Determining a reputation through network characteristics

What is claimed is: 1. At least one non-transitory computer-readable medium comprising one or more instructions that when executed by at least one processor, cause the processor to: monitor network traffic to and from a device; compare the monitored network traffic to characteristics of the device to determine if the monitored traffic is outside the characteristics of the device, wherein the characteristics of the device at least partially include characteristics from an original equipment manufacturer related to sending and receiving packets, and wherein the characteristics from an original equipment manufacturer are retrieved while monitoring network traffic; and assign an untrusted reputation to the device if the monitored traffic is outside the characteristics of the device. 2. The at least one computer-readable medium of claim 1 , wherein the device characteristics are created from previous network traffic to and from the device. 3. The at least one computer-readable medium of claim 1 , wherein the device characteristics are at least partially based on other device characteristics of similar devices. 4. The at least one computer-readable medium of claim 1 , wherein the device characteristics are obtained from the original equipment manufacturer. 5. The at least one computer-readable medium of claim 1 , further comprising one or more instructions that when executed by the at least one processor, further cause the processor to: monitor network traffic to and from a plurality of devices on a local network; compare the monitored network traffic to and from each of the plurality of devices to characteristics of each of the plurality of devices; determine if the monitored network traffic to and from a specific device is outside characteristics of the specific device; and initiate remedial action if the monitored traffic is outside the characteristics of the specific device. 6. The at least one computer-readable medium of claim 1 , wherein the characteristics at least partially include uploading sensitive data. 7. The at least one computer-readable medium of claim 1 , wherein the remedial action includes restricting network access for the device. 8. The at least one computer-readable medium of claim 1 , wherein the remedial action includes scanning the device for malware. 9. An apparatus comprising: a hardware processor; and a behavior reputation engine configured to: monitor network traffic to and from a device; compare the monitored network traffic to characteristics of the device to determine if the monitored traffic is outside the characteristics of the device, wherein the characteristics of the device at least partially include characteristics from an original equipment manufacturer related to sending and receiving packets, and wherein the characteristics from an original equipment manufacturer are retrieved while monitoring network traffic; and assign an untrusted reputation to the device if the monitored traffic is outside the characteristics of the device. 10. The apparatus of claim 9 , wherein the device characteristics are created from previous network traffic to and from the device. 11. The apparatus of claim 9 , wherein the device characteristics are at least partially based on other device characteristics of similar devices. 12. The apparatus of claim 9 , wherein the device characteristics are obtained from the original equipment manufacturer. 13. The apparatus of claim 9 , wherein the behavior reputation module is further configured to: monitor network traffic to and from a plurality of devices on a local network; compare the monitored network traffic to and from each of the plurality of devices to characteristics of each of the plurality of devices; determine if the monitored network traffic to and from a specific device is outside characteristics of the specific device; and initiate remedial action if the monitored traffic is outside the characteristics of the specific device. 14. The apparatus of claim 9 , wherein the characteristics at least partially include uploading sensitive data. 15. The apparatus of claim 9 , wherein the remedial action includes restricting network access for the device. 16. The apparatus of claim 9 , wherein the remedial action includes scanning the device for malware. 17. A system for determining a reputation through network characteristics, the system comprising: a hardware processor; and a behavior reputation engine configured for: monitoring network traffic to and from a device; comparing the monitored network traffic to characteristics of the device to determine if the monitored traffic is outside the characteristics of the device, wherein the characteristics of the device at least partially include characteristics from an original equipment manufacturer related to sending and receiving packets, and wherein the characteristics from an original equipment manufacturer are retrieved while monitoring network traffic; and assigning an untrusted reputation to the device if the monitored traffic is outside the characteristics of the device. 18. The system of claim 17 , wherein the system is further configured for: monitoring network traffic to and from a plurality of devices on a local network; comparing the monitored network traffic to and from each of the plurality of devices to characteristics of each of the plurality of devices; determining if the monitored network traffic to and from a specific device is outside characteristics of the specific device; and initiating remedial action if the monitored traffic is outside the characteristics of the specific device.