Businesses have spent a tremendous amount of time, money and resources deploying preventative tools and techniques. Yet successful attacks against RSA, HB Gary, Booz, Allen & Hamilton, the United States Military, and many others continue and are examples of how that the enemy cannot be eliminated permanently.
A more holistic approach is required that also puts effort in detecting compromise and reducing the time from successful intrusion to discovery.
Offensive Security involves authorized auditing and exploitation of systems to assess actual system security in order to protect against attackers. This requires thorough knowledge of vulnerabilities and how to exploit them.
Continuous pentesting and maintaining a skilled Computer Incident Response Team (CIRT) are the best ways of limiting the effectiveness of attacks.