Practical El Jefe, (Windows process monitoring), by Charles Vedaa

The continuing threat increase is leading to something considered impossible ten years ago, a host based, OS monitoring solution. Author Charles Vedaa describes how to implement El Jefe, a fairly lightweight and economical solution. See the paper here.