Many people buy a network firewall and hoist a mission accomplished flag over security. The magic box prevents the bad of the Internet from infecting the good of the interior. But did you know the firewall itself can be taken over, or other internal resources can be traversed, just by your own browser?
The solution is Defense in Depth. Stop thinking about security as a perimeter, start thinking about it as user+resource pairs. Look at a Zero Trust Architecture, its simpler than the other micro-segmentation approaches out there.