The concept of threat hunting, initially, was founded on taking this residue (indicators of compromise, malware, etc.) and ensuring that any of those indicators found in your system were something you'd pursue. They had presence and you needed to find them and root them out. But adversaries have changed...and modified their attacks. [With a lot of the recent cyber attacks] there was no residue, no forensic data and hunting in those environments was blind hunting, which doesn't work well. We have to modify threat hunt now and mature it.
Executive Vice President, LookingGlass