Wedoany.com Report on Feb 28th, Ericsson recently introduced an agentless Endpoint Detection and Response (EDR) capability designed to enhance the cybersecurity level of telecommunications networks and other critical infrastructure. This new service expands Ericsson's Security Manager Extended Detection and Response (XDR) portfolio, enabling continuous threat detection and response without the need to install software agents on production endpoints.

This agentless EDR capability was developed in collaboration with Sandfly Security, specifically targeting Linux-based environments common in telecom core, Radio Access Network (RAN), and edge deployments. In many carrier-grade systems, operators prefer to avoid traditional endpoint agents as they may impact system stability, performance, or uptime. Ericsson's solution provides threat detection, hunting, and forensic visibility by continuously monitoring system behavior in these environments, while ensuring operational integrity remains unaffected.

Commercial availability will be tailored based on customer demand throughout 2026. New Zealand-based Sandfly Security specializes in providing agentless, automated detection and response services for Linux systems. The joint solution is directly integrated into Ericsson's Security Manager XDR, enabling Communication Service Providers (CSPs) and critical infrastructure operators to extend detection coverage without modifying already hardened production systems.

This agentless EDR capability offers several advantages, including advanced Linux threat detection for mission-critical systems, rapid incident investigation and root cause analysis, broad support for commonly used Linux distributions and architectures, and air-gapped and on-premises deployment options for high-security environments.

Keijo Mononen, Head of Security Solutions at Ericsson, stated: "Telecom networks are crucial for the connected world, supporting critical services and infrastructure that must always remain available. By integrating agentless EDR into the Ericsson Security Manager XDR solution, we enhance our customers' detection capabilities and security visibility where traditional endpoint agents are not suitable—strengthening security while maintaining operational continuity."

As 5G standalone cores, Open Radio Access Networks (Open RAN), and edge computing expand the Linux attack surface in distributed infrastructure, telecom operators are strengthening security controls. By embedding agentless Linux monitoring into its XDR platform, Ericsson addresses CSPs' demand for non-intrusive security controls in carrier-grade environments, while competing vendors increasingly position XDR and AI-driven Security Operations Center (SOC) automation as core elements of resilience strategies for 5G and future 6G networks.