Cyfin: Employee Web Use Reporting and Investigations from Your Firewall Logs

Cyfin by Wavecrest Computing turns raw firewall log data into clear, human-only reports on employee web activity. HR and management can read those reports and act on them independently, without asking IT to interpret the data. Cyfin is agentless, so it works from the log data your existing firewall already produces.

That is the whole product in three sentences. The rest of this post explains why it takes purpose-built software to do it, and what it means for the people who actually need the answers.

Why raw firewall reports do not answer HR’s questions

Every organization with a firewall already has web activity data. The problem is that the data was never built to answer the question HR is asking.

Firewalls log network connections. They do not log website visits, and the two are not the same thing. When an employee opens a single web page, their computer may make dozens or hundreds of separate connections to load it. Each one is recorded individually. On top of that, a large share of what a firewall logs was never a human decision at all. Software updates, license checks, security definition downloads, embedded trackers, and background application activity all flow through the same channel and get logged the same way as a deliberate visit.

So a raw firewall report handed to HR is not a record of what someone did. It is a mix of human activity and machine noise, spread across entries that require technical expertise to reassemble. Drawing conclusions from it is difficult at best. Taking disciplinary action based on it is a real liability risk.

What Cyfin does with that data

Cyfin was built specifically to solve that problem. It does several things before you ever see a report:

  • Filters out non-human traffic. Background connections are removed before analysis begins, so the report reflects employee-initiated activity.
  • Reconstructs browsing sessions. Individual connection records are assembled back into coherent sessions with real start times and durations.
  • Translates domains into recognizable names. Ambiguous technical domain names become site names anyone can read.
  • Categorizes activity. Web use is grouped into meaningful categories, including social media, streaming, shopping, news, and AI tools, so patterns are visible without reading individual URLs.

The output is a report a non-technical person can open, understand, and act on. That simplicity is the point, and it is what required a dedicated engineering effort to achieve.

Who this is for

HR. When a concern comes up about an employee’s web use, HR needs an accurate, readable, dated record. Cyfin produces reports HR can run and interpret without IT involvement, which keeps investigations moving and keeps them defensible.

Management. Managers need to know whether acceptable use policy is being followed and where patterns are shifting. Scheduled reports go directly to the managers responsible for those groups, restricted to the groups they are authorized to see.

IT. IT stops being the bottleneck. Instead of fielding ad-hoc report requests and explaining log data, IT configures Cyfin once against the existing firewall and grants managers reporting-only access. Cyfin supports the major firewalls in use today, including Palo Alto Networks, Cisco, Fortinet, Check Point, and SonicWall, so it extends infrastructure you already have.

Investigations and ongoing visibility

Cyfin supports two different workflows, and most organizations need both.

Ongoing visibility means scheduled reports and dashboards that show how web use trends over time across groups and departments. This is what makes an acceptable use policy meaningful rather than a document nobody verifies.

Investigations are targeted. When a specific concern arises, Cyfin can produce a detailed record for a single user over a defined period, with drill-down from a summary to the individual sessions and URLs behind it. Because the underlying data has already been filtered and reconstructed, what HR reviews reflects deliberate activity rather than background noise.

Generative AI tool usage

Employee use of generative AI is now part of the same conversation. Cyfin’s Artificial Intelligence category identifies AI platforms by name in reports, so you can see which tools are being used, by whom, how often, and for how long, and how that usage trends over time. That is the visibility most organizations need to enforce an AI acceptable use policy.

Seeing the actual text an employee submitted to an AI tool is a separate capability. It requires a firewall that exposes AI-specific log fields, such as Palo Alto Networks with its AI visibility add-on, and SSL inspection enabled. Where your environment supports it, Cyfin can surface that detail. Where it does not, you still get complete usage visibility. See our employee AI usage page for what applies to your firewall.

No agents on employee devices

Cyfin does not install software on endpoints. It reads the log data your firewall already generates. That means nothing to deploy or maintain on employee machines, no coverage gaps when someone uses a different device, and a monitoring approach that stays proportionate to the question being asked.

It is also worth noting why firewall-based reporting holds up. Infrastructure logs are a well-established basis for an employer to review activity on company-owned networks and equipment. Screen recording and keystroke capture tools sit in more complicated legal territory and generate volumes of data that no one realistically reviews. Accurate firewall-based reporting gives HR what it actually needs in a form it can use.

Getting an accurate picture

If your organization is reviewing employee web activity using raw firewall reports, you are working with data that overstates activity and obscures what actually happened. Accurate investigations start with accurate data, and accurate data starts with filtering out everything a human did not do.

See what Cyfin reports look like with your own firewall data. Start a free trial or request a sample report, no credit card required.


Cyfin by Wavecrest Computing has been purpose-built for employee web use reporting and investigations since 1996. Its noise-filtering engine and session reconstruction turn raw firewall log data into clear, human-only reports that HR and management can read, understand, and act on independently. https://www.wavecrest.net • 321-953-5351