Incremental application of resources to network traffic flows based on heuristics and business policies

What is claimed is: 1. A system comprising: a data collection module configured to collect data belonging to a plurality of traffic flows from a plurality of routers; a controller; and an analytics module configured to: received data from the data collection module, retrieve from a policy data base a set of policy rules for a traffic flow among the plurality of traffic flows, determine if any data packets belonging to the traffic flow matches a first policy rule within the set of policy rules, in response to determining that the traffic flow satisfies the first policy rule, send policy compliance information about the traffic flow to the controller, wherein the controller is configured to: receive policy compliance information about the plurality of traffic flows from the analytics module, and in response to receiving policy compliance information about the traffic flow from the analytics module, configure one or more routers to transmit a first portion of the traffic flow to a network service provider in response to determining that the traffic flow satisfies a second policy rule, send a request to receive a second portion of the traffic flow, wherein the second portion of the traffic flow comprises a larger amount of information than the first portion of the traffic flow; and in response to receiving the second portion of the traffic flow, inspect the second portion of the traffic flow at a second level of detail, wherein the inspecting at the second level of detail requires a different amount of computing resources than the inspecting the first portion of the traffic at the first level of detail. 2. The system of claim 1 , wherein the controller is configured to transmit the first portion of the traffic flow to the network service provider by duplicating the first portion of the traffic flow to the network service provider. 3. The system of claim 1 , wherein the controller is configured to transmit the first portion of the traffic flow to the network service provider by re-routing the first portion of the traffic flow to the network service provider. 4. The system of claim 1 , wherein the first policy rule comprises a parameter associated with the traffic flow and a level of security desired for the traffic flow. 5. The system of claim 1 , wherein the set of policy rules retrieved for the traffic flow comprise information associated with at least one of a network client, a pair of source and destination addresses, and an application program. 6. The system of claim 1 , wherein the network service provider is remote from the controller, the data collection module and the analytics module. 7. A network service provider configured to: receive a first portion of a traffic flow; inspect the first portion of the traffic flow at a first level of detail based on a first condition; determine, based on the inspecting, that the traffic flow satisfies a second condition; in response to determining that the traffic flow satisfies the second condition, send a request to receive a second portion of the traffic flow, wherein the second portion of the traffic flow comprises a larger amount of information than the first portion of the traffic flow; and in response to receiving the second portion of the traffic flow, inspect the second portion of the traffic flow at a second level of detail, wherein the inspecting at the second level of detail requires a different amount of computing resources than the inspecting at the first level of detail. 8. The network service provider of claim 7 , wherein the first portion of the traffic flow comprises a random sample of packets. 9. The network service provider of claim 7 , wherein the first portion of the traffic flow comprises duplicate packets of a subset of the traffic flow. 10. The network service provider of claim 7 , wherein the first portion of the traffic flow contains a subset of the traffic flow re-routed through the network service provider. 11. The network service provider of claim 10 , further configured to transmit the first portion of the traffic flow to a router, wherein the transmitting occurs after the inspecting. 12. The network service provider of claim 10 , further configured to transmit the second portion of the traffic flow to a router, wherein the transmitting occurs after the inspecting. 13. The network service provider of claim 7 , wherein the first and second conditions comprise one of a heuristic, a policy associated with the traffic flow, or an event of interest. 14. The network service provider of claim 7 , wherein the inspecting the first portion of the traffic flow at the first level of detail comprises inspecting the header information of packets belonging to the traffic flow. 15. The network service provider of claim 7 , wherein the inspecting the second portion of the traffic flow at the second level of detail comprises performing an intrusion detection analysis. 16. The network service provider of claim 7 , wherein the inspecting the second portion of the traffic flow at the second level of detail comprises inspecting a header and the payload information of the packets belonging to the traffic flow. 17. The network service provider of claim 7 , further configured to: receive a third portion of the traffic flow based on the inspecting the traffic flow at the second level of detail; and inspecting the third portion of the traffic flow at a third level of detail. 18. A non-transitory computer-readable medium having instructions stored thereon that, when executed by at least one computing device, causes the at least one computing device to perform operations comprising: (a) receiving a plurality of data packets belonging to a plurality of traffic flows; (b) retrieving a set of policy rules for a traffic flow among the plurality of traffic flows from a policy data base; (c) determining if any of the data packets belonging to the traffic flow matches a first policy rule within the set of policy rules; (d) sending policy compliance information to a controller in response to determining in (c); (e) in response to receiving policy compliance information about the traffic flow, configuring one or more routers to transmit a first portion of the traffic flow to a network service provider; and in response to determining that the traffic flow satisfies a second policy rule, send a request to receive a second portion of the traffic flow, wherein the second portion of the traffic flow comprises a larger amount of information than the first portion of the traffic flow; and in response to receiving the second portion of the traffic flow, inspect the second portion of the traffic flow at a second level of detail, wherein inspecting at the second level of detail requires a different amount of computing resources than inspecting the first portion of the traffic at a first level of detail. 19. The computer-readable medium of claim 18 , wherein the controller is configured to transmit the first portion of the traffic flow to the network service provider by duplicating the first portion of the traffic flow to the network service provider. 20. The computer-readable medium of claim 18 , wherein the controller is configured to transmit the first portion of the traffic flow to the network service provider by re-routing the first portion of the traffic flow to the network service provider.