Attacks against largely unprotected networks in the early to mid 1990’s led to the need to deploy firewalls. These devices were so effective for the next few years, the common belief was that all you needed to stay protected was a firewall. Unfortunately, this mentality remained intact to a large extent until just a couple of years ago. If you wanted to impress your customers, you had a web site. Next, your web site had to be interactive with all sorts of services such as online banking or other transactional applications. Each one of these services being offered to customers added another door attackers could use to compromise networks.
Read this interesting comparison about designing an intrusion defense strategy that identifies the value of business processes, and implements appropriate strategies to protect these systems using a layered defense approach is not only a good security practice, but also a regulation in many cases.