Every business we visit has a firewall. Most of them believe that means they are secure. A firewall is a perimeter control. It inspects traffic at the network boundary. It does nothing about the laptop that got infected via a phishing email. It does nothing about the employee who brought in a USB drive. It does nothing about the attacker who already has valid credentials.
What a firewall actually does
A next-generation firewall inspects inbound and outbound traffic, blocks known malicious destinations, enforces application control, and can decrypt and inspect SSL traffic. This is valuable. It stops a category of threats. It does not stop threats that originate inside the network, that arrive via email, or that use legitimate protocols to exfiltrate data.
Endpoint detection and response
EDR software runs on every endpoint: laptops, desktops, servers. It monitors process behavior, file access patterns, network connections, and registry changes. When it sees a process doing something unusual, like a Word document spawning a PowerShell process, it can kill it automatically and alert your team.
Traditional antivirus matches against a database of known malware signatures. EDR looks at behavior, which means it catches new threats that have no signature yet. For businesses in 2026, EDR is not a nice-to-have. It is the difference between catching ransomware in the first 30 seconds and finding out about it when files start disappearing.
The human layer
Phishing is still the most common initial access vector for cyberattacks. Not because businesses have not heard of it, but because the emails keep getting better. Spear phishing targeted at a specific person, using real context from their LinkedIn and email history, is difficult to recognize even for technical staff.
The controls here are: multi-factor authentication on every account so that a stolen password alone is not enough, email filtering that catches known phishing domains and suspicious attachments, and regular simulated phishing exercises so staff recognize and report attempts rather than clicking.
Patch management
Unpatched software is one of the most exploited attack surfaces in corporate networks. Most organizations have a mix of operating systems and applications at different patch levels, with some machines that have not received updates in months. Attackers use publicly disclosed vulnerabilities that have patches available but have not been applied.
Patch management does not need to be complex: a policy that defines how quickly critical patches are applied, a tool that reports compliance, and someone accountable for the numbers. The specific tool matters less than the discipline.
Network segmentation
Even with EDR deployed, assume that an endpoint will eventually be compromised. Segmentation limits the blast radius. A ransomware infection on a staff laptop should not be able to reach the accounting server or the backup storage. VLANs and firewall rules between segments mean that lateral movement, once inside the network, is restricted.
What a minimum viable security stack looks like
- Next-generation firewall with IPS and SSL inspection
- EDR on all endpoints and servers
- MFA on all accounts, especially email and VPN
- Email filtering and anti-phishing
- Network segmentation by device class and function
- Defined patch management cycle with accountability
- Offsite or cloud backup that is tested quarterly
None of these items is exotic. None of them requires a dedicated security team to operate. They require configuration, discipline, and someone who reviews the alerts. That is what managed security services provide: the configuration, the discipline, and the review, without requiring you to hire a full-time security engineer.