How can a network administrator ever feel comfortable about a given windows-based network? The simple answer is that one can not. Since there are users on the network, there exists a chaotic variable. It is the role of the administrator to dynamically respond in real time to events.
Instead of just throwing programs at problems ("putting out fires"), think of the general concepts that arise, then categorize the programs that you apply in response. Where does the network administrator fit in with these programs? The programs only partial fulfill the goal set by the concept.
In addition to all the configuration tweaking, scripting, and external threats
consider your own incompetence (extremely difficult to see your own blind spots)
assume the network customers are actively malicious,in regards to
resources (CPU, bandwidth)
services (fuzzing the server, exploiting locally accessible exploits)
leaving unsecured passwords about the office
Know that no matter what you do, new unpredicted situations will arise. The reason is the aforementioned chaotic variable: the user. Network administration tasks are ever changing, which leads to the need for dynamic (instead of static) response.
Centralization, automation
More elaborate paranoia (but well-justified: try being a local admin on a network after you have experience as a domain admin)
a single IP accessing many remote IPs. This can signal illicit P2P connections, or bot-like behavior
Internal network anomalies. These would be carried out with someone who has local access on the network (an insider, or someone with illicit local access).
huge file transfers from your primary domain controller (PDC). Non-domain administrator accounts can download the Active Directory (AD) for off-line perusal
huge file transfers from your Exchange server. Non-server administrator accounts on the domain can download the global address list (GAL) for off-line perusal