MagicSword Launches to Turn Adversary Tradecraft into Prevention

MIAMI--(BUSINESS WIRE)--MagicSword today launched its threat-driven application control platform, built to stop attackers from weaponizing the legitimate tools already running inside enterprise environments. MagicSword's prevent-first ethos positions the company at the forefront of a broader shift from passive monitoring to active prevention.

"We're a protection-first, detection-second environment. MagicSword closed a gap our existing stack couldn't." — Head of Cybersecurity, Chicago-based capital asset management firm

Share

EDR detects. MagicSword prevents. Industry research now puts 82% of attacks in the malware-free category. EDR was never built to flag legitimate tools and AI widens the gap. Same techniques with fewer skills required.

"For a decade I watched the same top 10 techniques show up in every threat report and the industry kept shipping detection. We built MagicSword to raise the cost of attacking, the time and effort adversaries have to burn." — Jose Hernandez, CEO and Co-Founder, MagicSword

MagicSword was founded by Jose Hernandez and Michael Haag, who spent close to a decade at Splunk, Red Canary, and Cisco watching the same techniques surface in threat reports year after year. They created LOLDrivers and LOLRMM, the open-source catalogs of weaponized drivers and Remote Management Tools (RMMs) now cited in CISA's joint guidance on living-off-the-land techniques. They documented the problem long enough to understand detection was never going to close it.

"We're a protection-first, detection-second environment. MagicSword closed a gap our existing stack couldn't." — Head of Cybersecurity, Chicago-based capital asset management firm

Current MagicSword clients using the platform include a regional government in Germany, which now blocks the full living-off-the-land toolkit, RMM abuse, BYOVD drivers, LOLBAS, and signer abuse across 1,100 endpoints, managed by half an FTE in just 30 minutes every two weeks. In Chicago, a capital asset manager has closed the same exposure across 1,500 endpoints.

Both organizations had application control projects that had stalled. Deployment was never the problem. Operationalizing it, and keeping pace with evolving attack techniques, was. MagicSword unblocked both.

MagicSword is redefining endpoint security with a prevention-first approach that transforms real-world adversary tradecraft into enforceable controls customers can deploy in minutes. By stopping abused tools, weaponized RMMs, signed driver attacks, and unsanctioned AI applications before they execute, MagicSword helps organizations move beyond reactive detection toward practical, scalable prevention.

When a tool gets abused in the wild, MagicSword refreshes the intelligence behind the affected policies within two hours and notifies the user to approve and push to enforcement. No rule-writing required.

Deployment takes minutes, enforcement occurs in under 48 hours, and a free tier is available for organizations ready to modernize their defenses.

Join the founders for the official launch event on June 9. [REGISTER]

Available at magicsword.io | [LinkedIn] | [X] | [YouTube] [Github]

About MagicSword MagicSword.io is a threat-driven application control platform that prevents attackers from weaponizing legitimate tools inside the enterprise. It turns observed adversary tradecraft into preventive policies customers can review and ship in minutes. Agentless on Windows, native agents on macOS and Linux. Built for prevention engineering, because detection was never enough.