One of the best ways financial institutions have of protecting critical infrastructure is to monitor system logs, which contain a gold mine of information about the health of the network. When properly configured, logs record the day-to-day activity of system users, administrative changes made to critical production systems, and evidence produced by malicious activity. With the right logging configuration financial institutions can capture the history of a hacker’s activity, from the establishment of unauthorized accounts to the installation of back-doors, enabling them to quickly isolate and repair affected systems after an intrusion.