BigFix provided a clear, detailed explanation of its capabilities and, significantly, addressed its reply directly to our requirements. It was the only vendor that provided a deployment diagram for our company, in addition to its recommendations of BigFix Enterprise Suite (BES) as an appropriate enterprise solution.
BES is a highly flexible agent-based product that relies on small text messages (1 KB) called "Fixlets" that can carry almost any information -- patch status, vulnerabilities, configuration and registry settings, scheduling and execution instruction, etc. -- between the agent and BES Server.
This flexibility may seem unimportant for our hypothetical Windows-based environment, but it is. While the focus was on patching, most vulnerabilities are configuration weaknesses. The Fixlet technology adds real value by addressing these configuration issues, while allowing BES to support the company's legacy Windows 9.x and NT devices, as well.
BigFix addressed our scenario's biggest headache: patching for numerous small satellite offices and mobile users. BES Relay Servers, deployed in each of three main offices, reduce overall network traffic by distributing the automated patching. They are caching and distribution points for all file transfers and system communications. Policy-based bandwidth throttling (based on connectivity level) also reduces traffic. For mobile users, the client agent gathers information offline, communicates with the server and takes any required action as soon as it logs on to the network.
The BigFix agents' ability to automatically assess patch status before and after remediation deals with a chronic company pain point -- the time and resources devoted to VA, validation and repatching.
We also liked the flexibility BES offered in creating custom distributions. While our scenarios used Windows OSes exclusively and relied heavily on standard Windows apps, it also had unspecified HR, finance and miscellaneous business apps that require periodic updates and patches.