I would think that the best security strategy is a series of maleware detectors where each searches for different exploits. Picture a series of nets, each finer as the one before moving from the outer towards your connection. Simpler exploits (outer) to the most complex inner (your computer). A Load balancing of security measures so as to not bring communications to a crawl. Utilizing DNS security to filter suspicious websites so they don't appear in your searches. Next, a network router that would filter something like disallowed connections, ,DDOS attacks (if that's possible, IDK), .Then a network security appliance that filters suspicious packets and MITM attacks. Maybe heuiristics, but probably not here. Your computer should be able to handle the rest. But it won't have as nearly as much to do.