Systems and methods for detecting misplaced applications using functional categories

What is claimed is: 1. A computer-implemented method for detecting misplaced applications using functional categories, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising: identifying a functional category assigned to an application located on a computing system in response to at least one of installation of the application and a scheduled scan that detects the application, the functional category describing a field of functionality that the application performs; identifying an additional functional category assigned to another application located on the computing system; applying a security policy to both the functional category assigned to the application and the additional functional category assigned to the other application located on the computing system and determining, based on applying the security policy, whether the application belongs on the computing system according to the security policy, wherein the security policy specifies at least one of: whether the functional category and the additional functional category are authorized as a pair; and whether a degree of relatedness between the functional category and the additional functional category satisfies a security threshold; identifying the application as performing functionality that does not match functionality of the other application on the computing system according to the security policy; and performing, in response to identifying the application as performing functionality that does not match the functionality of the other application on the computing system according to the security policy, a security action to protect users by notifying an administrator about the application located on the computing system. 2. The method of claim 1 , wherein the same or a different computing system assigns the functional category to the application at least in part by analyzing evidence that indicates functionality performed by the application. 3. The method of claim 2 , wherein the evidence includes at least one of: an ACTIVE DIRECTORY classification; data accessed by the application; data output by the application; and metadata for the application. 4. The method of claim 2 , wherein the same or the different computing system analyzes previously categorized applications, using machine learning, to assign the functional category to the application by predicting that the application performs functionality that corresponds to the functional category. 5. The method of claim 1 , wherein identifying the functional category assigned to the application comprises receiving manual input by a user indicating a tag assigned to the application. 6. The method of claim 1 , wherein the functional category assigned to the application comprises at least one of: a system tools category; a printer server category; and a generic database category. 7. The method of claim 1 , wherein identifying the additional functional category comprises iteratively identifying a plurality of additional functional categories for a plurality of respective applications located on the computing system. 8. The method of claim 7 , wherein identifying the additional functional category comprises scanning the computing system for all applications located on the computing system. 9. The method of claim 1 , wherein the same or a different computing system generates the security policy, through machine learning, by analyzing other applications that, for each of the other applications, was previously detected as one of: authorized in a context where the application was located; and not authorized in the context where the application was located. 10. The method of claim 1 , further comprising identifying the application as blacklisted on a blacklist. 11. The method of claim 1 , wherein applying the security policy further comprises applying the security policy to the functional category of the application and at least two additional functional categories of at least two other applications. 12. A system for detecting misplaced applications using functional categories, the system comprising: an identification module, stored in a memory, that: identifies a functional category assigned to an application located on a computing system in response to at least one of installation of the application and a scheduled scan that detects the application, the functional category describing a field of functionality that the application performs; and identifies an additional functional category assigned to another application located on the computing system; an application module, stored in the memory, that applies a security policy to both the functional category assigned to the application and the additional functional category assigned to the other application located on the computing system and determines, based on applying the security policy, whether the application belongs on the computing system according to the security policy, wherein the security policy specifies at east one of: whether the functional category and the additional functional category are authorized as a pair; and whether a degree of relatedness between the functional category and the additional functional category satisfies a security threshold; wherein the identification module further identifies the application as performing functionality that does not match functionality of the other application on the computing system according to the security policy; a performance module, stored in the memory, that performs, in response to identifying the application as performing functionality that does not match the functionality of the other application on the computing system according to the security policy, a security action to protect users by notifying an administrator about the application located on the computing system; and at least one-hardware processor configured to execute the identification module, the application module, and the performance module. 13. The system of claim 12 , wherein the same or a different computing system assigns the functional category to the application at least in part by analyzing evidence that indicates functionality performed by the application. 14. The system of claim 13 , wherein the evidence includes at least one of: an ACTIVE DIRECTORY classification; data accessed by the application; data output by the application; and metadata for the application. 15. The system of claim 13 , wherein the same or the different computing system analyzes previously categorized applications, using machine learning, to assign the functional category to the application by predicting that the application performs functionality that corresponds to the functional category. 16. The system of claim 12 , wherein the identification module identifies the functional category assigned to the application by receiving manual input by a user indicating a tag assigned to the application. 17. The system of claim 12 , wherein the functional category assigned to the application comprises at least one of: a system tools category; a printer server category; and a generic database category. 18. The system of claim 12 , wherein the identification module identifies the additional functional category by iteratively identifying a plurality of additional functional categories for a plurality of respective applications located on the computing system. 19. The system of claim 18 , wherein the identification module identifies the additional functional category by scan