How does IBM BigFix Patch work?

Provides automated patch management

IBM BigFix Patch supports up to 250,000 endpoints from a single management server. It can patch more than 90 OS types and delivers patches to endpoints for third-party applications. The software supports a variety of endpoints: physical and virtual servers, laptops, desktops, POS devices, ATMs and self-service kiosks. It supports patching of online and offline virtual machines, including roaming devices, so that virtual and cloud environments have the same level of security as physical systems.

Applies only the correct patches

The software creates patch policies using IBM Fixlet messages, which wrap the update with policy information such as patch dependencies, applicable systems and severity level. It uses an intelligent agent on every endpoint to enforce and assess patch compliance and recognizes which patches are required for that machine. Then it automatically retrieves and applies the needed updates. BigFix Patch deploys patches more efficiently, even over low-bandwidth or globally distributed networks.

Offers greater visibility into patch compliance

Gain flexible, real-time monitoring and reporting with IBM BigFix Patch. It helps you enforce policies and quickly report on compliance to improve audit readiness. It automatically assesses the endpoint status once a patch is deployed, confirms successful installation and updates the management server—supporting compliance requirements that require definitive proof of installation. BigFix Patch helps you comply with government regulations, service level agreements and corporate policies.

Delivers real-time control from a single console

The software offers integrated web reporting, which allows users, administrators and executives to view dashboards and receive reports showing patch management progress in real time. It indicates which patches were deployed, when they were deployed, who deployed them and to which endpoints. BigFix Patch uses intelligent agents to continuously monitor endpoint states, including patch levels, and reports them to a management server. It compares endpoint compliance against defined policies.

Proactively reduces security risks

With IBM BigFix Patch, you can reduce security risks by streamlining remediation cycles from weeks to hours or minutes. It allows you to create reports showing which endpoints need updates, and then distribute those updates within minutes. IT administrators can safely and rapidly patch Windows, Linux, UNIX and Mac operating systems with no domain-specific knowledge or expertise required. In addition, the software automatically remediates problems related to previously applied patches.

How customers use it

  • Patch Overview


    My manager needs to see and understand our patch vulnerability exposure.


    A simplified dashboard allows team members to quickly understand patch vulnerability exposures. The BigFix Query feature provides a real-time status of your endpoints, enabling accurate identification and inspection of vulnerable devices.

  • Patch Policies

    Patch Policies


    I need to quickly create and manage patching for groups of different endpoints.


    A new patch policy feature allows Admins at any skill level to create & manage patch policies including the ability to first test, then roll-out patch policies for groups of different endpoints to production environments.

  • AIX Patching

    AIX Patching


    I need to patch more than just Windows endpoints.


    Automated Patching for Windows, AIX and Mac devices accelerates the process to ensure that ALL endpoints are secure.

Technical details

Software requirements

Software requirements for IBM BigFix Patch can be viewed at:

    Hardware requirements

    Hardware requirements for IBM BigFix Patch can be viewed at:

      Buy now and get started