All successful cyber attacks of the last ten years have one thing in common. It is access to a privileged account, an abused admin account, a service account, and a third-party partner with full access. Attackers consistently exploit privileged accounts with the same pattern, and that is a risk that ITButler x Sectona actively addresses.
The 2024 Verizon Data Breach Investigations Report shows that stolen privileged credentials caused 80% of security breaches, while intentional or accidental misuse drove 87% of all incidents. According to IBM’s threat intelligence, the use of legitimate credentials to access systems increased by 71% year-over-year. And for the first time in 2024, cybercriminals found legitimate accounts to be their most frequent method of gaining access to enterprise systems. The cost of a credential breach is at $4.8 million per breach on average.
Privileged access is a business issue. It’s a business risk that falls squarely at the crossroads of security, compliance, and business continuity. That’s why ITButler e-Services decided to choose the Sectona company for Privileged Access Management (PAM). We are now offering it as both a licensed product and as a managed service to our customers with the support of our Security Operations Centre (SOC) in Riyadh.
What Is Privileged Access and Why Does ITButler x Sectona Say It Keeps Getting Exploited?
Privileged accounts hold the keys to the kingdom. Active Directory admins, database superusers, Linux root account, and service accounts control critical systems and automated processes. DevOps pipelines with secrets hardcoded in source code, and these are all privileged accounts. Thus, a breach of any one of these accounts leads to a cascading breach of the system.
The problem is size and complexity. An average-sized enterprise may have hundreds of privileged accounts across on-premises and cloud servers, SaaS, and vendor accounts. Organizations struggle to track who has access, when passwords change, when they record sessions, and when least-privilege policies apply.
In addition, surveys show most organizations keep standing privileged accounts, and many maintain unused accounts that act like unlocked doors. Meanwhile, 56% of IT leaders who tried to implement a PAM solution didn’t achieve their goals because of complexity. On the other hand, 58% of CISOs report that they would like a better PAM solution. Unfortunately, they believe that the options they have are difficult to manage or cost too much to run. So the PAM problem is real.
Why Sectona PAM Matches the Way Organizations Really Work
Sectona founded its company in Mumbai, India, to deliver PAM services that enterprises can implement independently. The company designed the solution to operate without lengthy professional services or the high-cost investments charged by other vendors.
Sectona now has over 1,000 customers in 17 countries, including in the finance, government, manufacturing, energy, and services industries. Over the past few years, Gartner® Peer Insights™ named it a Customers’ Choice for Privileged Access Management, earning high ratings and strong recommendations. Customers in this competitive, high-stakes category consistently praise the platform, reflecting satisfaction with its performance, reliability, and ease of use.
What the Sectona Platform Does
Sectona’s platform is designed to deliver unified privileged access control, built around four pillars of capability:
1. Privileged Access Management (PAM)
Centralized and protected storage, rotation, and management of passwords, SSH keys, and application secrets are essential to secure. So ITButler x Sectona platform delivers them. Organizations define who can access which assets and when, enforcing clear policies for all privileged accounts. The system isolates sessions, logs activity, detects anomalies, and grants Just-in-Time access only when requests receive approval.
2. Endpoint Privilege Management (EPM)
Malware and ransomware are the biggest endpoint threats today. EPM manages administrative rights elevation on Windows Endpoints, ensuring users and processes cannot run with elevated rights unless explicitly permitted. Thus, this removes a significant threat vector that endpoint security tools can’t address, a gap that can be closed with ITButler x Sectona.
3. DevOps Secrets Management
Hardcoded passwords, API keys, and other secrets in scripts, build and deployment pipelines, and configuration files remain a common security challenge in development. Sectona’s secrets manager rotates and vaults these automatically. It communicates via RESTful APIs with existing DevOps toolsets, a capability enhanced by solutions such as ITButler x Sectona.
4. Cloud Access Management (CAM)
For companies with workloads on AWS, Azure, or hybrid cloud, CAM extends the same identity and access governance to cloud identities and infrastructure.
Through the system, privileged account reconciliation can be reduced by as much as 99%. It eliminates the need to maintain spreadsheets and automate discovery, onboarding, and account lifecycle management. Thus, making ITButler x Sectona a viable solution for those looking for efficiency and control.
In addition, Sectona also provides deployment options for on-premises, cloud, and hybrid environments with a distributed architecture for multi-site or multi-region deployments. The option to deploy on-premises or in-Kingdom cloud environments supports the Saudi PDPL data residency requirement for organizations operating in Saudi Arabia.
Why Saudi Arabia’s Compliance Landscape Makes PAM Non-Negotiable
The compliance landscape in Saudi Arabia has become far more stringent in the last three years. The National Cybersecurity Authority (NCA) Essential Cybersecurity Controls (ECC), the Saudi Central Bank (SAMA) Cybersecurity Framework, and the Communications, Space & Technology Commission (CITC) controls all mandate privileged access controls as a requirement for compliance.
In addition, SAMA compliance requires the use of PAM, multi-factor authentication, role-based access controls, session management, and periodic access certification. The absence of these controls creates compliance risk for organizations.
The NCA framework also requires companies to follow least-privilege principles and keep audit logs of privileged activity. They also have to demonstrate that they maintain an active governance program of privileged identities across their environment. PAM is not optional in this environment. It is a compliance deliverable.
In addition, it’s a regional imperative, too. Data breaches in the Middle East and Africa in 2021 grew by 56% over the previous year. The region is increasingly the target of cyberattacks on critical infrastructure, financial, and government systems. Sectona has shown growing interest in the Kingdom. They have held multiple meetings with Saudi government representatives to support Vision 2030 goals. Plus, the company has also exhibited at Black Hat Middle East for four consecutive years.
ITButler Brings Sectona to Saudi Arabia and the GCC
ITButler is the Sectona reseller in Saudi Arabia and the GCC. However, the discussion does not have to culminate in a license delivery.
1. Sectona as a Licensed Solution (Resell)
In cases where you have an internal security operations team to manage and operate the PAM solution, ITButler provides Sectona as a licensed solution. This includes:
- Pre-sales assessment and design: Profiling your privileged accounts and access policies, and designing a deployment plan
- Deployment & configuration services: It includes on-premises, cloud, or hybrid deployments
- Integration: Connect Sectona with your SIEM (Elastic, QRadar, Splunk), ticketing, LDAP/AD, and your DevOps pipeline via REST API
- Knowledge transfer and training: Enabling your team to operate, fine-tune, and scale the platform
- Support post: Provide post-deployment support and upgrades.
2. PAM-as-a-service (MSSP)
Organizations can gain privileged access security without building an internal PAM team by using ITButler’s managed Sectona service. ITButler delivers this through ISO 9001, ISO 27001, SOC 2, and ITIL 4 security operations centre in Riyadh. With the managed option, ITButler provides:
- Privileged account discovery and management: Ongoing discovery of new privileged accounts as they are created
- Policy enforcement and access reviews: Regular access reviews and entitlement reviews in line with your NCA/SAMA audit cycle
- Privileged session monitoring and alerting: Continuous analyst monitoring of sessions with escalation processes for suspicious activity
- Incident response integration: PAM events are directly integrated with ITButler’s DFIR-capable SOC for incident response
- Compliance reporting: Audit-ready reports for NCA, SAMA, ISO 27001, and PCI DSS at your request.
In addition, managed services are ideal for mid-sized companies, subsidiaries of multinational corporations, and any company moving rapidly under the Saudi Vision 2030 programs.
What “Least Privilege” Actually Means in Practice
Least privilege is a simple idea of granting users access to the resources they need and revoking access when it is no longer needed. This is easier said than done in a diverse environment of hundreds of systems, vendors, and contractors. Least privilege with Sectona comes in three forms:
- Just-in-Time (JIT) Access: Persistent admin rights are eliminated. A user with permission to do a task requiring admin rights requests access for a specific duration, which is then approved. It is provided for the requested time and removed. There are no admin passwords to steal, a threat that ITButler x Sectona helps prevent.
- Session Isolation: All privileged sessions are proxied via Sectona. Sectona never provides users with credentials. They log in via an isolated session that Sectona logs, tracks, and can terminate immediately in the case of suspicious activity.
- Behavioral Analytics: Sectona creates risk profiles for every privileged user based on a baseline of past activity (a capability that is enhanced by ITButler x Sectona). The system triggers a risk-scored alert whenever users log in at unusual times or perform actions outside their normal access.
In addition, these measures reduce privilege management from manual control to an automated process. The type of policy that will pass audit, making ITButler x Sectona a good compliance and security solution.
Who Should Be Reading This
If you are an organization that fits any of the descriptions below, then you are the one:
- Banks and other financial institutions regulated by SAMA: PAM is mandatory, and the next audit will require it.
- Public sector and critical infrastructure providers under NCA ECC: There is a need for least privilege and privileged access monitoring.
- Companies in the midst of digital transformation or moving to the cloud: Every time you create a cloud instance, you must actively govern the privileged access.
- Organizations with remote employees, contractors, and vendors: external users with privileged access are your biggest risk
- Companies that have had an incident: As part of recovery from an incident, privileged access governance is always a weak point.
The PAM market is growing at 21.72% CAGR and will be worth $13.83 billion in 2031. The services and managed services market is growing even more robustly at 24.40% CAGR, as the market understands that purchasing a product is not the same as delivering a capability.
Start Securing Privileged Access
PAM deployment doesn’t have to be a year-long project. Sectona’s platform deploys quickly, auto-detecting and onboarding assets to ensure immediate coverage.
ITButler’s approach to deployment is step-by-step. We start with your highest privilege risk accounts (domain admins, database superusers, and critical access accounts) and establish a basic vault and session recording capability, then broaden coverage as needed. This keeps the program manageable and provides an immediate return on investment by reducing risk. And whether you’re looking for a fully licensed internal deployment or a Managed PAM service, ITButler’s SOC team in Riyadh delivers the same result.
ITButler e-Services is a Sectona reseller and Managed Security Service Provider in Saudi Arabia, the UAE, and the rest of the GCC. ITButler’s Security Operations Centre (SOC) in Riyadh is ISO 9001, ISO 27001, SOC 2, and ITIL 4 certified.
So contact ITButler to arrange a free Privileged Access Assessment of your environment.
