Most companies have reasonable perimeter security – i.e. a firewall and IDS (intrusion detection system) or IPS (intrusion prevention system). Although security people often view an IPS as the next generation of IDS; it’s important to distinguish between the roles of detection and prevention. Detection helps you understand what kind of attacks are being mounted (or potentially COULD be mounted on the network, and prevention (an IPS) is an access control security countermeasure – a way of keeping the bad guys off your network.
However, in my experience, the same companies with well-managed firewall/IPS don’t have the foggiest notion of what’s leaving their network or what’s happening inside the network.
There is nothing like collecting data and validating the effectiveness of your security countermeasures.
This is why we need network surveillance.