Steve Riley's Blog includes the following post which just shows that even brand new security software can be circumvented.
"A vulnerability exists in which a properly timed buffer overflow attack may evade the protections offered by CSA. The system under attack must contain an unpatched underlying vulnerability in system software that CSA is configured to protect. Another prerequisite for the attack is that a user must be interactively logged in during the attack."
Read the article Crafted Timed Attack Evades Cisco Security Agent Protections