IBM BigFix

Cohesive endpoint hygiene is critical to your security strategy. Take control of your endpoints fast.


Continuous policy enforcement and reporting


Software patching, distribution and provisioning


Audit authorized and unauthorized software


Automated patching with high first-pass success

IBM BigFix: A collaborative endpoint management and security platform

IT security and operations teams are struggling to keep pace with global cyber criminals – often using up to 85 different tools from up to 45 different vendors. This makes it hard to prioritize patching and remediation. Plus, not all remediation tools are created equal.  If you can’t see your endpoints and your tools don’t work together, you can’t secure your devices and data.

With IBM® BigFix®, IT operations and security teams can collaborate more effectively to cut operational costs, compress endpoint management cycles, enforce compliance in real-time and improve productivity. Here’s how:

  • Extending existing capabilities and addressing any functional gaps that may exist within a particular tool
  • Enabling staff to use solutions they’re already familiar and avoiding training costs and ramp-up delays
  • Empowering security and infrastructure teams to see and act on the same endpoint data without switching between multiple applications (which also saves time and can enable better decision making)
  • Optimizing ROI on existing investments

Don’t drown in a sea of cyberthreats: Mitigate attack with IBM BigFix and IBM QRadar

IBM BigFix addresses the needs of enterprise IT infrastructure and security specialists

Discover Quickly

  • Identifies and provides accurate, real-time information about your endpoints — regardless of operating system, location or connectivity
  • Enables SOC security teams to see endpoint data within their existing security information and event management (SIEM) and incident response tools

Manage Easily

  • Quickly deploys and patches operating systems and third-party software with high first-pass success rates
  • Reduces annual software spend by assessing application usages
  • Inventories endpoints across multiple operating systems
  • Integrates with endpoint detection and response (EDR) tools to help security teams better identify threats and operations teams to remediate endpoints at scale

Secure Continuously

  • Provides continuous monitoring, patching, and enforcement of security policies across endpoints
  • Keeps remote servers and internet-facing endpoints updated, secure, and always properly configured
  • Integrates with network access control tools to enforce endpoint compliance for stronger network access control and remediation workflow orchestration

The collaborative endpoint management and security platform


Continuous policy enforcement and reporting


Software patching, distribution and provisioning


Audit authorized and unauthorized software


Automated patching with high first-pass success

IBM BigFix Compliance

Continuously monitor and enforce endpoint security configurations to ensure compliance with regulatory or organizational security policies


Enforce Continuous Security Compliance for All Endpoints

IBM BigFix Compliance enforces continuous compliance with security policies throughout your organization for every endpoint both on and off the corporate network. It includes out-of-the-box support for most popular security benchmarks published by CIS, DISA STIG, USGCB and PCI-DSS. An intelligent agent on every endpoint monitors, enforces and reports on the security configuration status of the endpoints in real-time regardless of OS type or location. Any compliance drifts are reported instantly and can be remediated quickly, to reduce the overall security risks.

Enforce Security Compliance

Gain continuous real-time enforcement of security policies across all endpoints, regardless of their network connection status, and eliminate compliance drift immediately—lowering your security risk.

Adhere to Best Practices

Provide more than 13,000 compliance checks to support over 50 platforms and middleware applications, based on best practice benchmarks published by CIS, DISA STIG, USGCB, and PCI DSS.

Reduce Operational Costs

Share the same management console and infrastructure with other BigFix applications. Both endpoint security and endpoint management are integrated into a single platform to lower administration costs.

Key Features of IBM BigFix Compliance

  • Enforces continuous security compliance
  • Provides PCI-DSS compliance
  • Manages hundreds of thousands of endpoints
  • Delivers a broad range of security functions
  • Makes the most of BigFix technology

IBM BigFix Lifecycle

Reduce cost, Risk and complexity of managing servers, Desktops, Laptops, Point-of-sale and Other devices


Find and Fix Problems in Minutes Across All Endpoints

BigFix Lifecycle helps find and fix problems in minutes across all endpoints—fixed, mobile, physical and virtual. Discover, secure and manage hundreds of thousands of endpoints on more than 90 different OS versions within hours or minutes. In addition to ensuring that all of your systems are patched and secure, you can automate OS Migrations, query endpoints in real-time for the presence of malicious files, quickly install software, perform advanced automation or do simple remote control with just a few clicks. BigFix Query accurately identifies and inspects endpoints through a user-friendly web interface using simple, intuitive questions.

Automate The Entire Lifecycle

Provides automated capabilities for asset discovery and inventory, real-time query, software distribution, operating system deployment and migration, patch management and power management.

Simplify Endpoint Management

Increase efficiency with automated patching, remote software deployments, Windows 10 migrations updates and re-imaging, clustered server patching.

Achieve Greater Visibility and Control

Get the “big picture” and achieve comprehensive control by managing the configuration of your servers, whether distributed or on site.

Key Features of IBM BigFix Lifecycle

  • Manage up to 250,000 endpoints from a single server
  • Cover the full system lifecycle
  • Reduce management complexity and cost
  • Simplify operations and deliver comprehensive visibility

IBM BigFix Inventory

Identifies licensed and unlicensed software across operating systems and endpoints. By measuring usage, it helps to reduce software costs.


Maintain Audit Readiness and Mitigate Security Risks

IBM BigFix Inventory can dramatically reduce the time required to conduct a comprehensive software asset inventory for license reconciliation or compliance purposes. It provides valuable insight into what the organization owns—and what it has installed but does not own—along with how often the software is being used. It supports better planning, budgeting and vendor license compliance, while mitigating security risk.

Reduce Asset Management Costs

Keep track of hardware and software assets across hundreds of thousands of endpoints with fast deployment and reporting—even in multi-tenant environments.

Simplify Asset Identification

Streamline software asset identification and reporting by using ISO 19770-2 standard enabled discovery. Access an extendable software identification catalog with more than 100,000 software titles.

Be Prepared for Audits

Ensure audit readiness with discovery for software, processes and file systems—along with server capacity usage and metering. Save money and reduce security risks by identifying unused software.

Key Features of IBM BigFix Inventory

  • Manages assets across hundreds of thousands of endpoints
  • Delivers a comprehensive Software Identification Catalog
  • Enables enhanced reporting
  • Provides discovery for software and processes
  • Integrates with IBM software products

IBM BigFix Patch Management

Provides automated patch management to help reduce patch cycle times from days and weeks to hours or minutes


IBM BigFix Patch provides an automated, simplified patching process that is administered from a single console. It provides real-time visibility and enforcement to deploy and manage patches to endpoints—on and off the corporate network. Clients have reported seeing more than 98 percent first-pass patch success rates. The solution not only increases the effectiveness of the patch process, but also cuts operational costs and reduces patch cycle times keeping your endpoints secure.

Automate Patch Management

Manage and deploy patches for multiple operating systems and applications across hundreds of thousands of endpoints—regardless of location, bandwidth or device type.

Gain Greater Visibility

Get flexible, real-time monitoring and reporting from a single management console. Automatically assess the endpoint status after a patch has been deployed.

Reduce Compliance Risks

Proactively reduce security risk by streamlining remediation cycles from weeks to hours or minutes and achieve greater than 98% first-pass patch success rates.

Key Features of IBM BigFix Patch

  • Provides automated patch management
  • Applies only the correct patches
  • Offers greater visibility into patch compliance
  • Delivers real-time control from a single console
  • Proactively reduces security risks