Value is tougher to quantify in security products, when the cost of any significant compromise is often higher than many organization's annual security spend. I look at the type of events that could occur, the likelihood of them happening, their impact to the organization and then what we can do to mitigate them. Using this as a bit of a matrix, I use it to create a risk register and use that to drive our targets for security improvement. The other key feature of a risk register is it ensures the business knows about the risks and accepts them, as they should not be an IT risk, but a business risk. If you come forward with 3 or 4 high or critical risk in the environment, and they choose not to do anything about it, then that becomes a risk that the business is assuming, and it then doesn't get dumped on IT for failing to secure the environment. Every organization has to strike the balance in what they will accept for risk versus what they want to spend on security and risk mitigations.
I have been a Crowdstrike user in the past, and am currently using Defender, but Crowdstrike is on my next budget request. In my experience, its behavior based detection is second to none, and the Spotlight vulnerability management works really well for letting you know about vulnerabilities and their impact across your enterprise. Also very lightweight agent.