It naturally blocks the known exploits, including all known for WHMCS so far - we implemented our own (very strict) security measures recently after WHMCS was deemed insecure as a stand-alone system. ASL has stopped everything from reaching this system thus far and I really am impressed. Any shared provider should have the features that ASL gives, even if not implemented with ASL. We're also finding the combined system is great for Wordpress security also.
One great highlight for us, as we host quite a few content sharing sites is OSSEC - this is open source so you can get it anyway but the integration into ASL is perfect and it has recognized 100% of suspicious files found in our manual scans. Both hourly and real-time rule updates cause no issues and don't affect performance. For any potential buyers note you will probably get conflicts, ASL can work out of the box but its default configuration may cause issues if you have a panel system installed with plugins, but of course you should be manually configuring all scripts anyway.
Only downside I see is the tortix front-end is heavy (only when in use) and a forced update has shown up to a 0.5 increase in load during the process, however when idle and listening the daemon has very little footprint indeed.