DDoS is simply a way to overload services. So, to protect, you use some kind of QoS or application based limiter that slows things down when heavy traffic seems present. In some cases you may be able to figure out the DDoS and limit things specifically.
Brute force attacks are often times focused on services where a username/password are involved. Again, you'll have to craft a response to this specifically. So, if you see so many failed attempts from a source, you could issue a command to your firewall to add a rule to block that source (perhaps just temporarily). As an example of a tool to help with this, look at:
302 Found