You need both. For example, your firewall and intrusion prevention system (malware, etc.) may do a fantastic job at identifying incoming attacks. However, you also need egress detective and protective controls. For example, your DLP system can help identify data exfiltration – egress – and your network behavior anomaly detection appliance can help identify potentially compromised hosts communicating to command and control servers.
There's actually much more to write about on this topic. But for now, suffice to say that intelligent context and control of communications are important from both perspectives.