Introduction

In the complex ecosystem of a business, it is necessary for all systems to operate within their designated parameters, also known as 'baseline'. A baseline is a known state against which future performances are measured. The baseline might be a set of expected behaviors, performance levels, or other operational metrics. However, deviations from this baseline can occur due to a variety of reasons and it is crucial to identify and rectify them in a timely manner to ensure the smooth operation of the business.

What is a Baseline Deviation?

Baseline deviation refers to a situation where a company's system strays from its expected operational parameters. In simpler terms, imagine you have a recipe to bake a cake. The recipe, which includes specific ingredients and measurements, acts as your 'baseline'. If you add an extra cup of sugar, you are deviating from the baseline. This deviation may result in a cake that is too sweet, indicating a problem.

Similarly, in a business scenario, the baseline may comprise specific software versions, performance levels, user behaviors, or other parameters. When these expectations are not met, it indicates a baseline deviation. For instance, if a particular software application is observed to be consuming more memory than usual, it is a baseline deviation.

If any baseline deviations are identified, it is critical to isolate the system in question from the production network for further investigation. This measure prevents the problem from potentially spreading to other systems or causing further disruptions in the network.

Identifying the Cause: Malicious vs Work-related Deviations

Malicious Deviations

Malicious deviations are usually caused by cyber threats, such as viruses, worms, or other malicious software (malware), that can infect a system and cause it to behave abnormally. An example might be a sudden increase in network traffic caused by a Distributed Denial of Service (DDoS) attack.

When a deviation is suspected to be malicious, it's critical to respond swiftly and appropriately. Your response will be dependent on your cybersecurity measures and protocols, which could include steps like investigating the origin of the threat, quarantining affected systems, and implementing corrective actions to prevent further attacks.

For instance, in case of the aforementioned DDoS attack, the first step would be to identify the increase in network traffic as abnormal (deviating from the baseline). Once identified, measures such as filtering or blocking the IP addresses causing the unusual traffic spike can be taken.

Work-related Deviations

Not all deviations are caused by malicious activities. Often, they result from normal work-related actions, such as a software update or a change in operational procedures. These are termed as work-related deviations.

Consider an example where an employee downloads a new software tool, leading to an increase in network traffic. Here, the deviation is not caused by a security threat but is a result of a work-related activity. However, these deviations are equally important to address as they could impact system performance and efficiency.

Managing and Resolving Baseline Deviations

Updating the Baseline

In some cases, it may be necessary to update the baseline. For instance, if a software update causes an application to use more memory, and this change is expected to persist, the baseline for this application's memory usage needs to be adjusted accordingly. Similarly, if new software is regularly being downloaded by employees, the baseline for network traffic might need to be revised.

Implementing System Modification Policies

Work-related deviations might indicate a need for more stringent system modification policies. These can include measures like whitelisting, where only approved software can be installed on a system, thus reducing the risk of unexpected changes.

For instance, to prevent employees from downloading unapproved software (as in the earlier example), a whitelist can be implemented that only allows specific, pre-approved software to be installed.

Using Static Systems

A static system is one where changes are either not allowed or minor temporary changes are discarded upon logout. These systems are especially beneficial in environments where consistency and control are critical.

For instance, in a customer service center, the systems could be configured such that no changes (like software installations or settings modifications) are permitted. Any changes made during a session are discarded once the user logs out, ensuring the system returns to its baseline state for the next user.