On May 12 2017, WannaCry ransomware attack hit across 100 countries. Just after six weeks, again Petya ransomware has shut down several banks, government offices, hospitals, factories, police stations and enterprises across the world. We need to have a new way to defend against these advanced cyber threats. In this talk, I will introduce the concept of deceptive security to detect, deceive, slow, engage and trap the threats (e.g. ransomware/malware/human attacker) by laying different types of deceptions (e.g. fake hosts, ports, registry entries, credentials, applications and data bases) in the enterprise. By fusing deceptive security with data science one does not need to boil the ocean to detect anomalies in raw data instead anomalies are surfaced itself when attacker/ransomware bumps onto the deceptions. Using data science, deception alerts are correlated with other data sources to provide actionable insights about the threat profile, lateral movements and threat tactics.