Skip to content
Syneto
NIS 2 Package · Beyond Zero Trust

Sovereign security.Data always protected.

The SynetoOS NIS 2 Package combines Multi-Factor Authentication, Continuous Authentication and Recovery Point Hold to deliver the technical controls required by the NIS2 directive and aligned with CRA regulation.

Discover the featuresTalk to an expert
MFA

Web GUI and CLI login protection with TOTP.

Continuous Auth

Verify before every critical operation.

RP Hold

Hold Recovery Points beyond SLA retention.

Why it matters

The Beyond Zero Trust by Syneto

In today's security landscape, guaranteeing data integrity is critical. Syneto adopts the "never trust, always verify" principle and applies it continuously: from the initial login through every single high-impact operation on the system.

The NIS 2 Package delivers the technical controls required for NIS2 compliance and aligns with CRA legislation, protecting infrastructures from external threats, session hijacking, unauthorized modifications and accidental deletions.

NIS2 compliance

Technical inspections in accordance with the directive.

Verified identity

Password + TOTP token on every critical action.

Preserved data

RP trattenuti for audit and compliance.

Audit trail

Transparent log in Tasks section.

How it works

Verify before every critical operation.

Four stages covering perimeter, runtime and data — from initial login to Recovery Points lock.

01 — Multi-Factor Authentication

MFA: the first line of defense

Multi-Factor Authentication adds a protection layer to the SynetoOS Web GUI and CLI access. Strongly recommended on every production appliance.

Sign in to SynetoOS

Continuous Authentication active

Email

[email protected]

Password

••••••••••••

How it works

MFA uses a standard TOTP token mechanism, compatible with all major authenticator apps.

App Authenticator
Google Authenticator, Microsoft Authenticator, Authy
Enrollment QR Code
Wizard-based setup with scanning or a one-time code
Recovery Codes
Set of codes to restore access in case of lost token
Management by user
MFA status visible for every user from the Users page

Activation in 4 steps

1
Go to the Security page
In the GUI SynetoOS, naviga to the menu Security.
2
Activate Enforce
Sposta the toggle Multi-factor authentication da Optional at Enforced and conferma.
3
Onboarding users
All users are signed out automatically and complete the MFA setup via QR code.
4
Salva the recovery codes
Store the recovery codes in a safe place for emergency restore.

Licensed feature

Starting from SynetoOS 5.3.4, MFA requires a dedicated license. Active OS5 appliances automatically retain entitlement to the feature.

Available on OS5 and OS6
02 — Continuous Authentication

Verify every critical action

Continuous Authentication is an advanced paradigm that requires identity verification not only at login, but at the strategic moments when high-impact operations are executed. A bulwark against session hijacking, human error and insider threats.

Session Hijack Mitigation

Even if an attacker gains an active session using compromised credentials, they will be prompted to re-authenticate with "MFA" for every sensitive action.

Insider Threat

Required OTP before any critical configuration changes. No authorized user can bypass control without the registered device.

Error protection

Prevents accidental deletions or modifications by requiring a deliberate verification before execution.

Protected operations

Virtualization

Deleting Virtual Machine
Deleting Image Repository
Elimination of Hypervisor

Data Protection

Modification/deletion Recovery Points
Change Protection Policy
Replication Target Removal

Administration

Delete user account
Edit System Settings
Enable/disable Remote Support

Operational flow

1
L
The system intercepts the action before execution.
2
Identity verification request
Password or TOTP code (if MFA is active for the user).
3
60-second validity window
Subsequent operations do not require new verification within the same interval.
4
Transparent logging
Every verified action is logged in the Tasks section for audit.

Immediate activation

No reboot required. Once enabled from the Security menu, the feature is active for all users in real time.

Who needs Continuous Authentication?

Finance & PA

Sectors with high data sensitivity

Healthcare

GDPR, HIPAA, strict compliance

Critical Infrastructure

Utility, manufacturing, trasporti

03 — Recovery Point Hold

Preserve data beyond of retention policies

The “Hold Recovery Point” feature in SynetoOS lets you manually preserve specific Recovery Points for an extended period, overriding their normal lifecycle. Essential for compliance, audit, testing and Cyber Recovery scenarios.

Protection from deletion

A “held” Recovery Point is protected from two threats:

Automatic deletion by SLA
The retention policy does not remove retained RP entries
Accidental user deletion
The lock icon indicates protected status in the UI.

Use cases

Compliance and audit
Regulatory obligations and legal retention
Forensics
Incident analysis and post-event investigations
Test scenarios
Reproducible data states for validation runs
Troubleshooting
Preservation of critical states for in-depth diagnostics.
Recovery

Set Policy, Stay Protected

Disaster Recovery — application-consistent restore in minutes

1min RPO per VM
20sec recovery time
0backup agents needed
Deploy on standard x86 hardware
Dashboard
SLA policies
Search
1—4 of 4
NameBase freq.VMs ▾
Platinum5 minutes18
Gold4 hours4
Silver1 day1
Bronze1 week0
Platinum
Details
Recovery Point Objective: 5 minutes

Compliance rules

Apply every 5 minutes and keep for
24 hours

With
application-consistent
recovery points
Apply every 1 hour and keep for 7 days
With application-consistent recovery points
Apply every 1 day and keep for 4 weeks
With application-consistent recovery points
Apply every 1 week and keep for 6 months
With crash-consistent recovery points

Apply compliance rules

At any time

Virtual machines with policy

18 virtual machines
dc-prod-01dc-prod-02exchange-01sql-prod-01sql-prod-02+5 more...

How to hold a Recovery Point

1
Virtual Machines
Select the VM from the Virtual machines or Replicas page
2
Tab Recover
Go to the Recover tab and select Scheduled
3
Choose the date
Select the recovery-point date from the calendar
4
Hold recovery point
From the three-dot menu, click Hold recovery point
5
Confirm
At

Important notes

  • Only scheduled Recovery Points can be held
  • During replication, holds on the source node are not transferred to the destination node
  • Upon release, the RP returns immediately to the SLA retention rules

Licensed add-on

Recovery Point Hold is a dedicated add-on of the NIS 2 Package. If the feature is not licensed, related actions appear locked: contact your local service provider to enable it.

Native audit trail

Every critical event, tracked and auditable

Login, MFA challenge, Continuous Auth anomalies and blocked deletion attempts: every event recorded and ready to export to your SIEM.

Dashboard

Audit log — critical events

8 / 8
09:14:23RPH lock[email protected]10.0.4.21

Recovery point deletion attempt blocked

09:12:08MFA[email protected]10.0.4.21

MFA challenge passed (TOTP)

09:11:50Login[email protected]10.0.4.21

Admin login

09:08:14CA alertsystem

Continuous Auth: geographic anomaly detected

08:59:32RPHsystem

Recovery Point Hold activated (90 days)

08:55:01DR[email protected]10.0.4.18

Continuous replication active — RPO 1m

08:43:17Snapshotsystem

Immutable Recovery Point created (db-prod)

08:30:00SIEMsystem

Audit log published to SIEM

NIS 2 Package

Three controls, one unified security posture

MFA, Continuous Authentication and Recovery Point Hold are designed to operate synergistically inside SynetoOS, delivering defense-in-depth aligned with NIS2 and CRA requirements.

MFA

Protects the punto d

Perimeter

Continuous Auth

Protects operations. Blocks session hijacking and unauthorized actions.

Runtime

RP Hold

Protects the data. Preserves critical recovery points for compliance and forensics.

Given

NIS 2 Package

Ready for NIS2 compliance?

Talk to our experts to activate the NIS 2 Package on your SynetoOS appliances and strengthen the security posture of your infrastructure.

Personalized demo

30 minutes with an architect, on your real workload.

Request a demo

Explore NIS2 compliance

Continue the journey, explore related products.

Explore NIS2 compliance