It’s fully possible—and perhaps even likely—that your system will be infected by malware at some point despite your best efforts. How can you tell for sure?
When you get to the level of corporate IT, there are also more advanced visibility tools you can use to see what’s going on in your networks and detect malware infections. Most forms of malware use the network to either spread or send information back to their controllers, so network traffic contains signals of malware infection that you might otherwise miss; there are a wide range of network monitoring tools out there, with prices ranging from a few dollars to a few thousand.
There are also SIEM tools, which evolved from log management programs; these tools analyse logs from various computers and appliances across your infrastructure looking for signs of problems, including malware infection. SIEM vendors range from industry stalwarts like IBM and HP Enterprise to smaller specialists like Splunk and Alien Vault.