Our corporate endpoints run anti-virus/anti-malware software, which is kept up to date and monitored to ensure that it is operational. Our production servers run Ubuntu Linux, where we achieve security by making our production systems immutable and frequently recycling them. This prevents malware from gaining a persistent foothold, and ensures that there is a minimal window in which malware could stay memory-resident. In our view, this approach is more robust than relying on a detective approach to preventing malware compromise.
Updated over a week ago