Obviously, examination ahead of and right after patching. You should be during the habit of examining the login/logout occasions of users. Commonly a spot Check out will do. Individually, I just check for nearly anything out of the common. For illustration, a VPN user logging in at 2 PM from unrecognized IP handle should be a red flag. It really is