Brute force attacks are tries by attacker to login and steal the data from accounts. Actually they apply different combination of alphanumerics and try till the exact password they got.
Preventions like lockout the account after login failed or lockout the IP which is trying to login somehow work but not better.
You can try to set up an auto question prior for two to three login failed that defend your account.