The single most important factor in keeping your environment secure is making sure you are maintaining updates. Vendors constantly release patches, especially Microsoft, and these updates are crucial to securing your environment. If there was only one thing I could do to secure an environment, it would be updates. In Metasploit alone, there are almost 1500 ready made exploits that are as simple as running search, use, set rhost, exploit.