Mechanikos

Unified control.
Infinite observability.

Mechanikos engineered a centralized Kubernetes platform to harvest real-time traffic and security insights from 15,000 government sites across Malaysia.

Client
Telekom Malaysia via Subsidiary GITN
Project
MyGovServ 2.0 National Initiative
Scale
15,000+ Sites Domestic & International Embassies
GITN Data Lake Platform

Fragmented Visibility at National Scale

As part of the national MyGovServ 2.0 initiative, GITN (a subsidiary of Telekom Malaysia) was tasked with ensuring connectivity and security for over 15,000 government sites, spanning domestic locations and international embassies.

The complexity of this massive infrastructure created a "Tower of Babel" scenario:

  • Siloed Data: Critical security logs were trapped within local firewall appliances.
  • Hardware Fragmentation: Sites utilized a mix of top-tier firewall brands, resulting in inconsistent data formats that made centralized analysis impossible.
  • Zero Real-Time Insight: Central command lacked immediate visibility into traffic flows, bandwidth utilization, or emerging threats across the agency network.
The Imperative

GITN needed a way to harvest forward logs from every site—regardless of hardware brand—and ingest them into a centralized platform for real-time analysis, moving beyond traditional monitoring to actionable intelligence.

Turning Complex Data into Confident Decisions

Mechanikos deployed Cerebrax, an enterprise-grade platform designed to handle the velocity and variety of national-scale network data. The transformation focused on creating a "nervous system" for the national network.

Key Transformation Pillars:

  • One Console to See It All: Unified traffic observability and security insights into a single secured platform, breaking down barriers between operations and security teams.
  • On-Premise & Sovereign: Deployed the solution directly within GITN's environment to ensure full control and data sovereignty compliance.
  • Real-Time Ingestion Engine: Implemented a Kubernetes (K8s) powered platform to act as the primary receiver for raw forward logs from 15,000+ firewalls.
  • Data Normalization: Instantly parsing unstructured logs from diverse vendors (Palo Alto, Fortinet, Cisco, etc.) and converting them into a unified, structured schema for analysis.
Real-Time Log Ingestion Pipeline
01
15,000+ Firewalls
Palo Alto, Fortinet, Cisco, Check Point
02
K8s Ingestion Engine
Real-Time Log Processing
03
Data Normalization
Unstructured → Structured
04
Persistent Data Lake
7 TB Network Logs Capacity

From Reactive Monitoring to Predictive Defense

By unifying log data into a single pane of glass, GITN achieved a fundamental shift in how they manage national connectivity.

7 TB
Network logs handled daily with high-performance ingestion
100%
Visibility across all 15,000+ sites with unified security posture
5M+
Records parsed per minute via Kubernetes engine
135B+
Total persistent log records archived for deep analytics

"We transformed a reactive, fragmented network into a proactive, data-driven defense system. The ability to harvest logs in real-time and store them persistently has redefined how we manage national connectivity."

GITN Leadership — Telekom Malaysia
Traffic InsightSecurity HarvestingEnterprise Scale
Granular visibility into bandwidth (Upstream/Downstream) identified heavy usage patterns and bottlenecksUnified threat landscape view across all 15,000+ government sites nationwideProven capability to handle massive data loads of 7 TB+ daily
Proactive capacity planning based on real-time application performance metricsContinuous log harvesting to correlate events and detect policy violations invisible in isolationPersistent real-time data availability for compliance, auditing, and historical analysis
Immediate identification of network congestion points before impact escalatesSingle console detecting distributed attacks (DDoS) across the full national networkSeamless multi-vendor integration across Palo Alto, Fortinet, Cisco, and Check Point

Engineered for Enterprise Scale

The solution is built on the Cerebrax architecture, leveraging open technologies to deliver high performance and reliability.

Core Architecture

ComponentRole
Kubernetes (K8s)Orchestrates data services for high availability and scalability across the ingestion pipeline
Real-Time IngestionProcesses unstructured logs instantly upon arrival from 15,000+ firewall endpoints
Persistent Data LakeStores data securely for long-term auditing, compliance, and historical trend analysis
Multi-Vendor IntegrationWorks seamlessly with Splunk, Palo Alto Networks, Fortinet, Cisco, Check Point, and CrowdStrike

Platform Capabilities

01
One Console to See It All
Comprehensive visibility across all disparate systems in a single secured platform
02
Traffic Monitors
Detailed view of internal and external traffic sources and bandwidth flows
03
Forwarding Agents
Management of data flow from edge devices across 15,000+ sites
04
Visual Analytics
Dashboards for at-a-glance understanding of national network health
05
Data Sovereignty
On-premise deployment ensures complete control with no cloud telemetry exposure
06
Compliance Ready
Built-in audit trails and regulatory reporting capabilities
FeatureLegacy MonitoringCerebrax Platform
Log IngestionSiloed inside local firewall boxes. Slow, manual querying.5M+ records parsed per minute in near real-time via K8s engine.
Hardware SchemasInconsistent multi-vendor raw formats. No dynamic parsing.Dynamic normalization into unified, structured tables across all vendors.
SovereigntyCompliance risks via distributed cloud telemetry nodes.100% on-premise deployment in secure sovereign GITN environment.
VisibilityFragmented per-site monitoring with no cross-site correlation.Single pane of glass across all 15,000+ sites and international embassies.
← Previous ProjectBMSSNext Project →TM PayU