MagicSword launched its threat-driven application control platform, built to stop attackers from weaponizing the legitimate tools already running inside enterprise environments. MagicSword’s prevent-first ethos positions the company at the forefront of a broader shift from passive monitoring to active prevention.
Also Read: CIO Influence Interview with Hugo Dozois-Caouette, CTO and Co-founder at MaintainX
“We’re a protection-first, detection-second environment. MagicSword closed a gap our existing stack couldn’t.” — Head of Cybersecurity, Chicago-based capital asset management firm
EDR detects. MagicSword prevents. Industry research now puts 82% of attacks in the malware-free category. EDR was never built to flag legitimate tools and AI widens the gap. Same techniques with fewer skills required.
“For a decade I watched the same top 10 techniques show up in every threat report and the industry kept shipping detection. We built MagicSword to raise the cost of attacking, the time and effort adversaries have to burn.” — Jose Hernandez, CEO and Co-Founder, MagicSword
MagicSword was founded by Jose Hernandez and Michael Haag, who spent close to a decade at Splunk, Red Canary, and Cisco watching the same techniques surface in threat reports year after year. They created LOLDrivers and LOLRMM, the open-source catalogs of weaponized drivers and Remote Management Tools (RMMs) now cited in CISA’s joint guidance on living-off-the-land techniques. They documented the problem long enough to understand detection was never going to close it.
“We’re a protection-first, detection-second environment. MagicSword closed a gap our existing stack couldn’t.” — Head of Cybersecurity, Chicago-based capital asset management firm
Current MagicSword clients using the platform include a regional government in Germany, which now blocks the full living-off-the-land toolkit, RMM abuse, BYOVD drivers, LOLBAS, and signer abuse across 1,100 endpoints, managed by half an FTE in just 30 minutes every two weeks. In Chicago, a capital asset manager has closed the same exposure across 1,500 endpoints.
Both organizations had application control projects that had stalled. Deployment was never the problem. Operationalizing it, and keeping pace with evolving attack techniques, was. MagicSword unblocked both.
MagicSword is redefining endpoint security with a prevention-first approach that transforms real-world adversary tradecraft into enforceable controls customers can deploy in minutes. By stopping abused tools, weaponized RMMs, signed driver attacks, and unsanctioned AI applications before they execute, MagicSword helps organizations move beyond reactive detection toward practical, scalable prevention.
When a tool gets abused in the wild, MagicSword refreshes the intelligence behind the affected policies within two hours and notifies the user to approve and push to enforcement. No rule-writing required.
Deployment takes minutes, enforcement occurs in under 48 hours, and a free tier is available for organizations ready to modernize their defenses.
Catch more CIO Insights: What Does “Job-Ready” Really Mean in IT and Cybersecurity?
[To share your insights with us, please write to psen@itechseries.com ]
