Spur adds no-code Cloudflare integration for Monocle

Spur has launched a no-code Cloudflare integration for its Monocle Session Enrichment product, aimed at helping organisations act on anonymised traffic in real time.

The addition lets customers deploy Monocle inline with application traffic without engineering work. Users can choose where assessments apply and create policy decisions to allow or block requests as they happen.

A monitor-only option has also been added, allowing teams to review traffic patterns and adjust policies before turning on enforcement.

The changes target security, fraud and trust teams dealing with traffic disguised through VPNs, residential proxies and mobile proxies. Spur argues that such tools can make malicious activity look similar to legitimate user traffic.

The update also adds more detailed service attribution and behavioural indicators. Those signals can be used to refine edge enforcement rules and improve decisions about suspicious sessions.

The launch comes as companies face growing difficulty in identifying who is actually interacting with their applications and online services. Anonymisation services have become easier to access, while attackers are using them to conceal origin and behaviour.

Spur cited its own research showing that only 30% of organisations fully understand the risks linked to anonymised IP activity. The finding points to a gap between detecting questionable traffic and using that information in live policy controls.

Deeper analysis

Alongside the Cloudflare integration, Spur introduced new analytics features in Monocle designed to show traffic composition, anonymous traffic types, policy decisions, geographic trends and behavioural patterns across user sessions.

The analytics sit within a centralised Explorer interface, where teams can investigate activity, check whether policies are working as intended and assess the effect of session enrichment across their environments.

Another update expands the policy builder. Customers can now set block strategies and configure traffic rules by category, such as traffic type, geography or service.

That gives organisations more control over how they respond to specific kinds of traffic. It also reflects a broader shift among online platforms towards more selective enforcement rather than blanket blocking, particularly when legitimate users may share some characteristics with suspicious sessions.

Faster setup

Spur has also added a guided onboarding workflow with step-by-step setup instructions and documentation tailored to each deployment.

The onboarding flow starts from the platform home page and is intended to reduce setup friction. In practice, that means customers can activate Monocle more quickly and start reviewing traffic intelligence sooner.

The wider issue for companies is operational rather than purely technical. Many security teams can identify anonymised infrastructure at a basic level but struggle to turn that information into rules that work at the edge without disrupting normal users.

Residential proxies are a particular concern because they can route traffic through consumer IP addresses that appear ordinary. That can make it harder for conventional detection systems to distinguish between genuine users and coordinated abuse.

Cloudflare integrations are likely to matter because many companies already use the network provider as a control point in front of web applications. A no-code approach lowers the barrier for teams that want to test or apply traffic intelligence without waiting for development resources.

"Organisations know anonymized traffic is a growing challenge, but many still struggle to operationalize that intelligence," said Alastair Parr, Chief Technology Officer, Spur.

"These updates ensure that customers can implement inline enforcement in minutes, gain deeper visibility into user behavior, and quickly translate those insights into policy decisions that reduce risk," said Parr.