We regularly scan all of our hosts, physical and virtual, with Nessus, looking for vulnerabilities. In addition, for *nix hosts, we have AIDE configured and running daily reports, looking for new/modified files in critical areas. We also have Sourcefire IPDS sensors littered around our network, sniffing for suspect behavior.
I’m sure I’m missing something. We’ve spent a fair bit of time and money looking for a good balance of security and usability.