My colleague Ben at Datacenter Luxembourg has referred to another tool to reduce brute force attacks. The tool is called fail2ban.
Fail2ban scans log files like /var/log/pwdfail or /var/log/apache/error_log and bans IP that makes too many password failures. It updates firewall rules to reject the IP address. These rules can be defined by the user. Fail2ban can read multiple log files such as sshd or Apache web server ones.