The Segmentation Blueprint: Designing, Deploying, and Scaling Network Segmentation for Modern Cyber Defense (Paperback)
暫譯: 分段藍圖:設計、部署及擴展現代網路分段以強化網路防禦

Kulkarni, Raghunath, Sivakumar, Kaarthik, Morais, Renato

The Segmentation Blueprint: Designing, Deploying, and Scaling Network Segmentation for Modern Cyber Defense (Paperback)
  • 出版商: Cisco Press
  • 出版日期: 2026-05-18
  • 售價: $2,230
  • 貴賓價: 9.8$2,185
  • 語言: 英文
  • 頁數: 512
  • 裝訂: Quality Paper - also called trade paper
  • ISBN: 0135462363
  • ISBN-13: 9780135462362
  • 相關分類: 資訊安全

    • 海外代購書籍(需單獨結帳)

商品描述

The Segmentation Blueprint: Designing, Deploying, and Scaling Network Segmentation for Modern Cyber Defense

Modern cyber attacks don't stop at the perimeter--they move laterally. Network segmentation is one of the most effective ways to contain threats, reduce risk, and protect critical systems, but many organizations struggle to move from theory to execution.

The Segmentation Blueprint is a practical, business-aligned guide to designing, deploying, and evolving network segmentation in today's complex enterprise environments. Written for security architects, network engineers, CISOs, and technology leaders, this book shows how segmentation has evolved from traditional VLANs to modern micro- and nanosegmentation models that protect applications, workloads, APIs, and data across hybrid and multi-cloud networks.

Using a phased, real-world approach, the book helps readers assess segmentation maturity, align segmentation decisions with business objectives, and implement scalable architectures that limit lateral movement and reduce the blast radius of breaches. Drawing on enterprise-proven practices and Cisco-informed insights, it bridges strategy and implementation--without locking readers into a single vendor.

You'll learn how to:

  • Align segmentation strategy with business risk, compliance, and resilience goals
  • Design segmentation architectures for modern, application-centric environments
  • Understand and apply traditional segmentation, progressively adding in microsegmentation
  • Measure effectiveness and continuously improve segmentation outcomes

Whether you're modernizing an existing network or building security into new architectures, The Segmentation Blueprint provides the clarity, structure, and tools needed to turn segmentation into a durable, scalable cyber defense strategy.

商品描述(中文翻譯)

《分段藍圖:為現代網路防禦設計、部署和擴展網路分段》

現代網路攻擊不僅停留在邊界上——它們會橫向移動。網路分段是控制威脅、降低風險和保護關鍵系統的最有效方法之一,但許多組織在從理論轉向執行時面臨挑戰。

《分段藍圖》是一本實用的、與業務對齊的指南,旨在設計、部署和演進當今複雜企業環境中的網路分段。這本書是為安全架構師、網路工程師、CISO 和技術領導者撰寫的,展示了分段如何從傳統的 VLAN 演變為現代的微分段和納米分段模型,這些模型保護跨混合雲和多雲網路的應用程式、工作負載、API 和數據。

本書採用分階段的現實世界方法,幫助讀者評估分段成熟度,將分段決策與業務目標對齊,並實施可擴展的架構,以限制橫向移動並減少違規事件的影響範圍。借鑒企業驗證的實踐和 Cisco 提供的見解,它在策略和實施之間架起橋樑——而不會將讀者鎖定在單一供應商。

您將學習如何:

- 將分段策略與業務風險、合規性和韌性目標對齊
- 為現代以應用程式為中心的環境設計分段架構
- 理解並應用傳統分段,逐步加入微分段
- 測量效果並持續改善分段結果

無論您是在現代化現有網路還是將安全性融入新架構,《分段藍圖》提供了將分段轉變為持久、可擴展的網路防禦策略所需的清晰性、結構和工具。

作者簡介

Raghunath Kulkarni is a principal engineer for the Cisco Security Technical Assistance Center (TAC) team. He focuses on cybersecurity operations and strategic collaboration, including threat intelligence, defensive measures, and ensuring that customers derive maximum value from their security investments. He has worked in technology and security at Cisco for over 16 years, ranging from deep technical support to cross-functional leadership roles with engineering and sales teams. His focus is guiding organizations through the adoption of robust defensive frameworks to minimize business risk and enhance operational resilience. Raghunath has extensive experience in advancing cybersecurity education across various sectors, including government, higher education, and enterprise security. Utilizing his CISSP and all five MITRE ATT&CK Defenders (MAD) certifications, Raghunath has architected comprehensive training programs and specialized engineering curricula for multiple universities. Raghunath's technology focuses include cyberthreat intelligence for proactive defense, testing and evaluation for security validation, and implementation of network security architectures to support digital transformation. Raghunath resides in Bengaluru, India, and when he is not consumed with technology, he is an avid reader and movie buff.

Kaarthik Sivakumar is a principal engineer in the Cisco Security Business Group, working in the Multi-Cloud team that comprises the Secure Workload and Isovalent products. He focuses primarily on microsegmentation platforms and policies. Kaarthik has been working in the industry for 26 years, ranging from routing protocols, forwarding tables, DWDM optical line system, and Cisco Secure Firewall. Kaarthik has spent many years in product security and trusted network infrastructures, such as using Trusted Platform Module for storing confidential material and validating the trust status of a device, topics on which he has published blogs on the Cisco Blogs platform. He has also published in IEEE journals on the security of microservices architectures and static analysis security testing. As an ACM India Eminent Speaker, he is invited to lectures in ACM chapters around the country on the topic of security and trust. Kaarthik resides in Chennai, India. He contributes some of his free time to open-source projects and tools to improve his personal life, some to his study of the Sanskrit language, and the rest to outdoor activities.

Renato Morais has been a cybersecurity solutions engineer at Cisco since 2017, and he has 20 years of experience in the networking and cybersecurity market. He works on projects with customers throughout the Americas, developing security architectures and solutions to protect users, data, and applications. A graduate in computer engineering, he holds various professional certifications, including CCIE, CISSP, and CCSP. Renato has also dedicated part of his career to training students in Cisco Networking Academy and preparing them for the CCNA certification. Furthermore, he has been recognized as a top contributor in the Cisco community for his contributions as a speaker at regional and global events such as Cisco Live and Cisco Connect, as well as for his work as a blog author.

Outside work, Renato enjoys home automation, music, books, movies, and sports, and he describes himself as a craft beer hunter. He lives in Campinas, Brazil, with his wife and two sons.

Patrick Lloyd is a senior solutions architect for the Cisco Security Professional Services team. He focuses on identity and access management, including segmentation, network access control, identity exchange, and identity integration for "smart" architectures in the continental United States and Canada region. Patrick has worked in technology delivery at Cisco for 16 years, including stints in the Technical Assistance Center (TAC) and working as a routing and switching design engineer, security design engineer, and security solutions architect. His focus is guiding customers through introducing structured approaches to increase visibility and identity exchange to minimize business risk and lateral attack vectors.

Previously, Patrick worked in higher education and defense industries in system administration and operational roles. Patrick has extensive experience in integrating identity into various industries, including healthcare, manufacturing, finance, and defense. Utilizing Cisco technologies and the methodologies covered in this book to build a layered security model, Patrick has architected segmentation architectures, including smart building architectures, for more than 100 customers. Patrick's technology focus is on TrustSec for segmentation, analyzing traffic flow with Cisco Secure Network Analytics/Stealthwatch for development of segmentation policies, implementing firewall and remote access architectures, and securing critical building systems through policy and segmentation while maintaining availability. Patrick resides in Durham, North Carolina, where he teaches self-defense and is an instrument-rated private pilot when not consumed with technology

作者簡介(中文翻譯)

**Raghunath Kulkarni** 是思科安全技術支援中心 (TAC) 團隊的首席工程師。他專注於網路安全運營和戰略合作,包括威脅情報、防禦措施,以及確保客戶從其安全投資中獲得最大價值。他在思科從事技術和安全工作超過 16 年,涵蓋從深度技術支援到與工程和銷售團隊的跨功能領導角色。他的重點是指導組織採用穩健的防禦框架,以最小化商業風險並增強運營韌性。Raghunath 在推進各個領域的網路安全教育方面擁有豐富的經驗,包括政府、高等教育和企業安全。他利用其 CISSP 和所有五項 MITRE ATT&CK 防禦者 (MAD) 認證,為多所大學設計了全面的培訓計劃和專業工程課程。Raghunath 的技術重點包括用於主動防禦的網路威脅情報、安全驗證的測試和評估,以及實施網路安全架構以支持數位轉型。Raghunath 目前居住在印度班加羅爾,當他不忙於技術時,他是一位熱愛閱讀和電影的影迷。

**Kaarthik Sivakumar** 是思科安全業務組的首席工程師,工作於多雲團隊,該團隊包括安全工作負載和 Isovalent 產品。他主要專注於微分段平台和政策。Kaarthik 在行業中工作了 26 年,涵蓋路由協議、轉發表、DWDM 光纖系統和思科安全防火牆等領域。Kaarthik 在產品安全和受信網路基礎設施方面擁有多年經驗,例如使用受信任的平台模組 (TPM) 來存儲機密材料並驗證設備的信任狀態,這些主題他在思科博客平台上發表過文章。他還在 IEEE 期刊上發表了有關微服務架構安全性和靜態分析安全測試的文章。作為 ACM 印度的傑出演講者,他受邀在全國的 ACM 分會講授安全和信任的主題。Kaarthik 目前居住在印度金奈。他將部分空閒時間貢獻給開源項目和工具,以改善個人生活,部分時間用於學習梵語,其餘時間則用於戶外活動。

**Renato Morais** 自 2017 年以來一直是思科的網路安全解決方案工程師,並在網路和網路安全市場擁有 20 年的經驗。他與美洲的客戶合作,開發安全架構和解決方案,以保護用戶、數據和應用程式。作為計算機工程的畢業生,他擁有多項專業認證,包括 CCIE、CISSP 和 CCSP。Renato 也將職業生涯的一部分投入於思科網路學院的學生培訓,並為 CCNA 認證做準備。此外,他因在思科社區的貢獻而被認可為頂尖貢獻者,參加了如 Cisco Live 和 Cisco Connect 等區域和全球活動的演講,並擔任博客作者。

在工作之外,Renato 喜歡家庭自動化、音樂、書籍、電影和運動,他形容自己是一位精釀啤酒獵人。他與妻子和兩個兒子居住在巴西坎皮納斯。

**Patrick Lloyd** 是思科安全專業服務團隊的高級解決方案架構師。他專注於身份和訪問管理,包括分段、網路訪問控制、身份交換和身份整合,針對美國和加拿大大陸的「智慧」架構。Patrick 在思科從事技術交付工作已有 16 年,包括在技術支援中心 (TAC) 的工作,以及擔任路由和交換設計工程師、安全設計工程師和安全解決方案架構師。他的重點是指導客戶引入結構化方法,以提高可見性和身份交換,從而最小化商業風險和橫向攻擊向量。

在此之前,Patrick 曾在高等教育和國防行業擔任系統管理和運營角色。Patrick 在將身份整合到各個行業方面擁有豐富的經驗,包括醫療保健、製造、金融和國防。利用思科技術和本書中涵蓋的方法來構建分層安全模型,Patrick 為超過 100 位客戶設計了分段架構,包括智慧建築架構。Patrick 的技術重點是 TrustSec 分段、使用 Cisco Secure Network Analytics/Stealthwatch 分析流量以制定分段政策、實施防火牆和遠端訪問架構,以及通過政策和分段來保護關鍵建築系統,同時保持可用性。Patrick 目前居住在北卡羅來納州達勒姆,當他不忙於技術時,他會教授自衛術,並且是一名持有儀表飛行執照的私人飛行員。

類似商品