Yes it works very well for the intended purpose (which isn't actually security). The intended purpose is CYA. As head of security, if you install CrowdStrike or some other vendor, then a compromise becomes that vendor's problem, not yours.
When has Crowdstrike taken responsibility for a hack?
I think it's more like, security is heavily check mark based. Crowdstrike and friends have managed to get "endpoint security"[1] added as a "standard security best practice" which every CSO knows they must follow or get labeled incompetent. Therefore "endpoint security" must be installed everywhere with no real proof that it makes things more secure, an arguable case that it makes things less secure, and an undeniable case that it makes things less reliable.
[1] I also never understood how "endpoints" somehow are defined as "any computer connected to any network." I tried to fight security against installing this crap on our database servers with the argument that they are not endpoints. Did not work.
