Most security products are snake oil. The vendor selling them and the people buying them (always business execs never engineers) have no interest in how well it actually works as a company is never buying these tools to actually be secure only ever to give the impression to some higher exec within the same company or tick a box on some audit process (which requires something to be in place but doesn't require verifying it works).

It's beyond a joke how the "cyber" industry operates.