Not surprisingly, examination before and right after patching. You should be in the routine of checking the login/logout periods of customers. Generally a place check will do. Personally, I just look for anything at all out of the common. For example, a VPN person logging in at two PM from unrecognized IP deal with really should be a red flag. It t