HOW TO PROTECT YOUR NETWORK SECURE
First of all you must Scan you network and check there should be no outdated software , antivirus or firewall etc your network should be fully patched and every thing should be updated. You must know you risk.
You must know your vulnerability (weakness) in your network. You should check your network and check if any vulnerably in the network you must solve it. You must guide to your domain users never download suspicious file or files from social networking websites. Although you have implement firewall or IPS but attacker can compromise your firewall.
You should try to crack your active directory users password using brute force attack or etc, you must guide or users to put strong and combination password and it should be changed every two or three weeks. You should perform penetration testing.
Social engineering are the most conman and easy attack to know your active directory passwords or access your network get together with users and guide them about social engineering attacks.