You can use a security plugin for application-level security, however at the server level please note that we are already regularly scanning for malware.
If you plan to migrate a site to Indystack, before the migration process starts you should disable any security plugins. You can re-enable them after the migration has been completed.