Problem is, most hacker's exploits (not the older ones like SubSeven and BO 1.20 or Script Kiddie stuff) will get around these lightweight firewalls
You clearly don't have a clue what you're talking about here.
Sub7 or BO are not exploits they are simply "malicious remote administration tools" mostly trojans.
A decent configured firewall should stop almost everything, like the Blaster worm for example, if you have a properly configured firewall you wouldn't have gotten infected.

An exploit well, does what it says, it exploits a bug.
Trojans and **** don't exploit bugs.

Of course like you said a layered defense is much better, and of course necessary for a company. Solution: a router