Is it a silver bullet? No. But security is about layers. LSA Protection is a cheap, effective layer that costs almost nothing in performance or compatibility.
Think of the LSA as the security guard at the door of a top-secret vault. Its job is to verify your identity, issue entry tickets (access tokens), and manage who gets in and out. But what happens if an attacker can impersonate that guard? local security authority protection
If LSA Protection had been enabled, that post-exploitation step would have failed. The attacker would have seen an "Access Denied" error instead of a domain admin hash. Is it a silver bullet