Review all server, firewall and network component events/alerts

Security logs allow you to keep a coherent and comprehensive record of any actions taken (who did what and when) and to ensure staff accountability. Where necessary, they can be used to analyse the history of the actions leading up to an exploitation.

A proper analysis of abnormal events for all the critical network components, combined with a validated baseline, allows for the upstream detection of abnormal or malicious actions.