IoT device discovery and identification

What is claimed is: 1. A system, comprising: a processor configured to: receive information associated with a network communication of an IoT device; determine one or more confidence scores that represent how well the received information matches respective one or more network behavior pattern identifiers; determine that each of the one or more determined confidence scores is below a threshold; in response to determining that each of the one or more determined confidence scores is below the threshold, perform a two-part classification process, wherein a first portion of the classification process comprises an inline classification, and wherein a second portion of the classification process comprises a subsequent verification of the inline classification; and provide a result of the classification process to a security appliance configured to apply a policy to the IoT device; and a memory coupled to the processor and configured to provide the processor with instructions. 2. The system of claim 1 , wherein the information is received from a data appliance configured to monitor the IoT device. 3. The system of claim 1 , wherein the received information includes network traffic metadata. 4. The system of claim 1 , wherein the first portion of the classification process comprises a rule-based classification. 5. The system of claim 1 , wherein the second portion of the classification process comprises a machine learning-based classification. 6. The system of claim 1 , wherein performing the classification process includes determining whether any features for the IoT device are dominant. 7. The system of claim 1 , wherein the processor is further configured to generate at least one of the network behavior pattern identifiers. 8. The system of claim 1 , wherein the result of the classification process comprises a group classification. 9. The system of claim 1 , wherein the result of the classification process comprises a profile classification. 10. A method, comprising: receiving information associated with a network communication of an IoT device; determining one or more confidence scores that represent how well the received information matches respective one or more network behavior pattern identifiers; determining that each of the one or more determined confidence scores is below a threshold; in response to determining that each of the one or more determined confidence scores is below the threshold, performing a two-part classification process, wherein a first portion of the classification process comprises an inline classification, and wherein a second portion of the classification process comprises a subsequent verification of the inline classification; and providing a result of the classification process to a security appliance configured to apply a policy to the IoT device. 11. The method of claim 10 , wherein the information is received from a data appliance configured to monitor the IoT device. 12. The method of claim 10 , wherein the received information includes network traffic metadata. 13. The method of claim 10 , wherein the first portion of the classification process comprises a rule-based classification. 14. The method of claim 10 , wherein the second portion of the classification process comprises a machine learning-based classification. 15. The method of claim 10 , wherein performing the classification process includes determining whether any features for the IoT device are dominant. 16. The method of claim 10 , further comprising generating at least one of the network behavior pattern identifiers. 17. The method of claim 10 , wherein the result of the classification process comprises a group classification. 18. The method of claim 10 , wherein the result of the classification process comprises a profile classification. 19. A computer program product embodied in a tangible computer readable storage medium and comprising computer instructions for: receiving information associated with a network communication of an IoT device; determining one or more confidence scores that represent how well the received information matches respective one or more network behavior pattern identifiers; determining that each of the one or more determined confidence scores is below a threshold; in response to determining that each of the one or more determined confidence scores is below the threshold, performing a two-part classification process, wherein a first portion of the classification process comprises an inline classification, and wherein a second portion of the classification process comprises a subsequent verification of the inline classification; and providing a result of the classification process to a security appliance configured to apply a policy to the IoT device. 20. The computer program product of claim 19 , wherein the information is received from a data appliance configured to monitor the IoT device. 21. The computer program product of claim 19 , wherein the received information includes network traffic metadata. 22. The computer program product of claim 19 , wherein the first portion of the classification process comprises a rule-based classification. 23. The computer program product of claim 19 , wherein the second portion of the classification process comprises a machine learning-based classification. 24. The computer program product of claim 19 , wherein performing the classification process includes determining whether any features for the IoT device are dominant. 25. The computer program product of claim 19 , wherein the computer readable storage medium further comprises computer instructions for generating at least one of the network behavior pattern identifiers. 26. The computer program product of claim 19 , wherein the result of the classification process comprises a group classification. 27. The computer program product of claim 19 , wherein the result of the classification process comprises a profile classification.