TalksAWS re:Invent 2025 - Make Attackers Cry: Outsmart Them With Deception (SEC326)

AWS re:Invent 2025 - Make Attackers Cry: Outsmart Them With Deception (SEC326)

Outsmarting Attackers with Deception: Leveraging Behavioral Science for Cybersecurity

Leveling the Playing Field: Deception as a Defensive Strategy

  • The presentation draws parallels between sports and cybersecurity, highlighting how the "playing field" can be evened out through strategic approaches.
  • Just as a blind golfer was able to compete against the world's best golfer, the presenters aim to empower defenders to gain an advantage over attackers.

Understanding Attacker Behavior: Applying Behavioral Science Principles

  • The presenters emphasize the importance of understanding attackers as human decision-makers, rather than just focusing on the attacks themselves.
  • They introduce two key behavioral science concepts:
    1. Nudge: Positively influencing decision-making by making it easier and more straightforward.
    2. Sludge: Adding friction and complexity to decision-making processes, making them more difficult.

Deception as a Defensive Tactic

  • The presenters explain how deception has been used throughout history, from the Trojan Horse to animal camouflage in nature.
  • In the cybersecurity context, deception is about leveraging what is known about attacker tactics to the defender's advantage, rather than playing "dirty."
  • Deception can impose various costs on attackers, including:
    • Quantitative costs (money and effort)
    • Qualitative costs (reputational damage, difficulty recruiting, and informational challenges)
    • Psychological costs (frustration, shame, and confusion)

Fastly's Deception-Based Defense Approach

  • Fastly is introducing deception-based defense strategies into their cybersecurity products, starting with account takeover protection.
  • The key features of Fastly's deception-based defense include:
    • Configurable triggers to activate the deception, based on signals like bad bots or suspicious activity.
    • Scrambling usernames and passwords to frustrate attackers, without blocking them outright.
    • Integrating the deception functionality directly into the normal workflow, rather than requiring a separate honeypot infrastructure.
    • Providing a user-friendly interface for security teams to easily enable, log, and test the deception capabilities.

Deception as Part of a Comprehensive Defense-in-Depth Strategy

  • Fastly's deception-based defense is just one component of a broader defense-in-depth approach, which also includes:
    • Rate limiting
    • DDoS protection
    • Secure-by-design architecture within the CDN and WAF
  • The entire solution is designed to be API-driven, Terraform-managed, and easily iterated upon to keep up with evolving threats.

Real-World Impact and Examples

  • The presenters emphasize that deception is not about "playing dirty" but rather about leveraging behavioral science to gain an advantage over attackers.
  • By frustrating and confusing attackers, the deception-based defense aims to make them give up or move on to easier targets, ultimately reducing the overall risk and impact of attacks.

Your Digital Journey deserves a great story.

Build one with us.

Talk to us
Cookies Icon

This website stores cookies on your computer.

These cookies are used to collect information about how you interact with this website and allow us to remember you. We use this information to improve and customize your browsing experience, as well as for analytics.

If you decline, your information won’t be tracked when you visit this website. A single cookie will be used in your browser to remember your preference.