The customer runs an application in the Pegacloud. Customer's architect found in the services description somewhere that a kind of basic Brute Force Attack protection is available OOTB in Pegacloud. (As per my understanding, this is related to repeated access attempts with generated or guessed credentials and hence different from DoS attacks.)
1) Is there any more specific documentation about what is actually protected and how?
- Logon servlet?
- SSO servlet?
- IAC / exposed forms?
- REST / SOAP via HTTPS?
2) Is there any recommendation or guide how to perform additional configuration for increasing security in terms of brute force attacks? Or is the customer even required to cover certain scenarios by himself? (Thinking of SSO or IAC...)
Appreciate any "official" statement from Pegasystems regarding the brute force attack protection capabilities of Pegacloud.
Similar to your other question on Pega Cloud security, we recommend that you create an SR with Pega Global Customer Support team. (Here, we are assuming that you have gone through the related information on PDN before posting here.) This will enable you to start a discussion that would help Answer your questions on Security. Answering them over this community is not advisable. Do mention the URL of this post while creating the SR.
Since you are a Pega employee, I will send you an Outlook email with more details!