“It would seem reasonable to assume that the average enterprise has well defined security procedures -- everything from ensuring that the proper endpoint solutions are in place, to having a plan for when an incident is detected. For mission critical assets, there are higher security requirements. You would expect a bank to implement the highest possible security measures for their online banking functions in order to protect both themselves and their customers against fraud. For such assets, encryption, Web application protection, and DDoS protection are pretty much a given cost of doing business.
The internal IT team generally has a good idea what assets exists in their datacenters. Routine internal network scans help to identify anything that wasn’t tracked properly, or that one test VM that you were playing with just before vacation and forgot to shut down. Networks are ever-changing, and subject to drift over time, it’s rare to scan a network twice and get the same results. With proper IT procedures, however it is possible (though not always easy) to have a good idea what is living in your datacenter.”