Realtime alerts and notifications should trigger actions if users are in violation of predefined rules.
You can hear more about these things in the latest Virtualization Security Roundtable episode where we have Michael Hlebasko from IdentityLogix as a panelist.
http://www.virtualizationpractice.com/resources/virtualization-security-podcast/
http://www.talkshoe.com/talkshoe/web/talkCast.jsp?masterId=34217&cmd=t
IdentityLogix: http://www.identitylogix.com/