This article describes the built-in malware and suspicious application protection for macOS, Gatekeeper, xProtect. For additional, more detailed information on macOS security, refer to this Apple support article.
XProtect is a built-in security feature of macOS, it is enabled by default on all macOS versions after 10.6. XProtect warns the user when they are opening a downloaded a file or application from the internet, and also keeps a list of malicious files (file signatures) to quarantine if they are ever introduced to the machine. Apple issues the updates for XProtect separately from regular OS updates, and on a more routine basis. By default, macOS checks for these updates daily.
An example of an XProtect alert:
Additionally, macOS has built-in malware removal capabilities (MRT) that can automatically remove malware even after it has been installed.
Gatekeeper is a built-in security feature of macOS, it is enabled by default on all macOS versions after 10.7. Gatekeeper prevents malicious applications from installing by verifying that downloaded applications come from a trusted source before allowing them to be installed on the device. You may be familiar with Gatekeeper alerts, as shown below.
Learn more about Gatekeeper on Apple's support site, here, and here.
Web Browsing Protection
Safari for macOS has built-in security features to provide a secure browsing experience. The primary security feature is that Safari can alert the user when they've browsed to a "fraudulent website."
To learn more about this feature and for steps on ensuring that it's enabled, see this Apple support article.