Protecting Network Devices from Suspicious Communications

1 . A method comprising: generating, by a computing device, a profile of expected communication behavior for one or more first devices associated with a first network based on monitoring, at a first time, at least one communication to or from each of the one or more first devices; monitoring, at a second time, communication associated with each of the one or more first devices; and determining, based respectively on the profile associated with each of the one or more devices and on the monitoring at the second time, a security status associated with each of the one or more first devices. 2 . The method of claim 1 , further comprising: performing an action based on the security status associated with each of the one or more first devices. 3 . The method of claim 2 , wherein the performing comprises limiting communication to or from the one or more first devices, blocking communication to or from the one or more first devices, or allowing communication to or from the one or more first devices. 4 . The method of claim 3 , wherein the one or more first devices are initially obstructed from performing one or more communication actions via the first network, and wherein allowing the communication to or from the one or more first devices comprises allowing the one or more first devices to perform the one or more communication actions via the first network. 5 . The method of claim 1 , wherein determining the security status comprises associating, based on the monitoring at the second time and the profile, one of a plurality of device threat categories with each of the one or more first devices, wherein the device threat categories are based on level of threat to the first network. 6 . The method of claim 1 , further comprising generating an indication of the security status associated with each of the one or more first devices. 7 . The method of claim 6 , wherein generating the indication of the security status comprises providing the security status via a user interface, the method further comprising receiving, via the user interface, an input indicating whether the monitored at least one communication is approved. 8 . The method of claim 1 , wherein generating the profile of expected communication behavior for each of the one or more first devices further comprises generating the profile based on one or more of the following: determining information associated with one or more second devices with which a respective first device typically communicates; a packet size associated with communication to or from a respective first device; a frequency associated with communication to or from a respective first device; timing information associated with communication to or from a respective first device; or a size associated with communication to or from a respective first device. 9 . The method of claim 1 , wherein in response to determining that the communication at the second time deviates from a respective profile of expected communication behavior, limiting access of the at least one of the one or more first devices to one or more resources associated with the first network. 10 . The method of claim 1 , wherein the monitoring at the first time comprises monitoring communication between the one or more first devices and a second device that is not associated with the first network. 11 . The method of claim 1 , wherein the monitoring at the first time comprises monitoring communication between the one or more first devices and a second device that is associated with the first network. 12 . The method of claim 1 , further comprising: associating a device type with each of the one or more first devices; and wherein the generating comprises generating a respective profile of expected communication behavior based on a respective device type. 13 . The method of claim 1 , further comprising: determining that a device type associated with a second device corresponds to a device type associated with at least one of the one or more first devices; and determining a security status associated with the second device based on the profile of expected communication behavior associated with the at least one of the one or more first devices. 14 . The method of claim 13 , wherein the second device is associated with a second network. 15 . A method comprising: generating a profile of expected communication behavior associated with a first device associated with a network based on monitoring communication between the first device and a second device via the network; monitoring subsequent communication associated with the first device; and determining whether to modify network access associated with the first device based on a degree of deviation between the subsequent communication associated with the first device and the profile of expected communication behavior. 16 . The method of claim 15 , wherein determining to modify comprises determining to limit the network access associated with the first device responsive to the deviation satisfying a threshold level. 17 . The method of claim 15 , wherein determining to modify comprises determining to expand the network access associated with the first device responsive to the deviation falling below a threshold level. 18 . The method of claim 15 , wherein the one or more second devices are associated with a second network external to the network. 19 . A method comprising: determining, by a computing device, a profile of expected communication behavior for a first device associated with a network; monitoring communication associated with the first device; determining whether the monitored communication conflicts with the profile of expected communication behavior; and performing, based on the determining, a security action associated with the first device. 20 . The method of claim 19 , wherein performing the security action comprises modifying a status of a network permission associated with the first device.