Credential compromise attacks are frequently sourced from senders that your organization doesn't know. The Clearedin Identity Graph is constantly monitoring your trust relationships to flag any inbound messages from suspicious senders.
Another common way ransomware infects an organization is by delivering it from the account of an external sender that has been compromised by the attacker. Clearedin maintains historical context for each external sender and can spot aberrant emails.
Clearedin locks the email so that the user cannot engage with it in any way, keeping them and your organization safe from attack.