A method, apparatus and computer program product for use in monitoring and controlling network behavior of Internet of Things (IoT) devices connected to a network. According to this approach, a set of network characteristics of an IoT device (e.g., as published by the device manufacturer) are assigned various risk values and then monitored over an initial time period to generate a “fingerprint” of the device's network flow. This flow is then transformed into one or more flow control rules representing “normal” or abnormal behavior of the IoT device. Preferably, the rules are instantiated into a network boundary control system (NBCS), such as an enterprise router, gateway, or the like, and then enforced, e.g., to generate alerts or others actions when the rules are triggered. The approach enables dynamic and automated threat detection and prevention based on anomalous and/or known-bad behavior.