Network firewalls and intrusion prevention systems provide some security benefits but are not sufficient on their own to protect applications. Web application firewalls provide additional security when threats target specific applications and data. The document recommends Citrix Application Firewall as an essential layer of protection that network and intrusion prevention systems lack.