It’s not that the network is superior to an endpoint or other approaches; they all have their pros and cons. However, the network enables insight and inspires action. From the network, you can see all communications immediately, everywhere, you can look behaviorally and with signatures, you can look back in time, you can interrupt C2, updates to bots and tools.
No matter how dramatic changes to network infrastructure have become, all roads lead back to the network. Whether we are talking virtual, wireless, cloud or otherwise, the network is the one place where you can see it all happen.
The internet is the Enterprise network today given the conglomeration of third party cloud and infrastructure partners there are today. Now more than ever, it is critical to be thinking about how your network interacts with the rest of the internet. This can be one of the most beneficial aspects of preparing for both security and availability threats.
Another great thing about networks is that there are so many layers to monitor, and so many different deployment models depending on which layer you are interested in. Whether you are interested in NetFlow for monitoring a heavy SSL environment, monitoring from a span port, capturing packets in real-time, or a traditional in-line detection/prevention model, the network provides a diverse environment to customize monitoring and response.
No matter how much threats, targets or attackers change, securing a network comes down to understanding the traffic flowing through them.