Scalable Approvals With Delegation
Delegate and scale approvals with workflows that ensure compliance and security in minutes, not days.
Trusted by teams at
20% of fleets are now on macOS
1 in 5 business computers are macOS
Meet Workshop, the first modern endpoint protection platform for macOS. Detect and stop threats before they start while keeping the business moving. So efficient your team won't even know it's running.
Say Goodbye to Allowlisting Nightmares
Say Goodbye to
Allowlisting Nightmares
No more bottlenecks or frustrated users. No more security compromises. Assign distinct approval workflows for each team to balance security, compliance and productivity.
Self-Service Approval
Empower your trusted team members to approve low-risk requests instantly.
Designated Approvers
Route requests to the right people and require multiple approvers when needed.
Social Voting
Democratize software approvals with community voting.
Workshop and Santa protect your fleet
A powerful combination that stops modern threats while keeping your users productive and happy.
1
Santa Guards
Santa blocks unknown executions, sensitive file access, and removable media with negligible overhead.
2
Workshop Decides
Customizable risk engine with threat intel integrations helps ensure only the right software is approved.
3
Threats Stopped
Threats stopped before they start. USB, SD card, and Thunderbolt exfiltration blocked. Unknown binaries never run.
4
You Stay Informed
Advanced telemetry powers deep analysis of every decision and action taken. Every action forms a complete audit trail.
What is Santa?
Santa is the highly-performant, open-source macOS security agent pioneered at Google and now maintained by North Pole Security. Workshop transforms Santa into a complete enterprise platform with scalable allowlisting.
What is Santa?
Santa is the highly-performant, open-source macOS security agent pioneered at Google and now maintained by North Pole Security. Workshop transforms Santa into a complete enterprise platform with scalable allowlisting.
What is Santa?
Santa is the highly-performant, open-source macOS security agent pioneered at Google and now maintained by North Pole Security. Workshop transforms Santa into a complete enterprise platform with scalable allowlisting.
- Binary AuthorizationControl exactly what software can execute.
- File Access AuthorizationStop infostealers from reading sensitive files.
- Removable Media BlockingPrevent data exfiltration via removable media.
- Rich TelemetryComplete visibility into system security events.
Real Security That Works
Making enterprise-grade allowlisting finally practical for today's businesses.
Guardrails That Keep You Safe
Workshop and Santa protect against infostealers, credential theft, and USB breaches, all while using minimal system resources.
Purpose-Built For Modern Enterprise
The modern enterprise is adopting macOS faster than ever. Workshop was built by experts for the threats Macs face.
Frequently Asked Questions
What is the difference between Workshop and Santa?
Santa is the open-source macOS security agent originally created at Google that controls what software can run on a Mac. Workshop is the enterprise management platform built on top of Santa. Think of Santa as the enforcement engine on each endpoint and Workshop as the centralized console where security teams manage policies, approval workflows, and threat intelligence across their entire fleet.
Will Santa slow down our Macs?
No. Santa is engineered for performance and uses minimal system resources. On a typical fleet, it normally uses well under 0.5% CPU and under 150 MB of RAM, even on developer machines doing frequent builds and executions. Most users never notice it's installed.
How is prevention-first security different from EDR?
Traditional EDR tools detect threats after they've already executed on your systems, then try to contain the damage. Workshop and Santa take a prevention-first approach: unknown or unapproved software is blocked before it ever runs. This stops threats like infostealers, ransomware, and zero-days at the point of execution rather than chasing them after they've already accessed your data.
Won't allowlisting block the software my team needs?
This is the biggest misconception about allowlisting. Workshop solves the productivity problem with flexible approval workflows, including self-service approvals, designated approvers, and social voting (the same approach Google used to manage 100,000+ Macs). Package Rules also automate allowlisting for popular ecosystems like Homebrew, npm, and GitHub Releases, so routine updates are approved in seconds, not days.
What macOS threats does Workshop protect against?
Workshop and Santa defend against infostealers (like Atomic Stealer and Paradox) that target credentials, browser cookies, and SSH keys. Beyond binary authorization, Santa's File Access Authorization prevents unauthorized apps from reading sensitive files, and USB/SD blocking stops data exfiltration via removable media. Together, they cover execution control, file protection, and device security.
How long does it take to deploy Workshop?
Most organizations start in Monitor mode, which gives full visibility into what's running across your fleet without blocking anything. From there, you can gradually move to Lockdown mode at your own pace, using Workshop's risk engine and approval workflows to build your allowlist. Many teams are fully operational within weeks, not months.
Does Workshop work with our existing security tools?
Yes. Workshop complements your existing security stack rather than replacing it. It integrates with threat intelligence sources like VirusTotal and ReversingLabs, supports custom webhook plugins for your own tooling, and provides Slack-based approval workflows. Santa's rich telemetry can feed into your existing SIEM for unified visibility.