Backdoors: are you prepared? White paper from Tripwire, a leading provider of advanced threat, security and compliance solutions, focuses on what’s considered to be the most overlooked compromises that take place, those affecting ports, processes, users and code.
A good security solution should be actionable. For instance, the moment a new user was activated an automated tool should have reported or deleted it. The moment the new file was installed on the system, another action should have taken place to notify staff, determine if the file was authorized and, if not, flag it to be deleted or immediately quarantined.
Tripwire’s white paper is available here - http://www.tripwire.com/register/backdoors-are-you-prepared/showmeta/2/%20/