IPS / IDS
Not only stops attacks, it provides you with reports that can be used for auditing purposes. Policies can then be enforced with application layer controls that actively terminate unauthorized types of traffic that firewalls are not normally capable of understanding.
