Elastic Security's machine learning-based anomaly detection has introduced new unsupervised machine learning jobs designed to detect unusual network activity, with a focus on geographic anomalies. The approach leverages a combination of endpoint, cloud, and network data, similar to the strategic "nuclear triad" concept, to provide a robust detection system that reduces the likelihood of missing threats. A case study demonstrated the effectiveness of network data in identifying anomalies, such as unexpected traffic to Russian IP addresses, which led to the discovery of malware in a lab environment with incomplete endpoint coverage. Geographic analysis of network logs is highlighted as a valuable tool for uncovering unexpected patterns and potential threats, given that malware infrastructure often resides in the developers' home country, creating detectable geographic anomalies. This method is particularly useful in scenarios where endpoint instrumentation is lacking or incomplete, underscoring the importance of a multi-faceted detection strategy.