I have seen those demos as well. What I think the takeaway from them is

1. Logging should be stored on a different system

2. Monitors should be in place (HIPS) to alert and prevent

3. Security team that is on top of things.

But in the end, if the hacker is good enough, then they can get in and out still. Once they get onto the server, they will get what they want. Think about it, if you have your network firewalled, zoned, routing rules in place, SQL Servers on a separate subnet with a separate firewall acl, Host Intrusion Detection and Host Intrusion Prevention systems in place - the hacker can put xp_cmdshell on the server even if you delete the dll.