempt to deploy agents to those clients.
One area where BigFix stands out is in administrative features. We were able to create baselines of patches that can be assigned to user-created groups, individually specified clients, or groups of clients based on information retrieved by BigFix, such as subnet or OS. Using properly configured baselines can significantly reduce the amount of administrative time needed for patch management.