Bigfix makes some excellent products, and they have been moving in great directions over the last couple years. They have moved out of pure remediation and into configuration management and control. I would have loved to have purchased them for use at my current company, but the pricing was a bit higher than I'm using for Shavlik HFNetchk Protect, which is another good product, but is far more limited. I wanted to have one tool to patch Linux and Windows systems.
IBM has been really struggling to provide a good provisioning and patch management tool for years and years. First they were pushing TPM which is probably the worst product I have seen IBM release. Unfortunately a company I worked for previously was obsessed with using this product that most Tivoli enterprise customers get for free and completely disregard. I spent a good amount of time looking at the product and its capabilities, or lack thereof. I'm concluding my rant now, but its happy to see IBM adding a superb replacement for TPM and adding additional security related products they will acquire with the Bigfix purchase.
I was also quite surprised at the cost of the purchase at $400m. I know Bigfix has a lot of customers, and they sell a service, which makes it nice for both operating business as well as the customers who can bill this against opex versus capex. I would have assumed they would have had to pay more for the company. It will be interesting to see what features IBM takes from them and puts into Tivoli, and which other ones become part of the ISS portfolio over time.