IMO if you just rely on one particular security device or product for your defenses, you are bound to get attacked and lose at some point. SEP is a great product when configured properly, it needs maintenance and tweaking, but it's not the be all end all solution.
A good webfiltering product that can stop threats from being downloaded is a great first layer. Symantec's WegGate appliance is a good option here, or their hosted solution through their MessageLabs acquisition.
Then there is email filtering and anti-spam. There is brightmail, mail security for Exchange, and yet again a hosted solution.
Then you get into a good patching system that not only patches MS products, but also 3rd party too, like Adobe, Java, etc...
Then there is user education. There is no substitute for getting users to stop clicking on things they dont know.
Above all, diligence.. Setting up these products and not hand holding them on a daily basis will allow things to get through. But security in layers is always recommended.