The Only Investigation Tool Built Around HR, Not IT
Most tools leave HR dependent on IT to interpret raw firewall data. Cyfin puts investigation capability directly in HR's hands — noise-free reports with real employee names, real site names, and accurate session timelines, ready for disciplinary conversations from day one.
Firewall Logs Contain the Evidence. They Just Don't Look Like It.
A single website visit generates dozens or hundreds of raw connection records in your firewall log. Automated background traffic — software updates, cloud sync, browser telemetry — is recorded right alongside deliberate employee browsing with no way to distinguish them at a glance. The data is in technical notation: IP addresses, domain fragments, and connection timestamps that mean nothing to an HR manager and nothing to an employment attorney.
When an investigation request comes in, IT must manually extract, filter, and interpret the raw data before anything reaches HR. That process takes hours — sometimes days. By the time HR has something to work with, the investigation is already behind schedule, the employee is still in their role, and the data has passed through IT's interpretation rather than standing as an independent, documented record.
Cyfin reads that same firewall data continuously, removes all automated background traffic, reconstructs individual browsing sessions from hundreds of raw connection records, and maps IP addresses to employee names through Active Directory. What HR receives is a clean, accurate report with real website names, session durations, and user activity — organized for human review, documented for the HR file, and accurate enough to support disciplinary action or a compliance audit.
What Cyfin Delivers for Investigations
Human-Only Activity Reports
All automated background traffic is removed before any report is generated. What HR sees is exclusively deliberate employee browsing — no noise, no misattribution, no technical clutter that could undermine the credibility of an investigation.
Session Reconstruction
Hundreds of raw connection records are rebuilt into individual browsing sessions with a clear start time, duration, and site visited. One website visit appears as one readable event — not 100 ambiguous log entries that require IT interpretation.
HR Self-Service Investigations
HR managers run their own investigation reports through a secure self-service portal — without submitting requests to IT. IT configures Cyfin once. After that, HR operates independently and investigations begin the same day they're needed.
Legally Defensible Output
Cyfin reports are accurate, consistent, and documented. They show what an employee deliberately browsed — not a mix of human and automated activity — making them suitable for disciplinary documentation, HR files, and legal proceedings.
Works With Any Major Firewall
Palo Alto, Check Point, Cisco Firepower, Fortinet, SonicWall, WatchGuard, Zscaler, and more. No endpoint agents. No changes to your network. Cyfin connects directly to your existing firewall infrastructure and works with what you already have.
30 Years of Proven Accuracy
Wavecrest Computing has been solving this specific problem since 1996. The noise-filtering and session reconstruction algorithms have been refined across decades of real-world firewall log data — from organizations in healthcare, education, finance, and government.
From Raw Log Data to HR-Ready Investigation Reports
Cyfin processes your firewall log data through a pipeline purpose-built for investigation accuracy — not just traffic visibility. The result is a report HR can read without a technical translator and document without an IT review.
- Noise filtering — every automated background connection is identified and removed before processing. Software updates, telemetry, browser pre-fetching, cloud sync — none of it appears in the final report.
- Session reconstruction — raw connection records are reassembled into browsing sessions. A 45-minute period of YouTube use appears as one session, not hundreds of individual connection events.
- Active Directory name mapping — IP addresses are resolved to employee names and departments. HR sees people and their activity, not network addresses requiring IT lookup.
- On-demand HR portal — investigation reports are available immediately through a secure self-service portal. No tickets to IT. No waiting. HR initiates and receives the report independently.
- Exportable documentation — reports export in formats suitable for HR files, legal review, and compliance submissions. The documented output is self-contained and audit-ready.
We just completed a rigorous evaluation of Wavecrest Computing's web-access reporting product Cyfin. We found that Cyfin produces comprehensive information that can help managers quickly correct inappropriate or ineffective surfing.
Reports That Hold Up When It Matters
An investigation report is only as credible as its underlying data. If the data includes automated background traffic mixed in with deliberate browsing, it can be challenged — and in a disciplinary hearing or legal proceeding, challenged evidence is as good as no evidence. Cyfin's noise-filtering ensures that what appears in the report is exclusively what the employee chose to do, not what their operating system or browser did in the background.
Every Cyfin report is consistent and reproducible. Running the same investigation parameters on the same data set produces the same output every time. There is no manual interpretation step that introduces variability or requires IT to explain methodology under questioning. The report is the record.
For organizations with CIPA or HIPAA compliance requirements, Cyfin produces audit-ready documentation that demonstrates policy enforcement without requiring IT to reconstruct findings after the fact. The investigation trail exists whether it is needed for an internal HR action, a regulatory inquiry, or a response to legal discovery.
Get Started with Cyfin
Tell us how we can help — someone from our team will follow up within one business day.
- Response within one business day
- No credit card required for a free trial
- Talk directly with someone who knows the product