With SF-SafeDump you achieve data privacy for diagnostics on all platforms and fully enforce your privacy and data leakage prevention policies in the field of dump and log files – be smart, and avoid the risk of GDPR penalties.

Prevent confidential data leakage via dump and log file anonymization


Eliminate all confidential data from your dump and log files


Ensure that all dump files remain technically fully usable


Rely on a comprehensive, efficient and transparent anonymization procedure

Did you know that your company‘s IT staff sends dump files with highly confidential information to external third parties every day and thus violates elementary security policies without even knowing it?


What, in fact, is a dump file?

When more complex technical problems need to be solved, as in the case of an abnormally terminating (“abending”) program, application or system, software vendors will ask for a so-called “dump”, which captures every detail surrounding the error or problem. Such a dump file is a snapshot of the current status at the time of error, including all the required debug data, e.g. memory content, processor registers, any currently executed SQL statement, etc. While system programmers deal with system, memory, core or kernel dumps, application developers prefer to work with “user mode process dumps” or SQL dumps. Additional types result from other sources. Dump files easily become huge and may include a gigabyte or more of data. When browsing through a dump file you may easily feel overwhelmed by an almost infinite amount of purely technical information.

What is the security-related problem regarding dump files?

For non-specialists these files look boring, or even worse, harmless, since most of the information seems to be binary or even cryptic, i.e. in a format unreadable to humans. No one will assume that these “ugly” dump files might include highly sensitive company secrets, such as confidential client information or the security-related details of your systems.

How do secrets get into dump files?

Dump files will include confidential and revealing information when the application and system memories are captured – for debugging purposes only, of course. Such a memory dump may include client names, account or credit card numbers, and many other kinds of critical data stored for processing the moment it was made.


SF-SafeDump – dump and log anonymization for all platforms

How can you solve this high-risk security problem?

Our SF-SafeDump solution finally prevents your dump files from including confidential or security-critical data, allows them to remain completely technically usable for their actual purpose – that of solving your software problems. Our expert knowledge based on more than 15 years of experience in this field guarantees the ultimate solution to this quite tricky and hidden problem.

Your IT staff will definitely support this kind of data leakage prevention ensured by our SF-SafeDump technology!

Since fully transparent integration is ensured, SF-SafeDump always matches all current dump file handling and operational procedures established with your service partners. This means there is simply no impact on how your specialists currently transfer, compress, manage and analyze their dump files. These files simply become safe and compliant by no longer unveiling any secrets!

Finally you can fully enforce your data leakage prevention policies by including even the trickiest and most technical data leaks in IT: dump files. SF-SafeDump is the only measure preventing any information any leakage of information that may result from frequently performed dump file exchanges between software users and their vendors. SF-SafeDump lets you enforce a modern and safe information provisioning policy to provide information on a need-to-know basis. Without dump file anonymization, your information leakage prevention policy will definitely not be up-to-date.

Dump and log file anonymization to effectively prevent confidential data leakage and theft


Over the past several years, compliance has become more and more an important issue, but also a tedious task. Our SF solutions assist you in automating the resulting workload to the max by also covering the entire mainframe platform - thanks to a 360-degree approach.


With SF-Sherlock, you can also protect your mainframe platform against attacks and combat high-level risks. Thanks to our max approach this also includes malicious code and exploits. Yes, both of these are real risks on the mainframe platform!

SF Solutions

All SF solutions are invented and developed in-house. Therefore, you can count on both our unique expertise and our high level of motivation in providing you with solutions and services with maximum performance, effectiveness, and productivity.

Are you expecting a governmental audit of your mainframe platform soon, as
by the BaFin, ECB, or one of
the “Big Four”?

Let us help you prepare your mainframe security and compliance.

++800 - 37 333 853 or simply dial: ++800 - DRFEDTKE

Call our world-wide toll-free number now!

(++ represents the prefix for international calls; in most countries it is 00; in the U.S. it corresponds to 011)

News & IT Security Forum

SF-Sherlock Continuous Delivery Level 089

Begin of april we launch SF-Sherlock’s Continuous Delivery Level 089. It provides a broad spectrum of new and innovative monitoring, protection and alerting capabilities. For example, the policy compliance checker contributes new “superpower” to the SF-Sherlock performance. This new level also supports your cost savings by adapting the SF-Sherlock workload to the “Tailored Fit Pricing.”

System REXX and BCPii are the ”next APF“

If you look back along the evolutionary steps of mainframe security, APF libraries play a leading role – due to their “superpower.” Until the 1980s, “almost anyone” working on a mainframe was able and allowed to define one themselves. In most cases, there was no APF library protection at all. Then there was a phase where APF-related auditing received more and more attention, and correspondingly became an important audit issue.

The attention that “APF” received as a security risk has continued to increase over time. Today, it has almost reached the highest level of awareness: only a very few members of a company’s mainframe team are allowed to define a new APF library or update existing ones. Any such action requires prior permission, not just some documentation after it has happened. On our customer visits, we have seen companies where a new APF library requires not only an official change request, but up to “5 signatures.” Otherwise, you lose your job. Correspondingly, relentless monitoring and compliance reporting has become standard for the “APF” risk, resulting in real-time security alerts by a SIEM if corresponding rules are bypassed.

So far, so good. Now that there is great awareness of “APF,” the question will be if the entire mainframe security mission has now been accomplished? Or what’s the next superpower, following “APF,” that mainframe users need to focus on?

Based on our worldwide penetration testing experience, we have determined that “System REXX” and “BCPii” are two further members of the superpower league; both are good candidates for becoming the next “big focus.” In recent years, both z/OS features have been improved so that they are now “easy-to-use” functions. But there is no free lunch. As a consequence, highly critical operations became minimally complex, and you have to “pay” the price for setting up gap-free security measures. User-friendly and easy-to-use superpower features are an invitation to attackers. Complexity is a kind of protection. Compared to assembler programming or disassembling machine code, REXX programming is pretty trivial!

This is why SF-Sherlock focuses intensively on both of these areas. Please feel free to contact us to discuss additional details of what is necessary to properly protect System REXX and BCPii.

Join our newsletter list

Worldwide toll-free phone number

+800 - 37 333 853
or simply dial:

+41 41 710 7444

(+ represents the prefix for international calls; in most countries it is 00, and you have to dial 00800-37333853; in the U.S. it corresponds to 011, and you have to dial 011-800-37333853)

Find Us


Seestrasse 3a, 6300 Zug, Switzerland

Visitors & Training

Dammstrasse 19, 6301 Zug, Switzerland

Social Media

Xing → Linkedin →

Write Us

copy the address

Technical support and hotline
copy the address

Legal and compliance
copy the address