The proliferation of heterogeneous Internet of things (IoT) devices connected to the Internet produces several operational and security challenges, such as monitoring, detecting, and recognizing millions of interconnected IoT devices. Network and system administrators must correctly identify which devices are functional, need security updates, or are vulnerable to specific attacks. IoT profiling is an emerging technique to identify and validate the connected devices’ specific behaviour and isolate the suspected and vulnerable devices within the network for further monitoring. This article provides a comprehensive review of various IoT device profiling methods and provides a clear taxonomy for IoT profiling techniques based on different security perspectives. We first investigate several current IoT device profiling techniques and their applications. Next, we analyzed various IoT device vulnerabilities, outlined multiple features, and provided detailed information to implement profiling algorithms’ risk assessment/mitigation stage. By reviewing approaches for profiling IoT devices, we identify various state-of-the-art methods that organizations of different domains can implement to satisfy profiling needs. Furthermore, this article also discusses several machine learning and deep learning algorithms utilized for IoT device profiling. Finally, we discuss challenges and future research possibilities in this domain.