I’m using gitlab-ce and it’s in the cloud at a hosting provider. Correct firewall rules utilising iptables, or if you have other such abilities - eg: AWS has the ability to configure firewall access outside of the VPS/instance, other hosting providers also do offer this. DoS/DDoS protection and other additional products to enhance and protect even further.
So there is a very easy way to demonstrate security review/audits by utilising additional products. You cannot blame gitlab for that. A collection of products are able to do that, it’s not the role of Gitlab to be a firewall, intrusion detection device, web application firewall or whatever in addition to what it is doing right now.
Your image above shows what the EE version does when you pay for additional functionality, of course would need to read the “Feature Details” to find out what exactly it’s doing to see if it fits your needs. But even in addition to this, you should be looking at additional external products for security and not relying solely on gitlab’s functionality.