I just got back from Black Hat and DEFCON. It really opened my eyes to the world of attackers and defenders. The keynotes at both day's briefings were very good. It seemed that the common themes were about DNS vulnerabilities, Web Application Firewalls, Citrix/Zen/VMWare/Hypervisor risks, and Cisco IOS attacks.
I am going to start testing ModSecurity for a WAF and comparing it to other WAFs. I am also going to start using DAVIX for visualizing network data.
Psyche also looks to be a pretty good NetFlow analysis tool. It is too bad that it only supports NetFlow v5 and no IPv6 data.
the Cisco Incident Response (CIR) tool looks promising for Cisco IOS diagnostics and forensics.