Hmmm, you've kind of answered you question yourself..
The reason a custom solution is better is exactly as you have mentioned, lack of facilities...
You get the chance to add/remove whatever you like...
The downside of a custom solution, is it doing enough?
I would expect a company like Cisco to know what they are doing, which is why I install antivirus software and personal firewalls on workstations.
If I don't, I get to clear up the mess later...
So, Cisco & many others
do know what they are doing, but do you know if it good enough??? Hmmm???
Without auditing their systems (do you know what to look for even?), it's a guess they are doing what you want...
So I like custom solutions, once I am sure I know what I am doing..
Until then, I recommend learning quickly, and the fastest tool is information, IDS logs, packet sniffers/loggers, firewall logs, proxy logs etc, & a good source of documentation.
I suggest you have a good look at the
snort project, snort-inline and even
hogwash to get an idea of how attacks are crafted and how to structure (many levels) protection.
As far as the speed is concerned, snort on a T1 wouldn't be a challenge.
It is quite processor heavy, which is why HogWash and others were developed.. but it handles much faster LANs than a T1 can feed data.
I personally favour the "inline" filters, (even if it's just for logging). They can be built as ethernet bridges so physical installation is a breeze..