We spent several months researching and testing IP blocking on a large scale back in 2013. ie CIDR country blocking code and other various automated IP blocking methods. The end result of all that testing was that we found that any form of IP blocking on a large scale was not very effective and caused significant resource drain/slow downs for your website/server.
JTC Anti-Spam / Anti-Hacker is very effective, simple & quick to implement and actually improves your website/server performance because auto-posting hackerbots and spambots are stopped before Login processing. The numbers/results are much better than we anticipated and are pretty incredible: http://forum.ait-pro.com/forums/topic/buddypress-spam-registration-buddypress-anti-spam-registration/page/2/#post-1294
If you are seeing that hackerbots and spambots are being stopped/blocked in your Security Log then you do not need to do anything else since these are just log entries showing that they were stopped/blocked.
Yep, the NAV is finally figured out and yep automation is now very good.