They key to tools like crowdstrike is not so much protection, and being able to trace an attack through the infrastructure. They can see that your credentials were comprimised on your machine, and which systems you then connected to (or that bad process did) so they can trace the attack and make sure get it all cleaned up.