Ericsson introduced an Agentless Endpoint Detection and Response (EDR) capability to strengthen cybersecurity for telecom networks and other mission-critical infrastructure. The new offering expands the Ericsson Security Manager Extended Detection and Response (XDR) portfolio with continuous threat detection and response that does not require software agents to be installed on production endpoints.
The Agentless EDR, developed in partnership with Sandfly Security, targets Linux-based environments common in telecom core, RAN, and edge deployments. In many carrier-grade systems, operators avoid traditional endpoint agents because they can affect system stability, performance, or uptime. Ericsson’s approach continuously monitors system behavior in these environments, providing threat detection, hunting, and forensic visibility while preserving operational integrity.
Commercial availability will align with customer demand throughout 2026. Sandfly Security, based in New Zealand, specializes in agentless, automated detection and response for Linux systems. The joint solution integrates directly into Ericsson Security Manager XDR, enabling communications service providers (CSPs) and critical infrastructure operators to extend detection coverage without modifying hardened production systems.
- Advanced Linux threat detection for mission-critical systems
- Rapid incident investigation and root-cause analysis
- Broad support for widely used Linux distributions and architectures
- Air-gapped, on-premises deployment options for high-security environments
Keijo Mononen, Head of Security Solutions at Ericsson, said: “Telecom networks are essential to the connected world, supporting critical services and infrastructure that must remain available at all times. By integrating Agentless EDR into the Ericsson Security Manager XDR solution, we enhance our customers detection capability and security visibility where traditional endpoint agents are unsuitable — strengthening security while preserving operational continuity.”
🌐 Analysis: Telecom operators are tightening security controls as 5G standalone cores, Open RAN, and edge computing expand the Linux attack surface across distributed infrastructure. By embedding agentless Linux monitoring into its XDR platform, Ericsson aligns with CSP requirements for non-intrusive security controls in carrier-grade environments, while competing vendors increasingly position XDR and AI-driven SOC automation as core elements of 5G and future 6G network resilience strategies.
