In the good old days, file backups were the protection from ransomware. Now, bad guys have started copying data from the network before encrypting it. Good backups do not protect data that has been exfiltrated.
A nice new feature would be a warning (and possible blocking) after a LAN side device has sent too much data outbound.
The definition of “too much” should be configurable and perhaps, like transmission speed limits, there could be different limits for different devices. The collection of this data is already being done to create the assorted bandwidth reports.