So how do you defend yourself against security attacks effectively?
Avoid falling into the trap that there is a single solution to solve your problems. The best philosophy is to provide "defense in depth" where you have overlapping protections; even should some mechanisms fail or be penetrated, others can back them up.
Whenever practical, a security policy of "that which is not expressly permitted is denied", and a rigorous implementation of it, is one of the best basic security defenses you can have. Functionality that your system does not have or does not provide cannot be exploited.
Remember that security is a process, not a product, and hence an ongoing commitment to keep your system updated and monitor its status. Systems left to run on autopilot are more likely to be exploited.
Besides having an understood security policy to define what your system should and should not be doing, being aware of your system's normal behavior and operational patterns helps you realize when abnormal things are happening, which are often signs of security issues.