This is a necessary service
It is a reasonable assumption that untested security will be faulty.
Securing network facing systems against attack from the network is an ongoing effort. Testing must therefore also be ongoing. A system that is attacked unsuccessfully cannot be proven secure (deductively). However a system that is attacked successfully is thereby demonstrably insecure.
I doubt very much that systems sitting on top of Microsoft Windows or Linux can be proven secure by analysis. They are too complex. Since they are always changing, they have too many unknown states that they can get into. An inductive 'proof' that the system is secure by tested resistance to attack is the only way to get reasonable assurance that the system is even nominally secure.
It is likely that in practice, systems will be breached much more often than their owners might expect. My instinct is that untested systems can be assumed insecure against a professional attack. Better if attacks are done by a white hat working for you rather than a black hat working against you.
I am not (by choice) expert in cracking systems. I can't say to what extent an adaptive hardware firewall is secure. However I expect it would prove much more resistant to attack in practice than a system without one. The corollary is also true, I think. A system lacking an adaptive hardware firewall is likely much *less* resistant to attack.
Perhaps people who spend more of their time managing client networks can comment: How important is it to place an adaptive hardware firewall between Internal and External networks?