HCL BigFix vs. Symantec Content & Malware Analysis

HCL BigFix is well-suited:

1. Patch Management for Diverse Devices: HCL BigFix is ideal for organizations with a diverse range of devices, including laptops, desktops, cloud, virtual machines, and mobile devices. Its endpoint management functionality enables seamless patching across various operating systems such as Windows, MacOS, ChromeOS, and Linux.
2. Comprehensive Patch Management: With HCL BigFix, organizations can achieve comprehensive patch management across their IT infrastructures. It ensures that all endpoints, regardless of the operating system, receive timely and secure patches, reducing vulnerabilities and enhancing overall security.
3. Troubleshooting and Monitoring: HCL BigFix excels in providing a dashboard that effectively displays problematic and functional machines. This feature allows IT teams to quickly identify and address issues, improving overall troubleshooting efficiency.
   However, there are some scenarios where HCL BigFix may be less appropriate or areas for improvement: 1. Coverage Expansion: It is important for HCL BigFix to continue expanding its coverage to include all possible resources installed within the IT infrastructure. Ensuring comprehensive coverage can enhance its effectiveness. 2.On-Site and OS Upgrades: Optimizing the process of on-site and operating system upgrades can help streamline the deployment process further. Improvements in this area would contribute to a smoother and more efficient upgrade experience. 3.Communication Speed: Enhancing the speed of communication between the HCL BigFix agent and the server can help improve the overall responsiveness and efficiency of the solution.
4. Pricing Optimization: Adjusting the pricing of HCL BigFix to be more cost-effective would make it more accessible and attractive to organizations of different sizes and budgets.

If you have Symantec based environment including Symantec proxy and endpoints, Content and Malware Analysis is the obvious choice. You can't run the CAS-MAS as a standalone deployment, you need proxies or ICAP supported devices capable to send the files/URLS. It's not a network security device where you can flow/direct the traffic to C/MAS. It does not have UBA, NBA or NTR features, it is just working for analyzing files as expected.

• Software inventory.
• Patch deployment.
• Patch review.

Incentivized

• 0 day detection and prevenion
• Flawless integration with Symantec Ecosystem
• Integration with other vendors supporting ICAP is also working
• Custom and golden image support
• High performance on busy environments
• Many threats are already detected and prevented through the CAS, it improves the performance drastically.
• Already builtin virustotal integration
• Reference to updates and updates information where I can see the product/service detecting which APTs
• Multiple Antivirus engines which you can select/subscribe
• Manual submission of file is supported through the gui
• URL manual submission is also supported

• The patching function is difficult for RedHat Linux servers, and can be improved.
• The site configuration and access control appears to be cumbersome.

Incentivized

• API support is lacking
• Symantec/Broadcom security vision in general
• Symantec support is not perfect
• You can't run the product as a standalone network device
• No packet capture capabiliy or work in span mode
• You need a dedicated hardware to make it run
• You need to buy

Recently we noticed the customer service on the support has dropped compared to when we first deployed the software.

Incentivized

We have significantly enhanced our ability to patch desktops, including laptops, desktop, cloud, virtual machines and other mobile devices used by end-users. BigFix's endpoint management functionality allows us to seamlessly patch a wide range of operating systems, such as Windows, MacOS, ChromeOS, and Linux systems, ensuring comprehensive patch management across IT infrastructures. We have established a track record of delivering secure and hassle-free patching solutions to our clients

We have been using many solutions even tested nearly all available 0day sandbox solutions in the market. We choose Symantec CMA as we have already Symantec endpoint protection/EDR on the client, Symantec proxy for the web access, SCMA fits our environment. We have a big bargain when we puchase lots of equipment from the Symantec. Detection and prevention is very good at SCMA but some constant issues; like the product is not designed for heterogeneous environments, we can not integrate the SCMA with WAFs, it's lacking in api and request/reply calls. There's no file scanning, discover the option. SIEM integration is not smooth. I can not run some of the SOAR playbooks through the SCMA.

• When there is a need to patch a Windows System it has worked

Incentivized

• 0-day and APT risk is covered by the SCMA
• As the SSL is inspected and analyzed at Bluecoat proxy servers, hidden threats, malicous files are passed to SCMA to be analyzed.
• Getting full visibility at file trajectory level
• As it's a full proxy and ICAP integration, we are sure that the files are to analyzed and scanned for malicious activity. This is a big plus compared to NGFW analyze concept, as the NGFWs have special failsafe mechanisms allowing bypass of file analysis. SCMA fully catches the hidden threats.
• Flawless integration with Bluecoat systems is a big plus, customers are getting the same type of messages within their browsers.
• A negative impact is the standardization when I deploy SCAM to one of our locations. Then the auditors demand the same coverage within other areas and it comes with the cost. Especially maintaining these devices on premise environment has a significant cost.