January is a time for reflection. So, for the third straight year, we’re looking back at the marketing campaigns that flopped, didn’t quite catch on, or didn’t meet expectations. And then a few certified hits to cleanse the palate.
This series serves as a sort of failure time capsule — so we encourage you to take a look at our 2020 post and our 2019 post. We hope that future generations will look back at our primitive civilization and say, “Well, that was dumb.”
In May of 2021, it looked like in-person events weren’t going to happen for the rest of the year. And given the objective fact that virtual cybersecurity events are lame, I (not we, I) thought we could come up with something unique. Enter CYBRFST. From the overview:
NOT JUST A ZOOM PRETENDING TO BE AN EVENT
CYBRFST promises to be an actual, useful, memorable cybersecurity experience that features sessions that matter, demos of technology, networking with peers, music, celebrities, sarcasm, and surprises. All the things you miss about in-person conferences — without the travel.
Although we can finally see the light at the end of the COVID tunnel, we’ll have to wait until 2022 for in-person events. RSA: virtual-only. BlackHat: virtual other than an expo hall for vendors to talk to vendors. 2021 is a wrap other than virtual events. And those are all pretty awful.
Virtual cybersecurity conferences don’t work because they lack five things that make in-person events so special:
What if a bunch of vendors and practitioners put together a not-for-profit event that doesn’t take everything so seriously, donates to charity, and is a completely unique experience that addresses each of these five components? A tongue-in-cheek send-off to a year of boring Zooms and thinly-veiled vendor fests.
That question deserves an hour-long list of reasons, but a few of the main ones:
Timing is everything, and we can’t commit to every idea that comes up. I still love the idea of a cybersecurity event that doesn’t take itself seriously and is all about having fun. If someone decides to run with it, we’ll all be there!
In the Spring of 2021, there was an overwhelming feeling of optimism. It looked like a return to in-person events was imminent, and the appetite for being around other human beings was widespread.
We decided to jump back in and planned on holding a small, invite-only series of events in eight cities at a Michelin star restaurant. All of the locations were going to fit the theme of visibility (think of a roof deck at a tall building), and we’d have keynote speakers talk about how they were able to focus on the fundamentals to impact the bigger picture.
Well, 2021 had other plans.
You will not read the five-letter word that canceled most in-person events in this post — but I will say that a certain public health crisis ended the roadshow after one breakfast event in NYC.
Although it looked like a return to in-person was around the corner, that was a mirage.
When you think that the world is about to return to normal, instead of planning an eight-city tour, wait a couple of weeks. A new disaster will appear.
The last two items make this one obvious, but 2021 saw a constant swing from virtual events to in-person, and then back again. And any time a physical event went virtual, you could guarantee that it would be a total bust.
After two years, we’re just sick of Zoom meetings pretending to be in-person events. Are there good virtual events? Sure. Are there good in-person events that successfully transition to virtual? I think verified Bigfoot sightings are more common.
Constant change is exhausting, and getting people to commit to several hours on a Zoom when they miss out on all the benefits of being in-person isn’t good enough.
There’s a massive appetite for being around others, but not until it’s safe. And seeing each other behind a screen isn’t a satisfactory substitute.
In 2020, we offered a free assessment for healthcare organizations to help them understand what devices they needed to manage and secure, and to help them secure the assets used by employees that were forced to work remotely.
Rather than being a thinly-veiled product trial, we instead worked closely with these companies without turning it into a sales initiative whatsoever. We did things that had absolutely nothing to do with what Axonius solves.
We learned a lot, and we heard that those organizations we helped got a lot of value from the assessments. We thought that we could offer the same kind of assessments to any organization (not just healthcare) to help them understand their assets and whether they’re managed and secured.
For example, here’s an example of an EDR/EPP assessment where we help teams assess endpoint security agent coverage across all of their assets.
Regardless of how much you stress the fact that an assessment is different from a trial, it’s viewed as a clever way to enter a sales cycle. I’m not sure I’m willing to call this a failure yet, and think that it’s all about making sure the expectations are very clear.
Cybersecurity professionals are justifiably skeptical about “free assessments”, and to do it right, you have to mean it.
If you were to listen to meeting setting vendors, getting 1:1 meetings with security professionals that are currently working on a relevant project is like fish in a barrel. They represent hundreds of CISOs that are in a huge rush to solve their cybersecurity asset management challenges right now.
It’s entirely possible that somewhere on earth there is a vendor that actually has relationships with security professionals that have defined projects and are looking for solutions. But in our experience, that hasn’t been the case with any of the dozens of vendors clogging our inboxes daily.
Mainly because security professionals don’t go to random vendors and say, “Of course, I could just do some searching myself and try out products that address my challenges. But instead, I’d rather have you source vendors for me, sell my name and details to them, and then set up 45-minute Zoom meetings with them so they can pitch me and several others.”
Just because you want something to be true doesn’t make it so. It would be incredibly convenient to go to a meeting setting vendor and have them set up highly qualified one-on-one meetings with people that have already indicated interest in solving the problem that our product addresses. I also would like to go to the convenience store and ask for the winning lottery ticket rather than buying a ticket at random. I’ve had exactly the same success trying both.
A giraffe gently nudges a colleague in the right direction.
Let’s pretend I’m looking to solve a problem. At Axonius, we’re growing incredibly fast, introducing new products, and expanding globally, and we’re creating a LOT of content. How do I make sure that our own employees are able to find and use this content in whatever we do? I know I have a challenge but have no idea how to solve it.
I do some searches around the problem, and find “The Comprehensive Guide to Make Your Content Actionable for Your Employees, Nate.” Oddly specific, sure, but dead on. I have to fill out a form to get the PDF, but that’s no big deal. So I do.
I’m absolutely not ready for a sales pitch. I’m not ready to compare products. I’m so early on in my quest to solve a problem that I don’t even know the category of tools that can help me. I’ve indicated some interest, but not a lot. And that’s where email nurturing kicks in.
In this example scenario, since I filled out a form I’m likely to start getting emails that point me to other content that educate me about the problem space, use cases, and how that particular vendor can help.
We all get hundreds of emails every day. And if we’re not ready to do some research the second an email arrives, chances are it’ll get deleted or we’ll unsubscribe from the list. Since email inboxes contain critical information about our work, getting rid of distractions is the only way to focus on what matters. Even though I showed the vendor my interest in solving a problem, if I’m not thinking about solving it right now, any nurturing email is a distraction that I don’t want.
Timing is everything. You can’t force someone to drop everything just because your product can help them.
The following are some things that went well for us in 2021.
In March, we announced a $100 Million Funding Round at Unicorn Valuation. To coincide with the announcement, we created two videos:
And
We saw amazing media coverage, social shares, and even more valuable — it gave Axonians something to be proud of.
Though it’s more common than in the past, joining the unicorn club is an amazing milestone for any company.
We all work incredibly hard at Axonius and we need to celebrate our wins. This announcement gave us all something to rally around during a time where we couldn’t all be together.
We’ve been fortunate to receive industry recognition at Axonius over the years, and that certainly gives us validation from objective third parties. We could come up with blog posts and press releases all day touting our awesomeness, but we’re pretty biased. The following are a few highlighted awards from 2021:
Recognition through awards not only shows external validation to potential customers, it also shows potential employees that Axonius is a unique and amazing place to work. It shows our employees that their work is important and something to be celebrated.
There’s very little downside to being seen as an innovative company.
When we first started out as a company, we realized we didn’t fit neatly into an existing category. In fact, one analyst told me we’re like a platypus: like a duck, but no bill, fur, but not a beaver. We weren’t endpoint protection but can help with making sure EDR agents are installed and working properly. We aren’t a VA scanner, but we can show you both known vulnerabilities and devices and cloud instances not being scanned.
Kind of like this, but not. Kind of like that, but not exactly.
So we had to create a category and we called it cybersecurity asset management. And although it was perfectly wrong in many ways, it caught on. And finally, after years of evangelism, Gartner decided they had a better term and coined a new category called Cyber Asset Attack Surface Management or CAASM.
In Jul 2021 the analyst firm Gartner announced an emerging category with only 1% market penetration. From its report:
Cyber asset attack surface management (CAASM) is an emerging technology focused on enabling security teams to solve persistent asset visibility and vulnerability challenges. It enables organizations to see all assets (both internal and external) through API integrations with existing tools, query against the consolidated data, identify the scope of vulnerabilities and gaps in security controls, and remediate issues.
Much like awards, third-party validation from a highly respected global analyst firm like Gartner sends a signal that a new class of technology is here to stay and not a feature, but a market.
CAASM has a better ring to it than cybersecurity asset management. I mean, here’s an ebook title for you: From Asset Management to Asset Intelligence: Crossing the CAASM.
In 2021 Axonius grew exponentially in customers and employees, and we also welcomed two new entities.
In June of 2021, we announced AxoniusX, a new business unit focused on creating growth through innovation. AxoniusX will explore new market opportunities and will build and bring to market solutions that deliver new value for customers and fuel our expansion.
Just this week, the first product from AxoniusX — SaaS Management — was launched. Axonius SaaS Management is a new comprehensive solution that helps security, IT, finance, and risk teams control the complexity, cost, and risk associated with software as a service (SaaS) applications. Designed to mitigate SaaS management challenges, it provides organizations with a single source of truth into their SaaS environments.
In 2021 we also announced the launch of Axonius Federal Systems LLC, a subsidiary of Axonius that safeguards mission objectives by strengthening IT asset identification and management in federal agencies. Covering millions of devices in the federal government, Axonius Federal Systems delivers foundational asset management capabilities to comply with federal cybersecurity regulations and guidelines, including Zero Trust, NIST Cybersecurity Framework, CDM, FISMA, and NDAA 889.
These two entities help us to focus on bringing value to customers by identifying the specific challenges they face. AxoniusX lets us continue to innovate and identify new opportunities for platform growth and Axonius Federal Systems focuses solely on the unique challenges faced by federal agencies.
The challenges resulting from the growth and rate of change in devices, users, and SaaS applications touch every industry and are becoming a high priority for IT and security teams around the world. From presidential orders and directives in federal agencies like the Executive Order on Improving the Nation's Cybersecurity to CISA's Binding Operational Directive 22-01, agencies are prioritizing being able to manage and secure their assets. And although our cybersecurity asset management solution is the best in the world, we will always look for new ways to bring value to customers by adding new functionality to the platform like SaaS Management.
In 2021 the Axonius team grew by 174%, adding employees in every department and across many regions worldwide. And we’ll continue to grow in 2022.
We hire great people, give them what they need to succeed, and get out of their way.
Get the culture right, hire amazing people, celebrate wins, fix what’s broken, care about customers and things work out.
Speaking of which … if you’re interested in joining Axonius, take a look at our career openings here.
41 Madison Avenue, 37th Floor
New York, NY 10010