The paper has many good points. My solution is based on two signature based IDS units (one inside and one outside) and two hueristic (anomoly) based units configured the same way. I have a management console where I gather info from these appliances and from other devices such as firewalls, routers and a few other open source utilities where I can paint an exact picture of events both real time and historical. No, I won't give out the names of the products .