Known as Security Essentials, this is our most popular offering. It aggregates data from various different security watchlists, detailing IP addresses known to be compromised or linked to malicious online activities. We refresh these lists automatically, in some instances as often as every 10 minutes, and advertise updates to connected devices, instructing them to block access to these risky or untrusted networks, in real-time.

In version 4, we've significantly enhanced Security Essentials by integrating it with our DNS content filtering system. This integration allows users not only to block applications through DNS poisoning but also to prevent access by adding the IP addresses associated with blocked services to a "do not route" table in the MikroTik devices. This feature is especially valuable for blocking services that do not rely on DNS lookups, such as DoH (DNS over HTTPS) and DoT (DNS over TLS) servers.

A notable improvement to Security Essentials is the capability to log any attempt from within the network to connect to the blocked IP addresses. This enables network administrators to identify which devices might be trying to connect to networks known for botnet activities and other threats.

Looking ahead, we plan to further expand the blocking capabilities to include networks based on their ASN (Autonomous System Number), country, or even the continent they originate from, providing more granular control over network security.

See https://roadmap.mikrocloud.com/projects/v4-roadmap/items/7-add-geolocation-and-block-by-asn-security-essentials