Historically, internal networks have been considered the secure enclave. But modern threat landscape is changing this attitude, also reflected in Zero Trust model that is based on perimeter-less defense paradigm. Just look at social engineering – more than 80% of successful attack started with some sort of social engineering. Internal user being tricked into revealing her credentials or other secrets, effectively letting intruder into the corporate network regardless of network architecture.
As companies adopt to market changes, undergo M&A cycles and implement new solutions, corporate networks become layered with defensive solutions resulting in non-transparent, sparsely documented and costly to maintain infrastructure. Chasing next business requirement, it is never a good time to look back, reassess and realign.