What security controls can be deployed to monitor users that are potentially in violation of an AUP?

Security controls that monitor for policy violations is a reactive security model. It can be done by monitoring Internet traffic through firewalls, setting up firewall alerts, monitoring security logs, and through security camera footage.

Network traffic that indicates forbidden URL browsing, downloads of forbidden hacking tools, and torrent traffic can all indicate violations.

Further, Endpoint Protection (antivirus) logs can indicate the presence of hacking tools, forbidden software (for example a TOR browser), and illegal downloads on the computer.

Also, camera footage can capture theft and physical stealth activities.