Keep machines as clean as possible. Remove applications you are not using so that you don’t have forgotten accounts or tools on the machine. The goal is to run as clean a system as possible to minimize the attack surface. It takes only one mistake, one moment of inattentiveness, for it all to go south.
Security tools help you see what’s going on in the network. Use Nmap to scan for open ports that may have been opened during a troubleshooting session. Check which machines are missing which patches and come up with a plan.
The tools are there to tell you what’s wrong and give you the opportunity to fix them before the attackers swoop in. But all the security tech in the world won’t do any good if the sys admins don’t lead by example -- and follow the rules they set for everyone else.