Many organizations have legacy ingress/egress points that will route traffic to and from the Internet. In some cases, these ingress/egress points may have been "forgotten" about and as a result, are not being properly monitored. A well-run Security Operations Center (SOC)/Incident Response Center (IRC) can be highly effective and can greatly improve the security posture of an organization, but only if all ingress/egress points are well known and properly instrumented. To think about it another way, it's like trying to defend the network based on data that simply isn't there. Pretty hard to do.