Defending 1,100 Endpoints Without Additional Headcount

Landkreis Tübingen is a regional governmental authority responsible for public health, social services, environmental programs, education support, infrastructure, and citizen-facing administrative functions.

The organization has about 1,100 employees and a 15-person IT team. Security capacity is limited, but the data and services they protect are critical to the region.

The team had used AppLocker for years, but the rules were intentionally broad. Moving to WDAC promised stronger control, but the policy work was XML-heavy and hard to scale across hundreds of real-world applications.

Many applications came from small developers and were not consistently signed. A manual allow-listing process would have created too much operational drag for a team already responsible for the district environment.

Landkreis Tübingen deployed MagicSword agentlessly across the full fleet. Instead of turning on enforcement in one large cutover, the team used logs to understand what would be blocked, reviewed the entries in analytics, and then generated new policy versions.

They run a hybrid model: one policy blocks known-dangerous tools based on live intelligence, while another explicit allow-list is built from verified application usage.

The team moved from a small number of broad application-control rules to thousands of explicit WDAC rules. That shift changed the posture from allowing broad software categories to permitting what the district has verified.

The work now fits into normal operations. The review cycle takes about 30 minutes every one to two weeks, with no new hires and no dedicated project team required.

The engagement also showed the value of responsive product support. The team surfaced issues and improvement ideas while the platform evolved, and MagicSword responded quickly enough for the customer to keep building on the platform.