The problem with most security tools is you really don't know how well they are working.  Sure, you occasionally see what they catch, but doesn't that make you question what they missed?  A robust security solution should ensure that you are aware exactly what is happening at any time.  

One of the easiest places to start, is by segmenting every host to the least privilege it needs with any other host in your datacenter, whether it be physical, virtual or cloud based and more likely a hybrid of the 3.  By ensuring that only the required traffic is happening, it is very easy to alert when one or more of the hosts makes an effort to circumvent the lockdown.