X World 2025

Santa's Little Helper

Santa (https://github.com/northpolesec/santa) is a binary authorization system that has been a cornerstone of macOS security for organizations serious about application control. However, the traditional Santa deployment model comes with additional operational overhead at scale, primarily centered around the need for a dedicated Santa sync server. In the conventional setup, Santa requires a custom sync server implementation to: - Distribute allow/deny rules across your fleet - Collect execution events and blocked binary reports - Manage configuration changes and rule updates At the time of writing, there are currently three off-the-shelf sync server solutions available: - Moroz - A golang server that serves hardcoded rules from simple configuration files. - Rudolph - An AWS-based serverless sync service built on API GW, DynamoDB, and Lambda components. - Zentral - An event hub to gather, process, and monitor system events and link them to an inventory. Running any of these solutions may incur additional infrastructure costs, add additional upkeep, and you might have to adopt a configuration language specific to the solution. What if you could get all the benefits and functionality of a sync server using your existing device management solution?

About the presenter

Harrison is a Solutions Engineer for Fleet Device Management. He’s passionate about improving IT workflows and approaching problems and solutions through a lens of security. Before entering tech, he was a sourdough bread baker in San Francisco.