Network processes the network stream by passing it through various filters and detection engines, such s Vantage (signature-based engine that finds threats in the network stream and Synapse, which is a correlation engine).
Endpoint gathers info by proxying communications between SEP clients and Symantec by leveraging SEP's Endpoint Detection Reponse (EDR). It uses Insight, Cynic (sandbox), an AV engine, and blacklists/whitelists, and SONAR to deal with malicious activity.