The best answer, of course, is both. However, if you are only going to have one audit, most people think it should be AFTER your own IT professionals have implemented the very best solutions they know. This can be a costly mistake.
It is better to have your audit, or what we refer to as your review, BEFORE you spend money on paying for the wrong solution you thought would make your network secure. As with any major purchase, it is helpful to have third party input about what solutions are working best in the real world right then. In addition, frequently, you do not need to purchase anything new to make your network more secure.
I have had clients in the past that say, “Let’s fix things ourselves first and then bring Mike in” and, when I get to the office, the client ends up wishing they had talked to me first. Often, organizations waste too much money going down the wrong path. One of the big payoffs to you of the review is that you can go down the RIGHT path from the beginning.
Save yourself time and money – be sure to choose the best solution the first time by having a review before making big changes in your network.