A method, apparatus and computer program product for protecting enterprise Information Technology (IT) infrastructures by automatically instantiating individualized network flow controls and/or network access controls specific to an IoT device. In this approach, an IoT device is identified, e.g., via network scanning or other observational sensors, or by receipt of information from a network administrator. In response to receiving information about the new IoT device, a control component obtains applicable network flow control and/or access control rules for the IoT device. These rules are obtained from one or more authoritative (trusted) sources, e.g., querying a website of the IoT vendor, an industry site, or an enterprise site. In this manner, applicable network flow control and/or access control rules are obtained. The control component then translates those rules into configuration parameters that are consumable by the particular network flow control device that is (or will be) associated with the IoT device.