Transitions in the datacenter take time.

It took Unix servers a decade, from 1985 through 1995, to supplant proprietary minicomputers and a lot of mainframe capacity that would have otherwise been bought. And from 1996 through 2001 or so, Sun Microsystems servers set the pace and reaped the profits, although nothing like what IBM mainframes had commanded before them. And in 2001, IBM brought its Power architecture and aggressive pricing to bear an aggression funded by its vast profits from proprietary systems where mission-critical COBOL and RPG applications and their underlying databases and middleware were extremely sticky and over the next decade and a half wiped Hewlett Packard and Sun from the face of the Unix market. IBM rules Unix systems with its AIX-Power platform, but that business is maybe 25X smaller than it was in the Unix heyday.

Starting in 1993, it took about a decade for X86 servers to evolve to become a reasonable and credible alternative to RISC platforms and the Linux operating system, which was a few years behind Intels Pentium Pro and Xeon efforts in the datacenter, evolved alongside the X86 platform to supplant Unix. And from there, the X86/Linux platform crushed the RISC/Unix platform and became the first dominant, general purpose compute substrate in the datacenter, actually fueling the rise of the hyperscalers and cloud builders.

The Internet as we know it could never be built on mainframes, or even RISC/Unix machinery. It was just too damned expensive and the vendors providing RISC/Unix gear had no incentive to cut their prices in half and lose money on the operation. New low-cost suppliers of all of the system and software components had to come into being to lower that cost. AMD came into the X86 market in 2003, but by 2009 had run out of gas and Intel took over from there, exercising what was effectively monopoly power in datacenter compute. And its higher profits and less aggressive server CPU roadmap are the two things that inevitably fostered the competitive threat that Intel did not see until it was way too far along the wrong paths in both chip design and manufacturing and hit the wall with Moores Law, no matter how much Intels top brass protests that Moores Law (where transistors become half expensive every two years) is not dead.

Its dead, or at least dead enough that Nvidia co-founder and chief executive officer, Jensen Huang, is correct in his assessment from last September that it was indeed dead. At this point, who you gonna believe: Jensen Huang or Pat Gelsinger, Intels chief executive officer and a student of the Andy Grove only the paranoid survive school of semiconductor design and manufacturing?

With riches, Intel lost the ability to be paranoid, and became complacent. And its wrong moves in manufacturing research and development, the consequential stall in CPU architecture advancement, in GPU development, and in tangential software acquisitions all compounded.

So here is to hoping, if you are a system architect or a Wall Street investor, that Huang & Co can remain paranoid this year and into the future.

The Nvidia financial presentation that came to light this week that had a roadmap for CPUs, GPUs, and networking, and which we edited for accuracy and which we added DPUs to, had some other interesting charts in it, which got us to thinking about the IT market and Nvidias growing place in it. There was a companion presentation that Collette Kress, Nvidias chief financial officer, gave at the Citi Global Technology Conference on September 7 that also had some money and market food for thought.

Lets start with total addressable market and serviceable addressable market. The entire IT market, speaking very generally and including hardware, software, and services including telecom and data services is projected to be a $4.71 trillion market in 2023, according to the latest numbers from Gartner. The Nvidia TAM does not perfectly overlap this because it not only includes IT, but autonomous machines, which is embedded within a very large industry making cars, trucks, forklifts, robots and other machinery. The forklift market is north of $60 billion this year, the robotic market is somewhere around $40 billion to $75 billion, depending on how you characterize it, and cars and trucks will probably account for somewhere around $1,400 billion if you poke around the Internet and look for stats. So the total addressable market for Nvidia is the compute, visualization, networking, and software part of these markets, which together comprise around $5.7 billion in spending this year. Within that, and what Nvidia is really carving out in its data, is the much smaller $1 trillion opportunity it is chasing within these industries where compute and visualization are needed. One might properly call this Nvidias serviceable addressable market, but this is really somewhere between TAM and SAM. Call it TAM we guess.

Nvidia has spoken a lot of this $1 trillion opportunity, and here Kress broke it down here in 2023:

Now, if you take this TAM of $1 trillion and divide it into Nvidias projected revenues for calendar 2023 of somewhere around $50 billion, that is 5 percent of the TAM as we have defined it. That sure doesnt feel like anything close to monopoly power. But if we restricted the actual TAM and SAM comparison to all accelerated computing and its necessary networking, visualization, and graphics, you would find that Nvidia has a dominant share. Our guess is more than 50 percent but less than the 85 percent threshold that law enforcement concerning monopoly regulation tends to use to determine if a company is a monopoly or not.

And once again, we are not against monopolies, which we think are economic as well as technical situations that arise naturally after a certain amount of consolidation in any industry. We are, however, against unbridled and unregulated monopolies after a certain amount of economic pain from customers and potential competitors is reached. Economic substitution is how we all get around such pain, but it is sometimes not possible to do it at any scale. Like, for instance, when it comes to GPU compute in the datacenter right now. But competitors are ramping up and getting better, and there will be substitution. Fear not.

The $1 trillion referenced above is not the same $1 trillion that Huang & Co talk about when they are discussing the datacenter infrastructure installed base.

Now, this chart says datacenter installed base, but it appears to be plotting out datacenter revenues for all kinds of things. We doubt very much that this chart is gauging the net present value of datacenter gear and adding new gear going into the datacenter and extracting the value of the machines that are retired and then plotting then-current server CPU revenues and Nvidia datacenter revenues against that. This had better be all revenues per year for the categories shown.

Nvidia does say that the spending for server CPUs, servers, network infrastructure, and other datacenter infrastructure is on a calendar year and that the Nvidia datacenter spending is on the nearest calendar year. (Nvidias fiscal 2023 ends in January 2023, and is almost the same thing as calendar 2022, to say it in plain English American.)

If you do the math on that chart above (by measuring the lines with a ruler on the Y axis because there are no dollar or percent figures given), then in fiscal 2024/calendar 2023, Nvidias share of datacenter spending is somewhere around 15 percent.

You will also note in the chart above that server CPU revenues have taken a downward trend send AMD thank you notes as well as the Arm collective while server revenues are up modestly as AMD has doubled its revenues, more or less. We see here as we have showed before how much GPU-accelerated server spending is propping up the server market.

The big story after the GPU crazy is networking, of course, and AI has been very, very good to InfiniBand. Like this:

Based on our model, we think networking represented about $410 million in revenues in Q1 F2021 for Nvidia, and that it grew to $1.64 billion in Q2 F2024 ended in July of this year. If you use the 4X for overall networking growth and the 7X for InfiniBand growth, and measure the share on the bars in the chart, that means the share of Ethernet versus other on the Q1 F2021 stacked bar is not right. It has to be almost perfectly evenly split to have InfiniBand grow by 7X and overall networking grow by 4X. This implies that InfiniBand drove $1.41 billion in sales in Q2 F2024 for Nvidia, but Ethernet And Other drove only $232 million, up 1.1X from Q1 F2021. (We wonder where NVSwitch is accounted for here? Hopefully in Other.)

The only thing growing faster than the datacenter networking business at Nvidia over the same timeframe is the rest of the Nvidia datacenter business, which has grown by a factor of 11.9X since the Mellanox acquisition and which drove $8.68 billon in sales in Q2 F2024.

Nvidia is clearly the leader of accelerated computing, and it probably has another 12 to 18 months of being the undisputed revenue and mindshare leader. But, others are coming with new technologies and lower prices, and this is as unavoidable as the rain that eventually comes to spur on new growth.

Visit link:
Everyone Is Chasing What Nvidia Already Has - The Next Platform

Shabnam Pervez is a thematic analyst at GlobalData. She has been working on the thematic team for over three years, focusing on emerging technology trends in a myriad of different sectors.

Shabnam Pervez: Major cybersecurity challenges within the packaging industry arise from digitalisation. Like other sectors, technology is disrupting the packaging industry. Various technologies can be integrated throughout the value chain to automate processes and gain better insights into customer behaviour. However, understanding and effectively utilising these technologies pose a significant challenge for packaging industry players who are under pressure to keep up with the rapidly changing technological landscape.

Additionally, the future of work presents another challenge as employment dynamics shift. Many businesses are experimenting with hybrid and flexible work strategies, enabled by collaboration tools and cloud computing. These technologies allow employees to work remotely, reducing travel expenses and improving work-life balance. This shift also allows companies to downsize office spaces, lowering real estate costs. However, transitioning to remote and hybrid work models introduces new security challenges as corporate IT has less control over user actions, devices, and software. The Covid-19 pandemic has further accelerated the trend of remote servicing of packaging machinery.

Lastly, businesses across all sectors face the issue of Environmental, Social, and Governance (ESG) considerations. Investors, governments, employees, and customers share the common goal of becoming more sustainable. Companies that prioritise sustainability will reap financial benefits, such as increased share prices and improved customer and partner loyalty. On the other hand, those that neglect sustainability will struggle. In the packaging industry, companies face mounting pressure to use environmentally friendly packaging materials, reduce single-use plastics, and address their carbon emissions. Government regulations, like the UKs Circular Economy Package, dictate sustainability standards favouring recycling and the circular economy. However, ESG encompasses more than just environmental aspects; companies also have a responsibility to care for their customers and employees while ensuring robust corporate governance structures.

Shabnam Pervez: Packaging companies should prioritise cybersecurity across their entire value chain. As the packaging industry undergoes digital transformation, companies at every stage of the value chain are recognising the vulnerabilities present in their supply chains. To address these concerns, they are collaborating with cybersecurity firms to find solutions. Investments in cybersecurity for the packaging industry should focus on essential areas such as threat detection and response, cloud security, data security, vulnerability management, post-breach response services, and risk and compliance. With the increasing use of cloud servers for delivery management and the storage of large amounts of virtual data, packaging companies face the risk of supply chain sabotage if they fail to implement effective cybersecurity measures.

Shabnam Pervez: The manufacturing sector is undergoing rapid digitalisation. According to a survey conducted by the Packaging Machinery Manufacturers Institute (PMMI) in March 2021, approximately 79% of companies have integrated smart technologies into their processing lines, 64% on their assembly lines, and 60% at the end-of-line packaging stage. These numbers are expected to significantly rise as the industry continues to explore and adopt new technologies.

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Your download email will arrive shortly

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

Shabnam Pervez: Certainly not as per IBM, the manufacturing industry is the second most targeted sector by cybercriminals, yet it remains one of the least prepared. The packaging process, which often occurs as the final step in manufacturing, relies heavily on automated machinery, accounting for approximately 60% of end-of-line packaging. The Packaging Machinery Manufacturers Institute (PMMI) reports that in 2020, a staggering 88% of small business owners in the manufacturing sector felt their businesses were susceptible to cyberattacks. Furthermore, 28% of all cybersecurity breaches targeted small businesses, and a distressing 10% of these small businesses were forced to permanently close their doors as a result of such breaches. Consequently, small packaging companies must prioritise the implementation of suitable cybersecurity measures wherever feasible, given their heightened vulnerability as frequent targets of attacks.

Original post:
Cybersecurity in packaging: Q&A with GlobalData thematic analyst - Packaging Gateway

This article is an extract from The Privacy, Data Protection and Cybersecurity Law Review, 10th Edition.Click here for the full guide.

I Introduction

As organisations are embracing remote work culture and formulating their strategies based on data-driven analytics to drive productivity, efficiency and revenue growth, so are the cyber threat actors using 'data as a weapon' to increase the impact of cyberattacks and to gain leverage to fulfil their financial motives. Historically, cyber breaches were a matter of discussion for the information security teams working at the heart of the organisations to run and manage digital assets enabling users to perform their duties, but because of the increasing breaches and harsh implications and the several strict government regulations, the subject has also now made its way to board level in majority of organisations.

As the governments mandate stricter data regulations and reporting timelines it becomes essentially important for the organisations to not only know their regulatory obligations but to also prepare for them and it is equally important for the forensic professionals assisting in the investigation to be able to collect and analyse data enabling the organisations to make informed decisions while responding to regulators and their customers.

In this publication we present an overview of the data exfiltration aspects seen in the top cyberattacks faced by organisations and the common challenges faced during such investigations.

II Overview of regulations related to cyber breaches in China, including Hong Kong

Before we begin with taking a deep dive into the cyberattacks and analysing the data exfiltration aspect, let us examine briefly the prevailing data-related regulations in China.

i The China Cyber Security Law

This law is formulated to (1) ensure cybersecurity; (2) safeguard cyberspace sovereignty and national security, and social and public interests; (3) protect the lawful rights and interests of citizens, legal persons and other organisations; and (4) promote the healthy development of the informatisation of the economy and society. According to the Cyber Security Law (CSL), the organisations impacted by the breach are required to report and notify relevant authorities and affected data subjects of actual or suspected personal information breaches in a timely manner.

ii China's Personal Information Protection Law (PIPL)

Personal information processors are required to 'promptly' notify relevant personal information protection authorities and data subjects in the event a data incident has occurred or is likely to occur. Administrative fine up to 50 million yuan or 5 per cent of the turnover in the last year may apply.

iii China's Data Security Law (DSL)

Applicable to data processing activities carried out within the territory of China and data processing activities conducted outside China that harm China's national security or the public interest, or the legal interests of citizens and organisations in China. Requires organisations to have incident planning. Organisation needs to immediately remediate incidents, promptly notify relevant individuals, and report such data security incidents to the regulator.

iv Personal Data Privacy Ordinance (PDPO), Hong Kong

The Personal Data (Privacy) Ordinance (Cap. 486) (the PDPO) is a set of laws that is technology-neutral and provides a set of data protection principles outlining how data users should collect, handle and use personal data. Data users are required to take steps to ensure that personal data is protected against unauthorised or accidental access, processing, erasure, loss or use, if data breaches or leaks were to occur.

v Privacy Commissioner for Personal Data, Hong Kong

The Privacy Commissioner for Personal Data (PCPD) recommends the filling in of a data breach notification as the recommended practice for proper handling of such incidents.

III Analysing data exfiltration aspects of common cyber incidents faced by organisations

Multiple regulations focused on data privacy and breach notification are in place to mandate reporting and motivating organisations to improve their cybersecurity position, which allow for understanding of the various aspects of data exfiltrations during typical cyberattacks faced by organisations and the key challenges faced during investigations.

i Data compromise in a business email compromise breach

Email-based attacks have been on a constant rise, with a steeper rise seen during the pandemic. As the situation evolved, the threat actors changed their lures to more relatable pandemic-related themes to bank on the uncertainty and changing anti-pandemic measures increasing their chances of baiting their victims. Business email compromise is a cyberattack that involves threat actors gaining access to victims' mailboxes and carrying out a financial transaction by hijacking or creating an existing email chain and tricking the victim into making a fund transfer to a bank controlled by the threat actors. In the process of executing the attack, to reach a final motive of making financial gains, the threat actors modify the bank account details on a legitimate pending invoice and trick the victim into transferring funds to the threat actors' bank account.

While it is clear how the threat actors target and execute the attack, the attack also encompasses several other information discovery steps taken by the threat actors. From our analysis and information collected from public threat reports of multiple similar breaches, we have noted that threat actors prior to carrying out the final impact of the attack that is, the financial transaction gathered and reviewed emails and files that may have contained financial information such as pending bills, customer details, etc. In addition to data review to understand the language, terminology or writing style used within the organisation, they also gathered and replicated the user mailboxes to offline access and accessed global address lists (GAL) containing contact cards of all employees of the organisation. The details captured by the threat actors from GAL or from the files and emails accessed may contain details of customers, personal information, sensitive information and may give the threat actors the ability to carry out further cyberattacks based on information collected.

The key challenges in the investigations related to business email compromise cases are as follows:

Case study: business email compromise scam causing a financial impact of over US$5 million

We were engaged by one of our clients in mainland China to investigate a business email compromise attack that resulted in payments of over US$5 million in fraudulent transactions. During our investigation, we noted that the threat actors were able to gain access to the mailbox of several finance team members over a period of four months prior to the initiation of the fraudulent transaction. A common technique used by the threat actors during this campaign for maintaining access to information was forwarding a copy of incoming emails to the email controlled by the threat actors by using an email forwarding rule as a method of data exfiltration. During our review, we noted multiple simultaneous ongoing conversation chains hijacked by the threat actors and were nearing agreements on payments which were then stopped by our team, mitigating a cumulative loss of about US$8 million. On the advice of the clients' legal counsel, potential data exfiltrated was reviewed to determine the nature of information exfiltrated and accordingly impacted customers were notified about the information (such as proforma invoices, letter heads with declarations, etc.) that may have been exfiltrated and stored by the threat actors.

ii Data compromise in a ransomware breach

Threat actors have been increasingly targeting organisations with ransomware and part of the attack locks the files in the system and exfiltrates data from the organisation with a threat to make it public or force organisations to pay and avoid leak. According to Verizon's data breach report 2022,2 ransomware has increased on an upward trend of 13 per cent. The threat actors before exfiltrating data try to identify valuable data in the organisation network to encrypt and exfiltrate the data. In a typical ransomware investigation done by our team, we have noted the use of public file storage websites and cloud servers as one of the file storage methods used by the threat actors.

The key challenges faced during investigations of ransomware cases are outlined below.

Inadequate or absence of network and endpoint visibility leading to gaps in timeline analysis

Systems event logs are available in all operating systems and capture system activity and actions based on the level of verbosity configured. The system logs are used for gathering and determining operating system level activity such as exploitation or malicious activities during a forensic review and provide details of when the activity occurred but the lack of in-depth visibility such as the amount of data transferred over the network, files transferred over USB, etc. leads to gaps in answering questions around files transferred over network or USBs, etc., and can be mitigated by using external software to collect and monitor such logs because of a lack of availability of such logs within the commonly used operating systems.

Unreliable timestamps and file metadata because of encryption

Typically, in a ransomware incident, threat actors exfiltrate data and execute ransomware to encrypt the files, which leads to an update in the file metadata such as 'file modified date'. Due to this filesystem activity, the file metadata becomes unusable for the forensic reviewer and questions such as number of files accessed by threat actors before encryption or files modified before encryption to identify potential malicious activity may not be answered accurately.

Loss of system artifacts becqause of anti-forensic techniques used by threat actors

Threat actors frequently use anti-forensic techniques to evade leaving footprints of the actions carried out by them to delay creation of counter measures by security companies, evade detection of malware and actions performed by the threat actors. From our experience of investigation, sophisticated attacks and information gained from analysis of various reputed threat reports, it was noted that commonly employed anti-forensic measures include clearing of system logs, deletion of malicious files post execution, high obfuscation of the malicious code and malware capability of self-destruction on receiving commands from the threat actors. These anti-forensic techniques lead to loss in the system artifacts and files impacting the root cause analysis resulting in gaps establishing the timeline of events that may have occurred.

The use of the outdated GeoIP database (GeoIP data contains mapping of IP addresses with their allocated country IP range and autonomous system numbers mapping the IP addresses to the organisations controlling the IP blocks) on firewalls leading to enrichment of connecting IP addresses with inaccurate geolocation, ASN organisation, ISP details, etc. Information leading to miscalculation during statical analysis based on these factors, for example: an outdated entry in the GeoIP database for a malicious IP address allocated to a highly reputed ASN org or internet service provider can lead to exclusion of connection from further scrutiny by the forensic analyst because of the reputation of the ASN organisation controlling the IP address block.

The lack of internal network telemetry amd NetFlow data leads to gaps in visibility of lateral movement across devices in the network. One of the tactics used by the threat actors after gaining access to the compromised endpoint is to carry out several discovery steps to identify potential data of importance to the organisation within the network and in some cases dump the collected data to exfiltrate. Limited details of such connection events are stored in operating system logs for connections that are made using an operating system's inbuilt functions and services but lack overall visibility in the amount of data transferred, the method used for connections and may lack any information at all if a custom tool is deployed by the threat actors for data movement and accessing computer systems within the network.

There are jurisdictional issues faced by the law enforcement agencies in securing access to cloud servers used by threat actors. Usage of cloud-based systems has been noted by the threat actors for hosting command and control infrastructure, data exfiltration destination, etc. from our experience in such investigations. In an event where a law enforcement action is involved to cease and desist the servers (based on the server IP address) used by the threat actors, the law enforcement agencies often face challenges because of jurisdictional issues and the inherent nature of the cloud server provisioning that enables the cloud service subscription holder to deploy servers at or for a short duration and the cloud service provider may provide the same IP address to another customer who may not be related to the incident.

Case study: A ransomware incident impacting a client in the mainland China office and Hong Kong

In a recent case investigated by our team, one of our clients in mainland China was impacted by a ransomware incident leading to encryption of systems across several Mainland China offices and Hong Kong region because of the interconnectivity of the networks. We were engaged as first responders to identify the root cause of the incident, gaps exploited by the threat actors and identify data exfiltration activity. During our review, we identified the initial access was carried out by the threat actors using an exposed remote desktop application which was followed by data exfiltration and encryption of files as final impact. During this review, our team carried out digital forensics and identified the threat actors' actions but could not determine the exact number of files accessed by the threat actors as the metadata was updated as a result of file encryption and a fallback method was used after discussion with the clients' legal counsel to determine the activity by relying upon the fact that if a system was accessed by the threat actor, the data was considered as exfiltrated. In other instances where our clients had more network visibility and endpoint logs, the data exfiltration has been very accurate as the logs provide more details of the various processes executed by the threat actors and contain details of the volume of data transferred in terms of packets during execution of the attack.

iii Data compromise because of cloud misconfigurations

As more and more organisations are shifting towards adaptation of cloud infrastructure to expand to scalable operations, utilising cutting-edge interactive web applications functioning on the user behaviour matrix, it was noted in various threat reports that some of the aspects of cloud security have been challenging for the IT professionals working in traditional on-premises infrastructure that gave more control. In the recent IBM Cost of a Data Breach Report 2022,3 the cost of breaches as a result of cloud misconfigurations to totalled US$4.14 million. Some of the impacts because of cloud misconfiguration result in data loss, access to sensitive or personal information, credentials or API keys, which can in turn be used to further access computer systems in the IT environment.

Key challenges faced during investigation are outlined below.

Lack of application logs

Application logs for a web application capture details of system events and actions performed by the users depending upon the configuration. The details captured in the logs can be a useful source to determine the impact of the malicious actions performed in addition to the logs from the webserver or load balancer, which capture limited details of interaction with the application based on the web requests and not the details of the events themselves in the web application.

Lack of cloud server logs for extensive periods

As organisations are moving towards more digitalisation and usage of cloud systems to reduce overheads and automate workflows, this leads to an increase in the usage of cloud systems. The cloud systems are natively designed on optimising performance and tend to provide limited storage space to manage the cost factor. The limited storage on cloud servers and gaps in the technical understanding of the administrators and the logs of such systems are in general kept for short durations on the systems for the best utilisation of storage as other types of data such as databases or code are also stored, leading to availability of a limited period of logs.

Difficulties in forensic image creation of the storage as compared with traditional hard drives

Cloud system (server) file storage is different in architecture than the traditional hard drives obtained in computer systems. The forensic preservation of cloud server storage poses a variety of challenges for the forensic analysts to efficiently collect images without compromising the integrity of the evidence files. Some of the cloud infrastructure providers may offer methods to download the existing operating system image as a virtual machine as part of the backup functionality, which can be used by the forensic analyst as an image because it is system-generated, indicating no possibility to tamper with it during creation and it contains the image hashes but in some cloud infrastructure providers may not provide such backup methods, posing a challenge for forensic collection and limiting the possibility of retrieving deleted evidence, which may in turn impact the investigation.

Case study: Investigation of a compromised web application

We investigated an incident related to an exposed vulnerable web application that was exploited by the attackers to gain initial access. The breach was identified because of security alerts to the storage by the IT security team. During our root-cause analysis, it was noted that the application was vulnerable for at least eight months before exploitation but as a result of the limitation of logs, previous instances of other security breaches resulting from the vulnerability were not discovered, leading to gaps in the investigation and stronger mitigation measures.

iv Data compromise as a result of insider data theft

Insider data thefts have been on a constant rise. With organisations working remotely, instances of such cases are increasing. Analysis of a recent news story4 also indicates potential advertisements by ransomware-related threat actors for rewarding insiders willing to enable the groups in introducing malware to internal systems.

The key challenges are as follows:

v Good practice to utilise to mitigate challenges during forensic investigations

To investigate a cyber incident and gain visibility of actions performed by the threat actors, digital evidence from computer systems and log files serves as a vital source to understand the activities of the threat actor and to determine data exfiltration activity. We list below some of the best practices for maintaining and preserving the critical digital evidence:

Read this article:
The Privacy, Data Protection and Cybersecurity Law Review ... - Lexology

Cutipol Goa salad set

Designed by Jos Joaquim Ribeiro and made by a family-owned business in the village of Sao Martinho de Sande in Portugal, Cutipols Goa salad set features a brushed stainless-steel spoon and fork with contrasting resin handles. Slim and minimalist, theyll add a touch of effortless chic to any refined dining experience. $98

@mudaustralia

Melbourne-based homewares label Fazeek has a track record of creating curvaceous colour-loving glassware. Following suit, its salad servers are made of hand-blown borosilicate glass, with elongated handles that lead to softly rounded spoons. Available in three playful colourways: pink and green, clear and amber, and lilac and teal. $89

Handmade from resin in its Strawberry Hills studio, iconic Sydney label Dinosaur Designs stone servers come in 26 striking hues, from solid colours to textured, marble-like swirls. Go for hot-pink Flamingo, the dappled greys of Abalone, or Sky a mix of blue and white inspired by the vapour of early evening skies. $125

@dinosaur_designs

Loosely resembling the claws of a friendly lobster, cult Sydney-born label Maison Balzacs Cloud serving spoons are made of bamboo polymer with a soft, matte finish. Lightweight yet highly durable, theyre also biodegradable and designed to add a bit of whimsy to your table. Available in sky blue and beige. $49

@maisonbalzac

Known for Aussie-style understated luxury, Country Roads approach to salad servers is unsurprisingly chic. The Nolan features a minimalist design with tapered handles and sleek spoons a timeless style for seasons of dinner parties. Made of high-quality stainless steel in three neutral finishes: soft gold, brushed silver and shiny graphite. $59.95

@countryroad

Wooden salad servers are always a classic. Turkish-inspired, Sydney-based label Saardes are handcrafted using natural olive wood from pruned branches and dead trunks. With a simple pared-back design, the woods textured character does most of the heavy lifting, style-wise. Each piece gets darker and richer in colour as it ages. $45

@saardehome

Looking for more carefully curated buys for your home? Read here.

This article first appeared in Domain Review, in partnership with Broadsheet.

Continued here:
Six To Try: Salad Servers That Make Even Iceberg Lettuce Look ... - Broadsheet