sophisticated Defense Department tools
"The hacks are troubling in that they appear to have rendered useless supposedly sophisticated Defense Department tools and procedures designed to prevent such breaches. The department and its branches spend millions of dollars each year on pricey security and antivirus software and employ legions of experts to deploy and manage the tools"
No amount of tacked-on 'security' will secure 'webservers'. What is needed is embedded hardware providing a secure VPN and PKI infrastructure. That way you only have a single set of nodes to watch instead of multiple/differing Windows configurations. That way if a 'webservers' is vulnerable to an 'SQL injection attack', the hackers won't see it. Else you expend energy in futile solution such as above.