Instead, vendors differentiate themselves in how they process the malware samples, how they manage that information, and how they set up the detection, he said.
That means that customers don't have to sign up for multiple antivirus services, said Craig Young, security researcher at Tripwire, but he added that it can be an advantage to have different sets of eyes looking out for you.
"You don't want to be loading up endpoint workstations with multiple antivirus," he said. "But one approach might be that your email server has one brand of antivirus software that monitors all emails, your intrusion prevention system might be using a different antivirus engine, and the actual computers themselves might have yet another engine to just ensure that nothing is slipping through the cracks."
In fact, different antivirus engines are often bundled into different security products, so an enterprise would get multiple takes on this automatically.
Both Corrons and Young warned, however, that antivirus detection is not enough, and enterprises need multiple levels of defense.
"A tiered approach is the only way to have any semblance of security, in my opinion," said Young.
Everyone is constantly under attack, said Corrons.
"Medium and large companies -- they have to assume that they are already compromised, and that someone is already inside their network," he said. "Mainly, in most cases, because it's already true."
Enterprises need to look at investing in technology that helps discover infections after they have already infiltrated their systems, instead of relying only on perimeter defenses.
Sign up for CIO Asia eNewsletters.