The 1990s were this period of irrational exuberance from a security standpoint – I think we are going to be paying the price for that, for a long time indeed. Not knowing what’s on your network is going to continue to be the biggest problem for most security practitioners. The real best practices have been the same since the 1970s: know where your data is, who has access to what, read your logs, guard your perimeter, minimize complexity and minimize complexity, reduce access to “need only””]
Source: https://taosecurity.blogspot.com/2008/11/marcus-ranum-on-network-security.html

