I highly recommend watching this video since it explains as security in real life should be, instead of installing devices and ticking a checkbox :)
I would resume the talk as:
- Information gathering
- Feed all your information in a SIEM system to monitor the network activity.
- Deception and counter attacks: resource exhaustion, dropping exploits
- Deanonimation and tracking attackers: decloaking and using our DNS to track the attacker.
In my opinion, I would also add Darknets or sinkholes to gain more extra intelligence :)