Using trust profiles for network breach detection

What is claimed is: 1. A system comprising: a network monitor analyzing data packets transmitted through a network; a trust profile module in communication with the network monitor that includes a trust profile, the trust profile module configured for: determining permissible use that includes at least one of: whether the at least one port transmitting the data packets matches a permissible port identified in the trust profile; and whether the at least one protocol generating the data packets matches a permissible protocol identified in the trust profile; determining a set of allowable exceptions to the permissible use including identifying a server and allowing the server to operate as a client for obtaining software updates from an update server; and when a communication is determined to be one of a permissible use or an allowable exception, determining whether the communication is one of a set of acceptable business practices. 2. The system of claim 1 , wherein the network monitor further comprises a server. 3. The system of claim 1 , wherein the permissible port comprises at least one of a local port and a remote port. 4. The system of claim 1 , wherein the trust profile module is further configured for generating an alert indicating violation of the trust profile. 5. The system of claim 1 , further comprising: performing, by the network monitor, a packet inspection on transmitted data packets; and responsive to the packet inspection, determining whether the inspected packets comply with the acceptable business practices of the trust profile. 6. The system of claim 1 , wherein the acceptable business practices comprise identifying as legitimate at least one of a time-of-day access, a data volume transmission limit, and protocol tunneling. 7. A computer-implemented method comprising: receiving a trust profile corresponding to a first network device the trust profile including permissible use rules and acceptable business practices, at least one of the permissible use rules identifying at least one of (1) a permissible port and (2) a permissible protocol for transceiving legitimate network traffic by the first network device; storing the trust profile at a second network device that monitors network traffic corresponding to the first network device; identifying, by the second network device, at least one of (1) an actual port used to transceive network traffic by the first network device and (2) an actual protocol used to generate network traffic by the first network device; identifying if at least one of the permissible use rules is satisfied, by determining the second network device, whether the at least one of (1) the actual port and (2) the actual protocol matches the at least one of (1) the permissible port and (2) the permissible protocol of the trust profile; and if the network traffic satisfies at least one of the permissible use rules, determining whether the network traffic also satisfies at least one of the acceptable business practices. 8. The computer-implemented method of claim 7 , further comprising: responsive to determining that the at least one of (1) the actual port and (2) the actual protocol do not match a corresponding one of the at least one of (1) the permissible port and (2) the permissible protocol of the trust profile, preventing the first network device from transceiving the network traffic. 9. The computer-implemented method of claim 7 , wherein receiving the trust profile comprises receiving a usage profile, the received usage profile generated by: monitoring traffic corresponding to the first network device during a discovery phase; receiving an identification of at least one of (1) a set of actual ports used by the first network device to transceive network traffic and (2) a set of actual protocols used by the first network device to generate network traffic; and receiving an identification of at least one of (1) the permissible port from the set of actual ports and (2) the permissible protocol from the set of actual protocols for inclusion in the trust profile. 10. The computer-implemented method of claim 7 , wherein the trust profile further comprises at least one permitted IP address. 11. The computer-implemented method of claim 7 , wherein the received trust profile further comprises a set of allowable exceptions corresponding to the first network device for permitting network traffic not otherwise identified in the trust profile as legitimate. 12. The computer-implemented method of claim 11 , wherein the allowable exceptions includes identifying a server operating as a client for obtaining software updates from an update server. 13. The computer-implemented method of claim 11 , further comprising: determining whether the network traffic also satisfies an acceptable business practice corresponding to the first device if the network traffic is determined to satisfy at least one of the allowable exceptions. 14. The computer-implemented method of claim 7 , further comprising performing, by the second network device, a packet inspection on the network traffic corresponding to the first network device to determine whether the traffic complies with the acceptable business practices. 15. The computer-implemented method of claim 14 , wherein the acceptable business practices includes at least one of a time-of-day access, a data volume transmission limit, and protocol tunneling that are identified as legitimate. 16. The computer-implemented method of claim 14 , wherein the acceptable business practices include whitelist tags corresponding to the network traffic that are identified as legitimate. 17. The computer-implemented method of claim 7 , wherein the acceptable business practices include associating legitimate user credentials with a server. 18. A computer-implemented method comprising: storing a trust profile at a network monitor, the trust profile including permissible use rules and acceptable business practices, the permissible use rules identifying legitimate traffic by at least one of (1) a permissible port and (2) a permissible protocol; identifying, by the network monitor, at least one of (1) an actual port used to transceive network traffic and (2) an actual protocol used to generate network traffic; identifying if at least one of the permissible rules is satisfied by determining, by the network monitor, whether the at least one of (1) the actual port and (2) the actual protocol matches the at least one of (1) the permissible port and (2) the permissible protocol of the trust profile; and if the network traffic satisfies at least one of the permissible use rules, determining, by the network monitor, whether the network traffic satisfies at least one of the acceptable business practices. 19. The computer-implemented method of claim 18 , wherein the trust profile further comprises a set of allowable exceptions corresponding to the first network device for permitting network traffic not otherwise identified in the trust profile as legitimate. 20. The computer-implemented method of claim 19 , wherein the allowable exceptions includes identifying a server operating as a client for obtaining software updates from an update server. 21. The computer-implemented method of claim 18 , further comprising: determining whether the network traffic also satisfies an acceptable business practice corresponding to the first device if the network traffic is determined to satisfy at least one of the allowable exceptions.