Monitor Mailing Lists
Security mailing lists are a good place to get information about new exploits and new exploit techniques. Although you don't have to read and analyze all postings, I recommend closely following the messages and threads that deal with systems and applications on your most valuable and vulnerable systems. Most people wait to release the details of an exploit until after the vendor has released a patch, but some do not. Regardless of whether the exploit is posted before a fix has been issued, these postings are more dangerous because you cannot easily fix the problem. Some posters do provide workaround measures that can help mitigate the problem until a patch is released.
Spending time monitoring mailing lists should be mandatory and considered part of your job. An administrator's job is maintaining the operation of the network, which involves security. Whether administering a network or a Web site, if you are leaving the door open for intruders, you might not be doing everything that your job entails. Depending on the size of your organization, you might need outside help or additional personnel.
By monitoring security mailing lists, you can get this information at the same time that the rest of the world does and can take action accordingly. If you ignore these lists, you might be unaware of a brand new exploit to which you are vulnerable. Because an exploit is brand new, your IDS might not detect it. Some of your other security layers, such as server security, might protect you, but this depends on your configuration. With mailing lists, you, not the vendor, can control your security infrastructure.
Security Discussion Mailing Lists
Bugtraq (sponsored by Security Focus): http://www.securityfocus.com
Windows mailing lists: http://www.ntsecurity.net/