An older article by Chris Sanders but very much still relevant. New vendors, tools and systems come out all the time, but it still comes down to the analyst. Without a good analyst monitoring that IDS or IPS or DLP or SIEM or packet logger or log portal; whatever!, all you have is a shiny box with blinky lights, sucking up electricity.
http://chrissanders.org/2011/01/the-10-commandments-of-intrusion-analysis/
