1. 1 Page Consulting for Security
A perfect security can not get just 1 or 2 solutions. That's why most
companies are doing security consulting and Pen test regularly.
IPS covers more wide areas than Web filtering to reduce risk through
network with Pro-active method(there are so many
disadvantages&troubles when using IPS but we still need it) while
Firewall reduce risk with Pre-fixed policy(it just wall or screen but it's
very, very important).
Some common protocol have more vulnerabilities (or they are just using
more than others). Any way, more detailed security needs in HTTP &
SMTP.
So, if your resource allow to get more security, you need to go to next
stage, WAF & SMTP filtering.
Furthermore, and more important thing is that all of the technologies
need to harmonize in a experienced Security Consultant & Architect.
Because it is the Only way to maximize a company's investment &
resource on Security.
In summary, a best security MAP is like this, Firewall + IPS(Basic stage)
-> WAF + SMTP filtering(Intermediate stage) -> Regular checking with
Pen Test + Analyzing vulnerabilities by Security Specialist(Advanced
stage).