From almost the dawn of the public internet, threat actors identified the user-browser-user device combo as the best, most-direct access route between the web and enterprise systems and, therefore, the best conduit for delivering malware and executing cyberattacks.
By the late 80s, security-conscious organizations were sufficiently concerned about network intrusions and began developing anti-virus software to scan their systems and remove threats that were found. Firewalls were created to restrict the spread of viruses that got in. Both of these technologies, which by the early 90s were being offered commercially by early entrants into the cybersecurity space, took a “know-your-enemy” approach of implementing defenses against specific forms of known malware.