More than a decade ago I managed a couple of software testing and quality control labs for a very large insurance company. Some manager noticed that my labs had never been down due to a virus infection. When asked how I managed that I explained that I (il) checked each machine every day to be sure the antivirus software was updated and scans were running; (ii) made sure the firewall was updated and that it was blocking questionable sites; and (iii) monitored the end users for inappropriate behavior.
That wasn't what the manager wanted to hear, looking for a magic bullet I guess, but it is STILL the best way to protect your endpoints and thus your network. Eternal vigilance applies to you computers as well.