What I did as a solo SAAS founder over 25 years ago was radical and totally outside the box --- I wrote my own multi-threaded, multi- tenant web server and database.

Why?

Because the security of canned off the shelf all encompassing solutions was horrible at the time.

By doing this, I have nearly full control and can scrutinize, qualify and filter every single request made of my totally unique software. Nothing comes in or goes out without my approval. My main concern is an issue with the networking stack which I did not write.

After 25 years of being attacked on the open internet on a daily basis, my server security has never been breached to my knowledge. The main security issue I have is small scale denial of service type events which I handle by simply blocking the IPs.