Security product vendors often say that their products will block malware or trojans from getting into your network. This is slightly misleading. They should say that these products can block malware and trojans. To get them to actually block threats into your network they have to be configured properly. This is one area where you don't want them deployed by someone that can figure it out or fumble through it. Recently the thermostat in my house stopped working 100%. It worked just fine if you wanted air conditioning. However, if you wanted heat you were out of luck. Before we knew it was the thermostat we contacted a local heating and air company. We figured it was the heater. We weren't experts on HVAC systems but it seemed reasonable if the heater wouldn't come on and the AC would that the heater was out. Once they inspected everything we learned that it was the thermostat. It took hiring the right people to make the determination and what our proper path was to restore heat to the upstairs. I had no idea what to do with a heater.
As an American male I understand the desire to give it a shot myself first. We look at a problem or a situation and our brains immediately go to how can we do it ourselves or with a group of buddies. If there is a tree down in the backyard our first thought is how soon can we get to the store and purchase a chain saw. We have it all worked out in our head that we need to cut here and there and we fast forward all the way through the project.
With data security things can't be done with the same attitude. In the network security field we have to change our approach from reactive to proactive based. It isn't what we will do once the tree falls down, it is what can we do to keep the tree from falling.