First and foremost, take stock of the controls that already exist on the network and ensure they are both effective and well-managed.
Most enterprises already have a mixture of firewalls, intrusion detection and prevention systems (IDS/IPS), antimalware packages and other controls.
Are they audited regularly?
Do they have current signatures?
Are they consistently deployed?
Check the basics before even considering adding additional layers of defense.