Is the security for real?
Do you keep the security level high enough?
The question seems simple. But if the answer is positive, the next answer will be "What is high enough?"
The security camera on the photo is a mock-up. An imitation, used to deter possible criminals. It doesn't watch anything, even if it's installed. Are your security systems for real, is the monitoring you perform for real? The answer is not obvious, even if you have installed a network monitoring software piece and know exactly, what to monitor.
Nowadays, it's not enough to monitor the servers alone, whatever services on them you watch. The fact the service is available and replies with expected data doesn't mean it's in good state.
For example, if the pieces of software installed is of old version and can be compromised, the security is weak. So monitoring vital system themselves is not enough.
Hidden flaws of security
The problem of using insecure software isn't limited with insecure, out-of-date functions. At times less secure configuration can be a possible reason of system malfunction of failure. How to determine there are flaws in configuration?
The two aspects of problem have no fully automated solution. Several pieces of software do have a mailing list or other means to notify of out-of-date components or security threats. Most, however, do not. The only means to be in course of events is to follow all the news on security-related forums and software sites and react immediately to every new threat published.
Talking of studying log files, it's relatively easy to detect how much time a given string is found in a given log file (say, ssh log file registers all login attempts, so if anything strange happens, it's better to be notified as soon as possible).
Also, a good advice is to install intrusion detection piece of software such as Snort, update its rules on a regular basis and use its notification features to measure the security risk level and/or signal alerts.
Monitoring software may be the dashboard of all your security setup; it's relatively easy to report all the important news to the single command centre and raise a relevant alert condition when necessary.
Security isn't a one-time set of action. It's philosophy, discipline and everyday, routing work on researching the security world and being alerted prior to the possible flaws are exploited.
