Yeah the article is really speaking on the perspective of if you were a business operation trying to use a UTM or L3 firewall to scan network traffic on behalf of your customers.
If you have endpoint security, said encrypted malware still has to be decrypted somewhere on your host and at that point, a memory or file or AMSI scanner should pick it up.
Plus, as the article mentioned, behavior blocking is another good strategy.
Malware is simply being lazy if HTTPS is enough to hide it. For any obscurity HTTPS provides, malware can simply be rewritten to encrypt or obfuscate their payload and then it’s hopeless to scan a network stream again.
Remember too if you are in the USA, using gateway/router level SSL interception can be a HIPAA violation so you have to carefully whitelist healthcare related services, etc. It’s just a pain. I think the real takeaway is you can no longer just place a device on your network and have it replace endpoint security.