Pegacloud Brute Force Attack Prevention?
Hi Community,
The customer runs an application in the Pegacloud. Customer's architect found in the services description somewhere that a kind of basic Brute Force Attack protection is available OOTB in Pegacloud. (As per my understanding, this is related to repeated access attempts with generated or guessed credentials and hence different from DoS attacks.)
1) Is there any more specific documentation about what is actually protected and how?
- Logon servlet?
- SSO servlet?
- PRCustomAuth?
- IAC / exposed forms?
- REST / SOAP via HTTPS?
- others...?
2) Is there any recommendation or guide how to perform additional configuration for increasing security in terms of brute force attacks? Or is the customer even required to cover certain scenarios by himself? (Thinking of SSO or IAC...)
Appreciate any "official" statement from Pegasystems regarding the brute force attack protection capabilities of Pegacloud.
Thank you,
Lars