From what I understand you already have in place policies/procedures and all that stuff.
My advice is to take a look on Time Based Security (was written in 1999, but still gold).
The main formula for Time Based Security:
Pt>Dt+Rt
If the amount of protection time (Pt) you offer is greater than the
sum of the detection time (Dt) and reaction time (Rt), then your
systems can be considered secure.
Based on that, try to improve your defence :),
Over the years, I realise, not only good firewalls or IDS can help me for a good security. An analytical thinking also help a lot, you just need to step back and look at what happen and try to see what you can improve. From my opinion a BIG percentage of the security problems are in procedures/policies and not on your firewalls/IDS.
https://www.hackinparis.com/slides/hip2k12/Winn-Keynote.pdf