Some of the Enterprise wireless vendors have countermeasures in their products for deauth/mitm/evil twin/ and many other attacks.
I don't work for the company, but I am a fan and a customer. Aruba has some really nifty features. Others do this as well, but Aruba was one of the first.
http://www.arubanetworks.com/pdf/products/DS_WIP.pdf

The Aruba Instant don't require any additional infrastructure and something like the RAP-3WN can be found on Ebay for fairly cheap.

Crank up the defense settings, and your AP will literally attack back when it detects a known attack on your network.
It'll frustrate the heck out of the kiddie running backtrack on your block when the tutorials he's watching on youtube on hax0ring wifi don't yield results.

WPA2 with a strong PSK should be sufficient, but if you want to take it to the next level use EAP-TLS and set up your own PKI. Make sure to validate the CA certificate so you're not susceptible to MITM attacks.

I wonder if they were using "off the shelf" open source tools to collect this information.

By default Kismet will log the pcap file, gps log, alerts, and network log in XML and plaintext.
http://www.kismetwireless.net/documentation.shtml

It is entirely possible that they were using off the shelf open source tools and this log type was simply not turned off in the configuration file.